LONE(r0, 0x6364, &(0x7f0000000000)) 01:45:11 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000006000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 518.373698][T17766] memory: usage 1376kB, limit 0kB, failcnt 67 [ 518.381030][T17766] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 518.421523][T17766] Memory cgroup stats for /syz2: [ 518.421632][T17766] anon 45056 [ 518.421632][T17766] file 102400 [ 518.421632][T17766] kernel_stack 0 [ 518.421632][T17766] slab 1548288 [ 518.421632][T17766] sock 0 [ 518.421632][T17766] shmem 45056 [ 518.421632][T17766] file_mapped 0 [ 518.421632][T17766] file_dirty 0 [ 518.421632][T17766] file_writeback 0 [ 518.421632][T17766] anon_thp 0 [ 518.421632][T17766] inactive_anon 131072 [ 518.421632][T17766] active_anon 45056 [ 518.421632][T17766] inactive_file 0 [ 518.421632][T17766] active_file 0 [ 518.421632][T17766] unevictable 0 [ 518.421632][T17766] slab_reclaimable 540672 [ 518.421632][T17766] slab_unreclaimable 1007616 [ 518.421632][T17766] pgfault 30360 [ 518.421632][T17766] pgmajfault 0 [ 518.421632][T17766] workingset_refault 0 [ 518.421632][T17766] workingset_activate 0 [ 518.421632][T17766] workingset_nodereclaim 0 [ 518.421632][T17766] pgrefill 33 [ 518.421632][T17766] pgscan 0 [ 518.421632][T17766] pgsteal 0 [ 518.421632][T17766] pgactivate 0 [ 518.873973][T17766] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17766,uid=0 [ 518.889937][T17766] Memory cgroup out of memory: Killed process 17766 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 518.910296][ T1065] oom_reaper: reaped process 17766 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 01:45:12 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000006800}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:12 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:12 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 520.222989][T17817] IPVS: ftp: loaded support on port[0] = 21 [ 520.423765][T17817] chnl_net:caif_netlink_parms(): no params data found [ 520.452328][T17817] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.460317][T17817] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.468421][T17817] device bridge_slave_0 entered promiscuous mode [ 520.545115][T17817] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.552283][T17817] bridge0: port 2(bridge_slave_1) entered disabled state [ 520.560140][T17817] device bridge_slave_1 entered promiscuous mode [ 520.579662][T17817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.590747][T17817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.612421][ T21] device bridge_slave_1 left promiscuous mode [ 520.618809][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 520.664881][ T21] device bridge_slave_0 left promiscuous mode [ 520.671078][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 522.554368][ T21] device hsr_slave_0 left promiscuous mode [ 522.623723][ T21] device hsr_slave_1 left promiscuous mode [ 522.711900][ T21] team0 (unregistering): Port device team_slave_1 removed [ 522.727420][ T21] team0 (unregistering): Port device team_slave_0 removed [ 522.738279][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 522.777933][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 522.871674][ T21] bond0 (unregistering): Released all slaves [ 522.979513][T17817] team0: Port device team_slave_0 added [ 522.988308][T17817] team0: Port device team_slave_1 added [ 523.066822][T17817] device hsr_slave_0 entered promiscuous mode [ 523.104061][T17817] device hsr_slave_1 entered promiscuous mode [ 523.143736][T17817] debugfs: Directory 'hsr0' with parent '/' already present! [ 523.191089][T17817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 523.202829][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 523.211325][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 523.224235][T17817] 8021q: adding VLAN 0 to HW filter on device team0 [ 523.292734][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 523.302142][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 523.311178][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 523.318294][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 523.336200][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 523.344709][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 523.356502][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 523.368967][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 523.376081][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 523.391084][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 523.400448][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 523.431650][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 523.442071][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 523.456695][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 523.469315][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 523.480898][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 523.498070][T17817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 523.515644][T17817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 523.530024][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 523.542985][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 523.581655][T17817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 523.846243][T17825] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 523.857007][T17825] CPU: 1 PID: 17825 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 523.866115][T17825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.876173][T17825] Call Trace: [ 523.879467][T17825] dump_stack+0x172/0x1f0 [ 523.883798][T17825] dump_header+0x177/0x1152 [ 523.888307][T17825] ? pagefault_out_of_memory+0x11c/0x11c [ 523.893941][T17825] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 523.899751][T17825] ? ___ratelimit+0x60/0x595 [ 523.904334][T17825] ? do_raw_spin_unlock+0x57/0x270 [ 523.909471][T17825] oom_kill_process.cold+0x10/0x15 [ 523.914583][T17825] out_of_memory+0x334/0x1340 [ 523.919262][T17825] ? __sched_text_start+0x8/0x8 [ 523.924112][T17825] ? oom_killer_disable+0x280/0x280 [ 523.929319][T17825] mem_cgroup_out_of_memory+0x1d8/0x240 [ 523.934867][T17825] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 523.940501][T17825] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 523.946309][T17825] ? cgroup_file_notify+0x140/0x1b0 [ 523.951506][T17825] memory_max_write+0x262/0x3a0 [ 523.956362][T17825] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 523.963121][T17825] ? lock_acquire+0x190/0x410 [ 523.967796][T17825] ? kernfs_fop_write+0x227/0x480 [ 523.972825][T17825] cgroup_file_write+0x241/0x790 [ 523.977763][T17825] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 523.984521][T17825] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 523.990165][T17825] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 523.995802][T17825] kernfs_fop_write+0x2b8/0x480 [ 524.000654][T17825] __vfs_write+0x8a/0x110 [ 524.004983][T17825] ? kernfs_fop_open+0xd80/0xd80 [ 524.009919][T17825] vfs_write+0x268/0x5d0 [ 524.014162][T17825] ksys_write+0x14f/0x290 [ 524.018493][T17825] ? __ia32_sys_read+0xb0/0xb0 [ 524.023266][T17825] ? do_syscall_64+0x26/0x760 [ 524.027942][T17825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 524.034004][T17825] ? do_syscall_64+0x26/0x760 [ 524.038691][T17825] __x64_sys_write+0x73/0xb0 [ 524.043283][T17825] do_syscall_64+0xfa/0x760 [ 524.047787][T17825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 524.053683][T17825] RIP: 0033:0x459879 [ 524.057575][T17825] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 524.077171][T17825] RSP: 002b:00007fcc21443c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 524.085577][T17825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 524.093546][T17825] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 524.101513][T17825] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 524.109479][T17825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc214446d4 [ 524.117453][T17825] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 524.130975][T17825] memory: usage 4272kB, limit 0kB, failcnt 59 [ 524.137489][T17825] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 524.144762][T17825] Memory cgroup stats for /syz5: [ 524.145772][T17825] anon 2174976 [ 524.145772][T17825] file 0 [ 524.145772][T17825] kernel_stack 65536 [ 524.145772][T17825] slab 2220032 [ 524.145772][T17825] sock 16384 [ 524.145772][T17825] shmem 28672 [ 524.145772][T17825] file_mapped 0 [ 524.145772][T17825] file_dirty 0 [ 524.145772][T17825] file_writeback 0 [ 524.145772][T17825] anon_thp 2097152 [ 524.145772][T17825] inactive_anon 0 [ 524.145772][T17825] active_anon 2174976 [ 524.145772][T17825] inactive_file 61440 [ 524.145772][T17825] active_file 0 [ 524.145772][T17825] unevictable 176128 [ 524.145772][T17825] slab_reclaimable 811008 [ 524.145772][T17825] slab_unreclaimable 1409024 [ 524.145772][T17825] pgfault 23859 [ 524.145772][T17825] pgmajfault 0 [ 524.145772][T17825] workingset_refault 0 [ 524.145772][T17825] workingset_activate 0 [ 524.145772][T17825] workingset_nodereclaim 0 [ 524.145772][T17825] pgrefill 0 [ 524.145772][T17825] pgscan 0 [ 524.145772][T17825] pgsteal 0 [ 524.145772][T17825] pgactivate 0 [ 524.244531][T17825] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17824,uid=0 [ 524.262776][T17825] Memory cgroup out of memory: Killed process 17824 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 524.284423][ T1065] oom_reaper: reaped process 17824 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:45:18 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:18 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8901, &(0x7f0000000000)) 01:45:18 executing program 3: request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$update(0x2, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$lock(r0, 0x0, 0x0) 01:45:18 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0j', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:18 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:18 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000006c00}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 524.611327][T17817] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 524.655304][T17817] CPU: 1 PID: 17817 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 524.664437][T17817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.674495][T17817] Call Trace: [ 524.677792][T17817] dump_stack+0x172/0x1f0 [ 524.682139][T17817] dump_header+0x177/0x1152 [ 524.686649][T17817] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 524.692454][T17817] ? ___ratelimit+0x2c8/0x595 [ 524.697141][T17817] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 524.702962][T17817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 524.708250][T17817] ? trace_hardirqs_on+0x67/0x240 [ 524.713812][T17817] ? pagefault_out_of_memory+0x11c/0x11c [ 524.720834][T17817] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 524.727091][T17817] ? ___ratelimit+0x60/0x595 [ 524.731685][T17817] ? do_raw_spin_unlock+0x57/0x270 [ 524.736801][T17817] oom_kill_process.cold+0x10/0x15 [ 524.741919][T17817] out_of_memory+0x334/0x1340 [ 524.746606][T17817] ? lock_downgrade+0x920/0x920 [ 524.751464][T17817] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 524.757290][T17817] ? oom_killer_disable+0x280/0x280 [ 524.762517][T17817] mem_cgroup_out_of_memory+0x1d8/0x240 [ 524.768069][T17817] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 524.773733][T17817] ? do_raw_spin_unlock+0x57/0x270 [ 524.780309][T17817] ? _raw_spin_unlock+0x2d/0x50 [ 524.785166][T17817] try_charge+0xf4b/0x1440 [ 524.789597][T17817] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 524.795153][T17817] ? percpu_ref_tryget_live+0x111/0x290 [ 524.800732][T17817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 524.806989][T17817] ? __kasan_check_read+0x11/0x20 [ 524.812049][T17817] ? get_mem_cgroup_from_mm+0x156/0x320 [ 524.817613][T17817] mem_cgroup_try_charge+0x136/0x590 [ 524.822913][T17817] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 524.829167][T17817] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 524.834808][T17817] wp_page_copy+0x41e/0x1600 [ 524.839402][T17817] ? find_held_lock+0x35/0x130 [ 524.844179][T17817] ? follow_pfn+0x2a0/0x2a0 [ 524.848691][T17817] ? lock_downgrade+0x920/0x920 01:45:18 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 524.853552][T17817] ? swp_swapcount+0x540/0x540 [ 524.858339][T17817] ? __kasan_check_read+0x11/0x20 [ 524.863372][T17817] ? do_raw_spin_unlock+0x57/0x270 [ 524.868497][T17817] do_wp_page+0x499/0x14d0 [ 524.872922][T17817] ? finish_mkwrite_fault+0x570/0x570 [ 524.878299][T17817] __handle_mm_fault+0x22f1/0x3f20 [ 524.883413][T17817] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 524.888970][T17817] ? __kasan_check_read+0x11/0x20 [ 524.894003][T17817] handle_mm_fault+0x1b5/0x6c0 [ 524.898784][T17817] __do_page_fault+0x536/0xdd0 01:45:18 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000007400}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 524.903559][T17817] do_page_fault+0x38/0x590 [ 524.908073][T17817] page_fault+0x39/0x40 [ 524.912231][T17817] RIP: 0033:0x430956 [ 524.916129][T17817] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 524.935824][T17817] RSP: 002b:00007ffcd0d4b060 EFLAGS: 00010206 [ 524.941889][T17817] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 01:45:18 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8902, &(0x7f0000000000)) 01:45:18 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 524.952362][T17817] RDX: 0000555556701930 RSI: 0000555556709970 RDI: 0000000000000003 [ 524.960335][T17817] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556700940 [ 524.968308][T17817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 524.976276][T17817] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 525.000001][T17817] memory: usage 1852kB, limit 0kB, failcnt 67 [ 525.052183][T17817] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 525.113723][T17817] Memory cgroup stats for /syz5: [ 525.113822][T17817] anon 0 [ 525.113822][T17817] file 0 [ 525.113822][T17817] kernel_stack 0 [ 525.113822][T17817] slab 2220032 [ 525.113822][T17817] sock 16384 [ 525.113822][T17817] shmem 28672 [ 525.113822][T17817] file_mapped 0 [ 525.113822][T17817] file_dirty 0 [ 525.113822][T17817] file_writeback 0 [ 525.113822][T17817] anon_thp 0 [ 525.113822][T17817] inactive_anon 0 [ 525.113822][T17817] active_anon 0 [ 525.113822][T17817] inactive_file 61440 [ 525.113822][T17817] active_file 0 01:45:18 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000007a00}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:18 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 525.113822][T17817] unevictable 176128 [ 525.113822][T17817] slab_reclaimable 811008 [ 525.113822][T17817] slab_unreclaimable 1409024 [ 525.113822][T17817] pgfault 23859 [ 525.113822][T17817] pgmajfault 0 [ 525.113822][T17817] workingset_refault 0 [ 525.113822][T17817] workingset_activate 0 [ 525.113822][T17817] workingset_nodereclaim 0 [ 525.113822][T17817] pgrefill 0 [ 525.113822][T17817] pgscan 0 [ 525.113822][T17817] pgsteal 0 [ 525.113822][T17817] pgactivate 0 [ 525.452759][T17817] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17817,uid=0 [ 525.493756][T17817] Memory cgroup out of memory: Killed process 17817 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 525.529126][T17852] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 525.529330][ T1065] oom_reaper: reaped process 17817 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 525.547471][T17852] CPU: 1 PID: 17852 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 525.559652][T17852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 525.569710][T17852] Call Trace: [ 525.573004][T17852] dump_stack+0x172/0x1f0 [ 525.577345][T17852] dump_header+0x177/0x1152 [ 525.581869][T17852] ? pagefault_out_of_memory+0x11c/0x11c [ 525.587507][T17852] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 525.593316][T17852] ? ___ratelimit+0x60/0x595 [ 525.597907][T17852] ? do_raw_spin_unlock+0x57/0x270 [ 525.603026][T17852] oom_kill_process.cold+0x10/0x15 [ 525.608157][T17852] out_of_memory+0x334/0x1340 [ 525.612848][T17852] ? oom_killer_disable+0x280/0x280 [ 525.618068][T17852] mem_cgroup_out_of_memory+0x1d8/0x240 [ 525.623629][T17852] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 525.629272][T17852] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 525.635081][T17852] ? cgroup_file_notify+0x140/0x1b0 [ 525.640290][T17852] memory_max_write+0x262/0x3a0 [ 525.645153][T17852] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 525.651923][T17852] ? cgroup_file_write+0x86/0x790 [ 525.656949][T17852] cgroup_file_write+0x241/0x790 [ 525.661896][T17852] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 525.668659][T17852] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 525.674301][T17852] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 525.679932][T17852] kernfs_fop_write+0x2b8/0x480 [ 525.684787][T17852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 525.691033][T17852] __vfs_write+0x8a/0x110 [ 525.695365][T17852] ? kernfs_fop_open+0xd80/0xd80 [ 525.700302][T17852] vfs_write+0x268/0x5d0 [ 525.704545][T17852] ksys_write+0x14f/0x290 [ 525.708884][T17852] ? __ia32_sys_read+0xb0/0xb0 [ 525.713651][T17852] ? do_syscall_64+0x26/0x760 [ 525.718328][T17852] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 525.724483][T17852] ? do_syscall_64+0x26/0x760 [ 525.729164][T17852] __x64_sys_write+0x73/0xb0 [ 525.733762][T17852] do_syscall_64+0xfa/0x760 [ 525.738274][T17852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 525.744163][T17852] RIP: 0033:0x459879 [ 525.748057][T17852] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 525.767687][T17852] RSP: 002b:00007ff46b934c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.776283][T17852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 525.784264][T17852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 525.792245][T17852] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 525.800230][T17852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff46b9356d4 [ 525.808210][T17852] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 525.831720][T17852] memory: usage 5156kB, limit 0kB, failcnt 75 [ 525.839887][T17852] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 525.851642][T17852] Memory cgroup stats for /syz3: [ 525.852595][T17852] anon 2162688 [ 525.852595][T17852] file 192512 [ 525.852595][T17852] kernel_stack 65536 [ 525.852595][T17852] slab 3080192 [ 525.852595][T17852] sock 0 [ 525.852595][T17852] shmem 12288 [ 525.852595][T17852] file_mapped 0 [ 525.852595][T17852] file_dirty 135168 [ 525.852595][T17852] file_writeback 0 [ 525.852595][T17852] anon_thp 2097152 [ 525.852595][T17852] inactive_anon 135168 [ 525.852595][T17852] active_anon 2162688 [ 525.852595][T17852] inactive_file 81920 [ 525.852595][T17852] active_file 0 [ 525.852595][T17852] unevictable 0 [ 525.852595][T17852] slab_reclaimable 1216512 [ 525.852595][T17852] slab_unreclaimable 1863680 [ 525.852595][T17852] pgfault 24288 [ 525.852595][T17852] pgmajfault 0 [ 525.852595][T17852] workingset_refault 0 [ 525.852595][T17852] workingset_activate 0 [ 525.852595][T17852] workingset_nodereclaim 0 [ 525.852595][T17852] pgrefill 33 [ 525.852595][T17852] pgscan 254 [ 525.852595][T17852] pgsteal 220 [ 525.947328][T17852] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17846,uid=0 [ 525.965111][T17852] Memory cgroup out of memory: Killed process 17846 (syz-executor.3) total-vm:72576kB, anon-rss:2192kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 525.987554][ T1065] oom_reaper: reaped process 17846 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB 01:45:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:19 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8903, &(0x7f0000000000)) 01:45:19 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:19 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c0000000000f000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 526.979377][T17873] IPVS: ftp: loaded support on port[0] = 21 [ 527.184917][T17873] chnl_net:caif_netlink_parms(): no params data found [ 527.213106][T17873] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.220513][T17873] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.228670][T17873] device bridge_slave_0 entered promiscuous mode [ 527.302289][T17873] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.309583][T17873] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.317678][T17873] device bridge_slave_1 entered promiscuous mode [ 527.400667][T17873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.411878][T17873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.432814][T17873] team0: Port device team_slave_0 added [ 527.440185][T17873] team0: Port device team_slave_1 added [ 527.447659][ T3079] device bridge_slave_1 left promiscuous mode [ 527.454595][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.504518][ T3079] device bridge_slave_0 left promiscuous mode [ 527.510718][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.394283][ T3079] device hsr_slave_0 left promiscuous mode [ 529.443873][ T3079] device hsr_slave_1 left promiscuous mode [ 529.521516][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 529.538748][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 529.549807][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 529.608083][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 529.680601][ T3079] bond0 (unregistering): Released all slaves [ 529.826880][T17873] device hsr_slave_0 entered promiscuous mode [ 529.864991][T17873] device hsr_slave_1 entered promiscuous mode [ 529.903782][T17873] debugfs: Directory 'hsr0' with parent '/' already present! [ 529.951428][T17873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.968010][T17873] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.976371][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 529.984477][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 530.028959][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 530.037921][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 530.051157][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.058278][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 530.072128][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 530.081093][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 530.090108][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.097222][ T9063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.114287][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 530.122310][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 530.131779][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 530.142190][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 530.158329][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 530.183695][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 530.191657][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 530.207333][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 530.219812][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 530.230819][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 530.243088][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 530.262187][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 530.280080][T17873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 530.321963][T17873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 530.638748][T17881] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 530.655273][T17881] CPU: 0 PID: 17881 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 530.664403][T17881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.674457][T17881] Call Trace: [ 530.677753][T17881] dump_stack+0x172/0x1f0 [ 530.682087][T17881] dump_header+0x177/0x1152 [ 530.686598][T17881] ? pagefault_out_of_memory+0x11c/0x11c [ 530.692223][T17881] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 530.698035][T17881] ? ___ratelimit+0x60/0x595 [ 530.702617][T17881] ? do_raw_spin_unlock+0x57/0x270 [ 530.707731][T17881] oom_kill_process.cold+0x10/0x15 [ 530.712841][T17881] out_of_memory+0x334/0x1340 [ 530.717515][T17881] ? __sched_text_start+0x8/0x8 [ 530.722383][T17881] ? oom_killer_disable+0x280/0x280 [ 530.727586][T17881] mem_cgroup_out_of_memory+0x1d8/0x240 [ 530.733126][T17881] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 530.738771][T17881] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 530.744572][T17881] ? cgroup_file_notify+0x140/0x1b0 [ 530.749772][T17881] memory_max_write+0x262/0x3a0 [ 530.754630][T17881] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 530.761386][T17881] ? lock_acquire+0x190/0x410 [ 530.766061][T17881] ? kernfs_fop_write+0x227/0x480 [ 530.771099][T17881] cgroup_file_write+0x241/0x790 [ 530.778549][T17881] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 530.785313][T17881] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 530.790954][T17881] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 530.796586][T17881] kernfs_fop_write+0x2b8/0x480 [ 530.801444][T17881] __vfs_write+0x8a/0x110 [ 530.805766][T17881] ? kernfs_fop_open+0xd80/0xd80 [ 530.810702][T17881] vfs_write+0x268/0x5d0 [ 530.814947][T17881] ksys_write+0x14f/0x290 [ 530.819274][T17881] ? __ia32_sys_read+0xb0/0xb0 [ 530.824035][T17881] ? do_syscall_64+0x26/0x760 [ 530.828706][T17881] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 530.834763][T17881] ? do_syscall_64+0x26/0x760 [ 530.839444][T17881] __x64_sys_write+0x73/0xb0 [ 530.844033][T17881] do_syscall_64+0xfa/0x760 [ 530.848528][T17881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 530.854400][T17881] RIP: 0033:0x459879 [ 530.858291][T17881] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 530.877874][T17881] RSP: 002b:00007f8394e41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 530.886272][T17881] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 530.894224][T17881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 530.902173][T17881] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 530.910136][T17881] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8394e426d4 [ 530.918089][T17881] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 530.953239][T17881] memory: usage 3500kB, limit 0kB, failcnt 68 [ 530.960133][T17881] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 530.979594][T17881] Memory cgroup stats for /syz2: [ 530.981653][T17881] anon 2158592 [ 530.981653][T17881] file 102400 [ 530.981653][T17881] kernel_stack 0 [ 530.981653][T17881] slab 1409024 [ 530.981653][T17881] sock 0 [ 530.981653][T17881] shmem 45056 [ 530.981653][T17881] file_mapped 0 [ 530.981653][T17881] file_dirty 0 [ 530.981653][T17881] file_writeback 0 [ 530.981653][T17881] anon_thp 2097152 [ 530.981653][T17881] inactive_anon 131072 [ 530.981653][T17881] active_anon 2158592 [ 530.981653][T17881] inactive_file 0 [ 530.981653][T17881] active_file 0 [ 530.981653][T17881] unevictable 0 [ 530.981653][T17881] slab_reclaimable 540672 [ 530.981653][T17881] slab_unreclaimable 868352 [ 530.981653][T17881] pgfault 30426 [ 530.981653][T17881] pgmajfault 0 [ 530.981653][T17881] workingset_refault 0 [ 530.981653][T17881] workingset_activate 0 [ 530.981653][T17881] workingset_nodereclaim 0 [ 530.981653][T17881] pgrefill 33 [ 530.981653][T17881] pgscan 0 [ 530.981653][T17881] pgsteal 0 [ 530.981653][T17881] pgactivate 0 [ 531.080418][T17881] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17880,uid=0 [ 531.097228][T17881] Memory cgroup out of memory: Killed process 17880 (syz-executor.2) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 531.118869][ T1065] oom_reaper: reaped process 17880 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:45:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:24 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:24 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:24 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8904, &(0x7f0000000000)) 01:45:24 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000034000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:24 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 531.199807][T17650] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 531.245572][T17650] CPU: 1 PID: 17650 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 531.254730][T17650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.264789][T17650] Call Trace: [ 531.268096][T17650] dump_stack+0x172/0x1f0 [ 531.272440][T17650] dump_header+0x177/0x1152 [ 531.276954][T17650] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 531.282769][T17650] ? ___ratelimit+0x2c8/0x595 [ 531.287452][T17650] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 531.293360][T17650] ? lockdep_hardirqs_on+0x418/0x5d0 [ 531.298669][T17650] ? trace_hardirqs_on+0x67/0x240 [ 531.303707][T17650] ? pagefault_out_of_memory+0x11c/0x11c [ 531.309439][T17650] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 531.315256][T17650] ? ___ratelimit+0x60/0x595 [ 531.319851][T17650] ? do_raw_spin_unlock+0x57/0x270 [ 531.324976][T17650] oom_kill_process.cold+0x10/0x15 [ 531.330101][T17650] out_of_memory+0x334/0x1340 [ 531.334799][T17650] ? lock_downgrade+0x920/0x920 [ 531.339669][T17650] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 531.345496][T17650] ? oom_killer_disable+0x280/0x280 [ 531.350711][T17650] mem_cgroup_out_of_memory+0x1d8/0x240 [ 531.356269][T17650] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 531.361914][T17650] ? do_raw_spin_unlock+0x57/0x270 [ 531.367035][T17650] ? _raw_spin_unlock+0x2d/0x50 [ 531.371900][T17650] try_charge+0xf4b/0x1440 [ 531.376336][T17650] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 531.381889][T17650] ? find_held_lock+0x35/0x130 [ 531.386748][T17650] ? get_mem_cgroup_from_mm+0x139/0x320 [ 531.392308][T17650] ? lock_downgrade+0x920/0x920 [ 531.397172][T17650] ? percpu_ref_tryget_live+0x111/0x290 [ 531.402744][T17650] __memcg_kmem_charge_memcg+0x71/0xf0 [ 531.408214][T17650] ? memcg_kmem_put_cache+0x50/0x50 [ 531.413431][T17650] ? get_mem_cgroup_from_mm+0x156/0x320 [ 531.419001][T17650] __memcg_kmem_charge+0x13a/0x3a0 [ 531.424129][T17650] __alloc_pages_nodemask+0x4f7/0x900 [ 531.429509][T17650] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 531.435066][T17650] ? __alloc_pages_slowpath+0x2540/0x2540 [ 531.440793][T17650] ? percpu_ref_put_many+0xb6/0x190 [ 531.446016][T17650] copy_process+0x3f8/0x6830 [ 531.450632][T17650] ? __kasan_check_read+0x11/0x20 [ 531.455689][T17650] ? __kasan_check_read+0x11/0x20 [ 531.460717][T17650] ? __lock_acquire+0x16f2/0x4a00 [ 531.465751][T17650] ? __cleanup_sighand+0x60/0x60 [ 531.470696][T17650] ? __might_fault+0x12b/0x1e0 [ 531.475475][T17650] ? __might_fault+0x12b/0x1e0 [ 531.480266][T17650] _do_fork+0x146/0xfa0 [ 531.484434][T17650] ? copy_init_mm+0x20/0x20 [ 531.488944][T17650] ? __kasan_check_read+0x11/0x20 [ 531.493969][T17650] ? _copy_to_user+0x118/0x160 [ 531.498745][T17650] __x64_sys_clone+0x1ab/0x270 [ 531.503516][T17650] ? __ia32_sys_vfork+0xd0/0xd0 [ 531.508377][T17650] ? do_syscall_64+0x26/0x760 [ 531.513061][T17650] ? lockdep_hardirqs_on+0x418/0x5d0 [ 531.518352][T17650] ? trace_hardirqs_on+0x67/0x240 [ 531.523390][T17650] do_syscall_64+0xfa/0x760 [ 531.527902][T17650] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 531.533796][T17650] RIP: 0033:0x457e4a [ 531.537697][T17650] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 531.557303][T17650] RSP: 002b:00007ffd64a03540 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 531.565739][T17650] RAX: ffffffffffffffda RBX: 00007ffd64a03540 RCX: 0000000000457e4a [ 531.573746][T17650] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 531.581719][T17650] RBP: 00007ffd64a03580 R08: 0000000000000001 R09: 000055555682c940 01:45:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000400300}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 531.589700][T17650] R10: 000055555682cc10 R11: 0000000000000246 R12: 0000000000000001 [ 531.597674][T17650] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd64a035d0 [ 531.628605][T17650] memory: usage 2600kB, limit 0kB, failcnt 83 [ 531.646010][T17650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 531.677514][T17650] Memory cgroup stats for /syz3: [ 531.677624][T17650] anon 20480 [ 531.677624][T17650] file 192512 [ 531.677624][T17650] kernel_stack 65536 [ 531.677624][T17650] slab 2945024 [ 531.677624][T17650] sock 0 [ 531.677624][T17650] shmem 12288 [ 531.677624][T17650] file_mapped 0 [ 531.677624][T17650] file_dirty 135168 [ 531.677624][T17650] file_writeback 0 [ 531.677624][T17650] anon_thp 0 [ 531.677624][T17650] inactive_anon 135168 [ 531.677624][T17650] active_anon 20480 [ 531.677624][T17650] inactive_file 81920 [ 531.677624][T17650] active_file 0 [ 531.677624][T17650] unevictable 0 [ 531.677624][T17650] slab_reclaimable 1081344 [ 531.677624][T17650] slab_unreclaimable 1863680 [ 531.677624][T17650] pgfault 24288 01:45:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000f0ffff}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:25 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8906, &(0x7f0000000000)) 01:45:25 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0 ', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 531.677624][T17650] pgmajfault 0 [ 531.677624][T17650] workingset_refault 0 [ 531.677624][T17650] workingset_activate 0 [ 531.677624][T17650] workingset_nodereclaim 0 [ 531.677624][T17650] pgrefill 33 [ 531.677624][T17650] pgscan 254 [ 531.677624][T17650] pgsteal 220 [ 531.677624][T17650] pgactivate 0 01:45:25 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8907, &(0x7f0000000000)) 01:45:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000001000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 532.141467][T17650] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17650,uid=0 [ 532.168281][T17650] Memory cgroup out of memory: Killed process 17650 (syz-executor.3) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 532.186628][ T1065] oom_reaper: reaped process 17650 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 532.198252][T17873] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 532.221265][T17873] CPU: 1 PID: 17873 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 532.230418][T17873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.240484][T17873] Call Trace: [ 532.243810][T17873] dump_stack+0x172/0x1f0 [ 532.248126][T17873] dump_header+0x177/0x1152 [ 532.252613][T17873] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 532.258630][T17873] ? ___ratelimit+0x2c8/0x595 [ 532.263306][T17873] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 532.269189][T17873] ? lockdep_hardirqs_on+0x418/0x5d0 [ 532.274457][T17873] ? trace_hardirqs_on+0x67/0x240 [ 532.279478][T17873] ? pagefault_out_of_memory+0x11c/0x11c [ 532.285097][T17873] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 532.290884][T17873] ? ___ratelimit+0x60/0x595 [ 532.295450][T17873] ? do_raw_spin_unlock+0x57/0x270 [ 532.300650][T17873] oom_kill_process.cold+0x10/0x15 [ 532.305739][T17873] out_of_memory+0x334/0x1340 [ 532.310392][T17873] ? lock_downgrade+0x920/0x920 [ 532.315314][T17873] ? oom_killer_disable+0x280/0x280 [ 532.320493][T17873] mem_cgroup_out_of_memory+0x1d8/0x240 [ 532.326033][T17873] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 532.331730][T17873] ? do_raw_spin_unlock+0x57/0x270 [ 532.336816][T17873] ? _raw_spin_unlock+0x2d/0x50 [ 532.341649][T17873] try_charge+0xf4b/0x1440 [ 532.346049][T17873] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 532.351569][T17873] ? percpu_ref_tryget_live+0x111/0x290 [ 532.357108][T17873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 532.363338][T17873] ? __kasan_check_read+0x11/0x20 [ 532.368354][T17873] ? get_mem_cgroup_from_mm+0x156/0x320 [ 532.373892][T17873] mem_cgroup_try_charge+0x136/0x590 [ 532.379160][T17873] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 532.385379][T17873] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 532.390989][T17873] wp_page_copy+0x41e/0x1600 [ 532.395573][T17873] ? find_held_lock+0x35/0x130 [ 532.400316][T17873] ? follow_pfn+0x2a0/0x2a0 [ 532.404799][T17873] ? lock_downgrade+0x920/0x920 [ 532.409630][T17873] ? swp_swapcount+0x540/0x540 [ 532.414376][T17873] ? __kasan_check_read+0x11/0x20 [ 532.419378][T17873] ? do_raw_spin_unlock+0x57/0x270 [ 532.424467][T17873] do_wp_page+0x499/0x14d0 [ 532.428914][T17873] ? finish_mkwrite_fault+0x570/0x570 [ 532.434275][T17873] __handle_mm_fault+0x22f1/0x3f20 [ 532.439377][T17873] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 532.444912][T17873] ? __kasan_check_read+0x11/0x20 [ 532.449916][T17873] handle_mm_fault+0x1b5/0x6c0 [ 532.454661][T17873] __do_page_fault+0x536/0xdd0 [ 532.459407][T17873] do_page_fault+0x38/0x590 [ 532.463889][T17873] page_fault+0x39/0x40 [ 532.468019][T17873] RIP: 0033:0x430956 [ 532.471896][T17873] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 532.491517][T17873] RSP: 002b:00007ffc3407f850 EFLAGS: 00010206 [ 532.497561][T17873] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 532.505606][T17873] RDX: 0000555555f47930 RSI: 0000555555f4f970 RDI: 0000000000000003 [ 532.513562][T17873] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555f46940 [ 532.521696][T17873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 532.529651][T17873] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 532.539699][T17873] memory: usage 1164kB, limit 0kB, failcnt 76 [ 532.548701][T17873] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 532.556789][T17873] Memory cgroup stats for /syz2: [ 532.556900][T17873] anon 40960 [ 532.556900][T17873] file 102400 [ 532.556900][T17873] kernel_stack 0 [ 532.556900][T17873] slab 1409024 [ 532.556900][T17873] sock 0 [ 532.556900][T17873] shmem 45056 [ 532.556900][T17873] file_mapped 0 [ 532.556900][T17873] file_dirty 0 [ 532.556900][T17873] file_writeback 0 [ 532.556900][T17873] anon_thp 0 [ 532.556900][T17873] inactive_anon 131072 [ 532.556900][T17873] active_anon 40960 [ 532.556900][T17873] inactive_file 0 [ 532.556900][T17873] active_file 0 [ 532.556900][T17873] unevictable 0 [ 532.556900][T17873] slab_reclaimable 540672 [ 532.556900][T17873] slab_unreclaimable 868352 [ 532.556900][T17873] pgfault 30426 [ 532.556900][T17873] pgmajfault 0 [ 532.556900][T17873] workingset_refault 0 [ 532.556900][T17873] workingset_activate 0 [ 532.556900][T17873] workingset_nodereclaim 0 [ 532.556900][T17873] pgrefill 33 [ 532.556900][T17873] pgscan 0 [ 532.556900][T17873] pgsteal 0 [ 532.556900][T17873] pgactivate 0 [ 532.652288][T17873] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17873,uid=0 [ 532.668229][T17873] Memory cgroup out of memory: Killed process 17873 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 01:45:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:26 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:26 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)) 01:45:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000002000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:26 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 533.392799][T17921] IPVS: ftp: loaded support on port[0] = 21 [ 533.932782][T17921] chnl_net:caif_netlink_parms(): no params data found [ 533.964900][T17921] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.972025][T17921] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.979904][T17921] device bridge_slave_0 entered promiscuous mode [ 534.122272][T17921] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.129688][T17921] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.137826][T17921] device bridge_slave_1 entered promiscuous mode [ 534.289808][T17921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 534.301419][T17921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 534.453140][T17921] team0: Port device team_slave_0 added [ 534.461812][T17921] team0: Port device team_slave_1 added [ 534.526828][T17921] device hsr_slave_0 entered promiscuous mode [ 534.584109][T17921] device hsr_slave_1 entered promiscuous mode [ 534.623769][T17921] debugfs: Directory 'hsr0' with parent '/' already present! [ 534.800761][T17921] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.807948][T17921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 534.815382][T17921] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.822468][T17921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 534.859722][T17924] IPVS: ftp: loaded support on port[0] = 21 [ 535.018142][ T9018] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.026240][ T9018] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.197625][T17921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 535.217824][T17921] 8021q: adding VLAN 0 to HW filter on device team0 [ 535.224904][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 535.232893][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 535.386610][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 535.395453][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 535.406349][ T9018] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.413489][ T9018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.421396][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 535.430173][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 535.438662][ T9018] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.445904][ T9018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.599926][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 535.610788][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 535.633740][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 535.643518][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 535.652659][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 535.661477][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 535.670346][ T3079] device bridge_slave_1 left promiscuous mode [ 535.676789][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.734913][ T3079] device bridge_slave_0 left promiscuous mode [ 535.741109][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.785247][ T3079] device bridge_slave_1 left promiscuous mode [ 535.791422][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.834735][ T3079] device bridge_slave_0 left promiscuous mode [ 535.840932][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.554224][ T3079] device hsr_slave_0 left promiscuous mode [ 539.593852][ T3079] device hsr_slave_1 left promiscuous mode [ 539.646147][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 539.659827][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 539.671918][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 539.718317][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 539.800259][ T3079] bond0 (unregistering): Released all slaves [ 539.954870][ T3079] device hsr_slave_0 left promiscuous mode [ 539.993936][ T3079] device hsr_slave_1 left promiscuous mode [ 540.041604][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 540.055181][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 540.067834][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 540.130243][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 540.209764][ T3079] bond0 (unregistering): Released all slaves [ 540.342297][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 540.357182][T17921] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 540.368161][T17921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 540.384949][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 540.394435][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 540.402894][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 540.411720][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 540.420675][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 540.430687][T17924] chnl_net:caif_netlink_parms(): no params data found [ 540.471106][T17924] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.478844][T17924] bridge0: port 1(bridge_slave_0) entered disabled state [ 540.487121][T17924] device bridge_slave_0 entered promiscuous mode [ 540.501692][T17924] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.508961][T17924] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.516847][T17924] device bridge_slave_1 entered promiscuous mode [ 540.538337][T17921] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 540.549375][T17924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 540.561753][T17924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.600213][T17924] team0: Port device team_slave_0 added [ 540.608578][T17924] team0: Port device team_slave_1 added [ 540.686964][T17924] device hsr_slave_0 entered promiscuous mode [ 540.724145][T17924] device hsr_slave_1 entered promiscuous mode [ 540.763753][T17924] debugfs: Directory 'hsr0' with parent '/' already present! [ 540.869763][T17924] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.876891][T17924] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.884282][T17924] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.891344][T17924] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.008200][T17932] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 541.010151][T17924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.023945][T17932] CPU: 0 PID: 17932 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 541.034511][T17932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.044573][T17932] Call Trace: [ 541.047879][T17932] dump_stack+0x172/0x1f0 [ 541.052250][T17932] dump_header+0x177/0x1152 [ 541.056773][T17932] ? pagefault_out_of_memory+0x11c/0x11c [ 541.062407][T17932] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 541.063879][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 541.068217][T17932] ? ___ratelimit+0x60/0x595 [ 541.079977][T17932] ? do_raw_spin_unlock+0x57/0x270 [ 541.085101][T17932] oom_kill_process.cold+0x10/0x15 [ 541.090231][T17932] out_of_memory+0x334/0x1340 [ 541.094906][T17932] ? retint_kernel+0x2b/0x2b [ 541.099506][T17932] ? oom_killer_disable+0x280/0x280 [ 541.104705][T17932] ? out_of_memory+0x25/0x1340 [ 541.109475][T17932] mem_cgroup_out_of_memory+0x1d8/0x240 [ 541.115134][T17932] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 541.120771][T17932] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 541.126669][T17932] ? cgroup_file_notify+0x140/0x1b0 [ 541.131875][T17932] memory_max_write+0x262/0x3a0 [ 541.136826][T17932] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 541.143588][T17932] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 541.149048][T17932] cgroup_file_write+0x241/0x790 [ 541.153994][T17932] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 541.160758][T17932] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 541.166398][T17932] ? kernfs_ops+0x9f/0x120 [ 541.170814][T17932] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 541.176446][T17932] kernfs_fop_write+0x2b8/0x480 [ 541.181297][T17932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 541.187561][T17932] __vfs_write+0x8a/0x110 [ 541.191895][T17932] ? kernfs_fop_open+0xd80/0xd80 [ 541.196832][T17932] vfs_write+0x268/0x5d0 [ 541.201257][T17932] ksys_write+0x14f/0x290 [ 541.205586][T17932] ? __ia32_sys_read+0xb0/0xb0 [ 541.210347][T17932] ? do_syscall_64+0x26/0x760 [ 541.215020][T17932] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 541.221081][T17932] ? do_syscall_64+0x26/0x760 [ 541.225765][T17932] __x64_sys_write+0x73/0xb0 [ 541.230377][T17932] do_syscall_64+0xfa/0x760 [ 541.234881][T17932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 541.240773][T17932] RIP: 0033:0x459879 [ 541.244764][T17932] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 541.264360][T17932] RSP: 002b:00007f705adb9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 541.272765][T17932] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 541.280743][T17932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 541.288716][T17932] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 541.296689][T17932] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f705adba6d4 [ 541.304653][T17932] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 541.320615][ T9012] bridge0: port 1(bridge_slave_0) entered disabled state [ 541.321367][T17932] memory: usage 3692kB, limit 0kB, failcnt 68 [ 541.334528][T17932] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 541.342540][ T9012] bridge0: port 2(bridge_slave_1) entered disabled state [ 541.342558][T17932] Memory cgroup stats for /syz5: [ 541.344591][T17932] anon 2195456 [ 541.344591][T17932] file 0 [ 541.344591][T17932] kernel_stack 65536 [ 541.344591][T17932] slab 1404928 [ 541.344591][T17932] sock 16384 [ 541.344591][T17932] shmem 28672 [ 541.344591][T17932] file_mapped 0 [ 541.344591][T17932] file_dirty 0 [ 541.344591][T17932] file_writeback 0 [ 541.344591][T17932] anon_thp 2097152 [ 541.344591][T17932] inactive_anon 0 [ 541.344591][T17932] active_anon 2195456 [ 541.344591][T17932] inactive_file 61440 [ 541.344591][T17932] active_file 0 [ 541.344591][T17932] unevictable 176128 [ 541.344591][T17932] slab_reclaimable 405504 [ 541.344591][T17932] slab_unreclaimable 999424 [ 541.344591][T17932] pgfault 23925 [ 541.344591][T17932] pgmajfault 0 [ 541.344591][T17932] workingset_refault 0 [ 541.344591][T17932] workingset_activate 0 [ 541.344591][T17932] workingset_nodereclaim 0 [ 541.344591][T17932] pgrefill 0 [ 541.344591][T17932] pgscan 0 [ 541.344591][T17932] pgsteal 0 [ 541.344591][T17932] pgactivate 0 [ 541.448402][T17932] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1 [ 541.448575][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 541.448589][T17932] ,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17931,uid=0 [ 541.474954][T17932] Memory cgroup out of memory: Killed process 17931 (syz-executor.5) total-vm:72580kB, anon-rss:2180kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 541.497138][ T1065] oom_reaper: reaped process 17931 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 541.513643][T17924] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.536519][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 541.545528][ T9012] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.552683][ T9012] bridge0: port 1(bridge_slave_0) entered forwarding state 01:45:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:35 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:35 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8910, &(0x7f0000000000)) 01:45:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:45:35 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000003000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 541.560775][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 541.569949][ T9012] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.577116][ T9012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.592962][T17921] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 541.595415][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 541.647629][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 541.653787][T17921] CPU: 0 PID: 17921 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 541.664597][T17921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.674652][T17921] Call Trace: [ 541.675769][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 541.677946][T17921] dump_stack+0x172/0x1f0 [ 541.677972][T17921] dump_header+0x177/0x1152 [ 541.694657][T17921] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 541.700472][T17921] ? ___ratelimit+0x2c8/0x595 [ 541.705151][T17921] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 541.710153][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 541.710963][T17921] ? lockdep_hardirqs_on+0x418/0x5d0 [ 541.710988][T17921] ? trace_hardirqs_on+0x67/0x240 [ 541.729065][T17921] ? pagefault_out_of_memory+0x11c/0x11c [ 541.734693][T17921] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 541.734709][T17921] ? ___ratelimit+0x60/0x595 [ 541.734721][T17921] ? do_raw_spin_unlock+0x57/0x270 [ 541.734744][T17921] oom_kill_process.cold+0x10/0x15 [ 541.751222][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 541.755306][T17921] out_of_memory+0x334/0x1340 [ 541.755322][T17921] ? lock_downgrade+0x920/0x920 [ 541.755340][T17921] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 541.755355][T17921] ? oom_killer_disable+0x280/0x280 [ 541.755377][T17921] mem_cgroup_out_of_memory+0x1d8/0x240 [ 541.755395][T17921] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 01:45:35 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8912, &(0x7f0000000000)) [ 541.767881][T17921] ? do_raw_spin_unlock+0x57/0x270 [ 541.767904][T17921] ? _raw_spin_unlock+0x2d/0x50 [ 541.780161][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 541.783722][T17921] try_charge+0xf4b/0x1440 [ 541.783746][T17921] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 541.783759][T17921] ? percpu_ref_tryget_live+0x111/0x290 [ 541.783790][T17921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 541.783810][T17921] ? __kasan_check_read+0x11/0x20 [ 541.820294][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 541.822553][T17921] ? get_mem_cgroup_from_mm+0x156/0x320 [ 541.822576][T17921] mem_cgroup_try_charge+0x136/0x590 [ 541.822591][T17921] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 541.822621][T17921] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 541.869265][T17921] wp_page_copy+0x41e/0x1600 [ 541.873871][T17921] ? find_held_lock+0x35/0x130 [ 541.878651][T17921] ? follow_pfn+0x2a0/0x2a0 [ 541.883171][T17921] ? lock_downgrade+0x920/0x920 [ 541.888032][T17921] ? swp_swapcount+0x540/0x540 [ 541.892803][T17921] ? __kasan_check_read+0x11/0x20 [ 541.897832][T17921] ? do_raw_spin_unlock+0x57/0x270 [ 541.902951][T17921] do_wp_page+0x499/0x14d0 [ 541.907389][T17921] ? finish_mkwrite_fault+0x570/0x570 [ 541.912773][T17921] __handle_mm_fault+0x22f1/0x3f20 [ 541.917914][T17921] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 541.923481][T17921] ? __kasan_check_read+0x11/0x20 [ 541.928622][T17921] handle_mm_fault+0x1b5/0x6c0 [ 541.933481][T17921] __do_page_fault+0x536/0xdd0 [ 541.938264][T17921] do_page_fault+0x38/0x590 [ 541.942793][T17921] page_fault+0x39/0x40 [ 541.947049][T17921] RIP: 0033:0x430956 [ 541.950962][T17921] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 541.970570][T17921] RSP: 002b:00007ffc933c91c0 EFLAGS: 00010206 [ 541.976640][T17921] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 541.984616][T17921] RDX: 0000555555804930 RSI: 000055555580c970 RDI: 0000000000000003 01:45:35 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x10', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 541.992595][T17921] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555803940 [ 542.000571][T17921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 542.008559][T17921] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 542.028343][T17924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 01:45:35 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8914, &(0x7f0000000000)) 01:45:35 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 542.112130][T17924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 542.113820][T17921] memory: usage 1316kB, limit 0kB, failcnt 76 [ 542.130578][T17921] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 542.137961][T17921] Memory cgroup stats for /syz5: [ 542.138059][T17921] anon 110592 [ 542.138059][T17921] file 0 [ 542.138059][T17921] kernel_stack 0 [ 542.138059][T17921] slab 1404928 [ 542.138059][T17921] sock 16384 [ 542.138059][T17921] shmem 28672 [ 542.138059][T17921] file_mapped 0 [ 542.138059][T17921] file_dirty 0 [ 542.138059][T17921] file_writeback 0 [ 542.138059][T17921] anon_thp 0 [ 542.138059][T17921] inactive_anon 0 [ 542.138059][T17921] active_anon 110592 [ 542.138059][T17921] inactive_file 61440 [ 542.138059][T17921] active_file 0 [ 542.138059][T17921] unevictable 176128 [ 542.138059][T17921] slab_reclaimable 405504 [ 542.138059][T17921] slab_unreclaimable 999424 [ 542.138059][T17921] pgfault 23925 [ 542.138059][T17921] pgmajfault 0 [ 542.138059][T17921] workingset_refault 0 [ 542.138059][T17921] workingset_activate 0 [ 542.138059][T17921] workingset_nodereclaim 0 [ 542.138059][T17921] pgrefill 0 [ 542.138059][T17921] pgscan 0 [ 542.138059][T17921] pgsteal 0 [ 542.138059][T17921] pgactivate 0 [ 542.170081][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 542.241318][T17921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17921,uid=0 01:45:35 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000004000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:35 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 542.525838][ T9018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 542.584005][T17921] Memory cgroup out of memory: Killed process 17921 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 542.601948][T17924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.661806][ T1065] oom_reaper: reaped process 17921 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 543.361717][T17972] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 543.379386][T17972] CPU: 1 PID: 17972 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 543.388519][T17972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.398580][T17972] Call Trace: [ 543.401870][T17972] dump_stack+0x172/0x1f0 [ 543.406204][T17972] dump_header+0x177/0x1152 [ 543.410723][T17972] ? pagefault_out_of_memory+0x11c/0x11c [ 543.416355][T17972] ? ___ratelimit+0x60/0x595 [ 543.420939][T17972] ? do_raw_spin_unlock+0x57/0x270 [ 543.426033][T17972] oom_kill_process.cold+0x10/0x15 [ 543.431124][T17972] out_of_memory+0x334/0x1340 [ 543.435789][T17972] ? __sched_text_start+0x8/0x8 [ 543.440620][T17972] ? oom_killer_disable+0x280/0x280 [ 543.445806][T17972] mem_cgroup_out_of_memory+0x1d8/0x240 [ 543.451335][T17972] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 543.456956][T17972] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 543.462745][T17972] ? cgroup_file_notify+0x140/0x1b0 [ 543.467934][T17972] memory_max_write+0x262/0x3a0 [ 543.472819][T17972] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 543.479571][T17972] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 543.485015][T17972] cgroup_file_write+0x241/0x790 [ 543.489939][T17972] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 543.496686][T17972] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 543.502303][T17972] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 543.507942][T17972] kernfs_fop_write+0x2b8/0x480 [ 543.512775][T17972] __vfs_write+0x8a/0x110 [ 543.517106][T17972] ? kernfs_fop_open+0xd80/0xd80 [ 543.522024][T17972] vfs_write+0x268/0x5d0 [ 543.526248][T17972] ksys_write+0x14f/0x290 [ 543.530558][T17972] ? __ia32_sys_read+0xb0/0xb0 [ 543.535299][T17972] ? __x64_sys_write+0x11/0xb0 [ 543.540049][T17972] __x64_sys_write+0x73/0xb0 [ 543.544628][T17972] do_syscall_64+0xfa/0x760 [ 543.549115][T17972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 543.554984][T17972] RIP: 0033:0x459879 [ 543.558863][T17972] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 543.578448][T17972] RSP: 002b:00007f51cab84c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 543.586844][T17972] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 543.594819][T17972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 543.602771][T17972] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 543.610719][T17972] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51cab856d4 [ 543.618668][T17972] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 543.633697][T17972] memory: usage 4668kB, limit 0kB, failcnt 86 [ 543.639904][T17972] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 543.647393][T17972] Memory cgroup stats for /syz3: [ 543.649034][T17972] anon 2228224 [ 543.649034][T17972] file 192512 [ 543.649034][T17972] kernel_stack 65536 [ 543.649034][T17972] slab 2539520 [ 543.649034][T17972] sock 0 [ 543.649034][T17972] shmem 12288 [ 543.649034][T17972] file_mapped 0 [ 543.649034][T17972] file_dirty 135168 [ 543.649034][T17972] file_writeback 0 [ 543.649034][T17972] anon_thp 2097152 [ 543.649034][T17972] inactive_anon 135168 [ 543.649034][T17972] active_anon 2228224 [ 543.649034][T17972] inactive_file 81920 [ 543.649034][T17972] active_file 0 [ 543.649034][T17972] unevictable 0 [ 543.649034][T17972] slab_reclaimable 811008 [ 543.649034][T17972] slab_unreclaimable 1728512 [ 543.649034][T17972] pgfault 24387 [ 543.649034][T17972] pgmajfault 0 [ 543.649034][T17972] workingset_refault 0 [ 543.649034][T17972] workingset_activate 0 [ 543.649034][T17972] workingset_nodereclaim 0 [ 543.649034][T17972] pgrefill 33 [ 543.649034][T17972] pgscan 254 [ 543.649034][T17972] pgsteal 220 [ 543.649034][T17972] pgactivate 0 [ 543.746306][T17972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17971,uid=0 [ 543.763432][T17972] Memory cgroup out of memory: Killed process 17971 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 543.786855][ T1065] oom_reaper: reaped process 17971 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB 01:45:37 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:37 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000005000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:37 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, &(0x7f0000000000)) [ 544.089567][T17924] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 544.122530][T17924] CPU: 1 PID: 17924 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 544.131673][T17924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.141733][T17924] Call Trace: [ 544.145045][T17924] dump_stack+0x172/0x1f0 [ 544.149392][T17924] dump_header+0x177/0x1152 [ 544.153905][T17924] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 544.159804][T17924] ? ___ratelimit+0x2c8/0x595 [ 544.164495][T17924] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 544.170310][T17924] ? lockdep_hardirqs_on+0x418/0x5d0 [ 544.175618][T17924] ? trace_hardirqs_on+0x67/0x240 [ 544.180652][T17924] ? pagefault_out_of_memory+0x11c/0x11c [ 544.186291][T17924] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 544.192193][T17924] ? ___ratelimit+0x60/0x595 [ 544.196793][T17924] ? do_raw_spin_unlock+0x57/0x270 [ 544.201923][T17924] oom_kill_process.cold+0x10/0x15 [ 544.207037][T17924] out_of_memory+0x334/0x1340 [ 544.211723][T17924] ? lock_downgrade+0x920/0x920 [ 544.216586][T17924] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 544.222400][T17924] ? oom_killer_disable+0x280/0x280 [ 544.227622][T17924] mem_cgroup_out_of_memory+0x1d8/0x240 [ 544.233173][T17924] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 544.238991][T17924] ? do_raw_spin_unlock+0x57/0x270 [ 544.244115][T17924] ? _raw_spin_unlock+0x2d/0x50 [ 544.249065][T17924] try_charge+0xf4b/0x1440 [ 544.253495][T17924] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 544.253510][T17924] ? percpu_ref_tryget_live+0x111/0x290 [ 544.253527][T17924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 544.253548][T17924] ? __kasan_check_read+0x11/0x20 [ 544.264874][T17924] ? get_mem_cgroup_from_mm+0x156/0x320 [ 544.264895][T17924] mem_cgroup_try_charge+0x136/0x590 [ 544.264911][T17924] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 544.264931][T17924] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 544.264949][T17924] __handle_mm_fault+0x1e34/0x3f20 [ 544.264968][T17924] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 544.276205][T17924] ? __kasan_check_read+0x11/0x20 [ 544.276230][T17924] handle_mm_fault+0x1b5/0x6c0 [ 544.276253][T17924] __do_page_fault+0x536/0xdd0 [ 544.285778][T17983] IPVS: ftp: loaded support on port[0] = 21 [ 544.287346][T17924] do_page_fault+0x38/0x590 [ 544.287378][T17924] page_fault+0x39/0x40 [ 544.299210][T17924] RIP: 0033:0x4034f2 [ 544.299227][T17924] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 a9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 c9 42 05 00 48 [ 544.299235][T17924] RSP: 002b:00007ffe7b619e90 EFLAGS: 00010246 [ 544.299247][T17924] RAX: 0000000000000000 RBX: 0000000000084a3f RCX: 0000000000413480 [ 544.299254][T17924] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe7b61afc0 [ 544.299267][T17924] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556a5f940 [ 544.299275][T17924] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7b61afc0 [ 544.299282][T17924] R13: 00007ffe7b61afb0 R14: 0000000000000000 R15: 00007ffe7b61afc0 [ 544.350746][T17924] memory: usage 2304kB, limit 0kB, failcnt 94 [ 544.398635][T17924] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 544.409899][T17924] Memory cgroup stats for /syz3: [ 544.410004][T17924] anon 0 [ 544.410004][T17924] file 192512 [ 544.410004][T17924] kernel_stack 65536 [ 544.410004][T17924] slab 2539520 [ 544.410004][T17924] sock 0 [ 544.410004][T17924] shmem 12288 [ 544.410004][T17924] file_mapped 0 [ 544.410004][T17924] file_dirty 135168 [ 544.410004][T17924] file_writeback 0 [ 544.410004][T17924] anon_thp 0 [ 544.410004][T17924] inactive_anon 135168 [ 544.410004][T17924] active_anon 0 [ 544.410004][T17924] inactive_file 81920 [ 544.410004][T17924] active_file 0 [ 544.410004][T17924] unevictable 0 [ 544.410004][T17924] slab_reclaimable 811008 [ 544.410004][T17924] slab_unreclaimable 1728512 [ 544.410004][T17924] pgfault 24387 [ 544.410004][T17924] pgmajfault 0 [ 544.410004][T17924] workingset_refault 0 [ 544.410004][T17924] workingset_activate 0 [ 544.410004][T17924] workingset_nodereclaim 0 [ 544.410004][T17924] pgrefill 33 [ 544.410004][T17924] pgscan 254 [ 544.410004][T17924] pgsteal 220 [ 544.410004][T17924] pgactivate 0 [ 544.453620][T17924] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17924,uid=0 [ 544.541903][T17924] Memory cgroup out of memory: Killed process 17924 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 544.560871][ T1065] oom_reaper: reaped process 17924 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 544.891369][T17983] chnl_net:caif_netlink_parms(): no params data found [ 544.922033][T17983] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.931320][T17983] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.947746][T17983] device bridge_slave_0 entered promiscuous mode [ 544.956199][T17983] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.963770][T17983] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.973181][T17983] device bridge_slave_1 entered promiscuous mode [ 545.006463][T17983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 545.023707][T17983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 545.044833][T17983] team0: Port device team_slave_0 added [ 545.051765][T17983] team0: Port device team_slave_1 added [ 545.356835][T17983] device hsr_slave_0 entered promiscuous mode [ 545.396211][T17983] device hsr_slave_1 entered promiscuous mode [ 545.433770][T17983] debugfs: Directory 'hsr0' with parent '/' already present! [ 545.590072][T17983] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.597184][T17983] bridge0: port 2(bridge_slave_1) entered forwarding state [ 545.604560][T17983] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.611726][T17983] bridge0: port 1(bridge_slave_0) entered forwarding state [ 545.789773][T17983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 545.801751][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 545.810834][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.820284][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.828506][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 545.978635][T17983] 8021q: adding VLAN 0 to HW filter on device team0 [ 545.995269][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 546.005265][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 546.014600][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.021734][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.029424][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 546.038416][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 546.046951][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.054029][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 546.061564][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 546.070561][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 546.222500][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 546.231393][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 546.249401][T17983] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 546.260854][T17983] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 546.407791][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 546.416598][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 546.425636][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 546.434357][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 546.442757][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 546.451625][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 546.460241][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 546.611863][T17983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 546.619315][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 546.975530][T17995] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 546.986911][T17995] CPU: 1 PID: 17995 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 546.996035][T17995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 547.006109][T17995] Call Trace: [ 547.009414][T17995] dump_stack+0x172/0x1f0 [ 547.013764][T17995] dump_header+0x177/0x1152 [ 547.018294][T17995] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 547.024329][T17995] ? ___ratelimit+0x2c8/0x595 [ 547.029020][T17995] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 547.034945][T17995] ? lockdep_hardirqs_on+0x418/0x5d0 [ 547.040242][T17995] ? trace_hardirqs_on+0x67/0x240 [ 547.045443][T17995] ? pagefault_out_of_memory+0x11c/0x11c [ 547.051089][T17995] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 547.056909][T17995] ? ___ratelimit+0x60/0x595 [ 547.061618][T17995] ? do_raw_spin_unlock+0x57/0x270 [ 547.066756][T17995] oom_kill_process.cold+0x10/0x15 [ 547.071886][T17995] out_of_memory+0x334/0x1340 [ 547.076601][T17995] ? __sched_text_start+0x8/0x8 [ 547.081463][T17995] ? oom_killer_disable+0x280/0x280 [ 547.086685][T17995] mem_cgroup_out_of_memory+0x1d8/0x240 [ 547.092244][T17995] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 547.097882][T17995] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 547.103990][T17995] ? cgroup_file_notify+0x140/0x1b0 [ 547.109339][T17995] memory_max_write+0x262/0x3a0 [ 547.114460][T17995] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 547.121407][T17995] ? lock_acquire+0x190/0x410 [ 547.126085][T17995] ? kernfs_fop_write+0x227/0x480 [ 547.131658][T17995] cgroup_file_write+0x241/0x790 [ 547.136814][T17995] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 547.143820][T17995] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 547.149598][T17995] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 547.155366][T17995] kernfs_fop_write+0x2b8/0x480 [ 547.160242][T17995] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 547.166479][T17995] __vfs_write+0x8a/0x110 [ 547.170820][T17995] ? kernfs_fop_open+0xd80/0xd80 [ 547.175754][T17995] vfs_write+0x268/0x5d0 [ 547.180162][T17995] ksys_write+0x14f/0x290 [ 547.184582][T17995] ? __ia32_sys_read+0xb0/0xb0 [ 547.189550][T17995] __x64_sys_write+0x73/0xb0 [ 547.194369][T17995] do_syscall_64+0xfa/0x760 [ 547.198879][T17995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 547.204786][T17995] RIP: 0033:0x459879 [ 547.208802][T17995] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 547.228659][T17995] RSP: 002b:00007fae2f266c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 547.237277][T17995] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 547.245559][T17995] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 547.253681][T17995] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 547.261860][T17995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae2f2676d4 [ 547.269941][T17995] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 547.286491][T17995] memory: usage 3460kB, limit 0kB, failcnt 77 [ 547.292688][T17995] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 547.303850][T17995] Memory cgroup stats for /syz2: [ 547.305220][T17995] anon 2195456 [ 547.305220][T17995] file 102400 [ 547.305220][T17995] kernel_stack 0 [ 547.305220][T17995] slab 1269760 [ 547.305220][T17995] sock 0 [ 547.305220][T17995] shmem 45056 [ 547.305220][T17995] file_mapped 0 [ 547.305220][T17995] file_dirty 0 [ 547.305220][T17995] file_writeback 0 [ 547.305220][T17995] anon_thp 2097152 [ 547.305220][T17995] inactive_anon 131072 [ 547.305220][T17995] active_anon 2195456 [ 547.305220][T17995] inactive_file 0 [ 547.305220][T17995] active_file 0 [ 547.305220][T17995] unevictable 0 [ 547.305220][T17995] slab_reclaimable 540672 [ 547.305220][T17995] slab_unreclaimable 729088 [ 547.305220][T17995] pgfault 30492 [ 547.305220][T17995] pgmajfault 0 [ 547.305220][T17995] workingset_refault 0 [ 547.305220][T17995] workingset_activate 0 [ 547.305220][T17995] workingset_nodereclaim 0 [ 547.305220][T17995] pgrefill 33 [ 547.305220][T17995] pgscan 0 [ 547.305220][T17995] pgsteal 0 [ 547.305220][T17995] pgactivate 0 [ 547.408881][T17995] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2 [ 547.409125][T17995] ,task=syz-executor.2,pid=17994,uid=0 [ 547.428811][T17995] Memory cgroup out of memory: Killed process 17994 (syz-executor.2) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 547.452184][ T1065] oom_reaper: reaped process 17994 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 547.505064][ T3079] device bridge_slave_1 left promiscuous mode [ 547.511347][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.584861][ T3079] device bridge_slave_0 left promiscuous mode [ 547.592468][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.705740][ T3079] device bridge_slave_1 left promiscuous mode [ 547.712306][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.765054][ T3079] device bridge_slave_0 left promiscuous mode [ 547.771280][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.001666][T17983] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 550.013815][T17983] CPU: 1 PID: 17983 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 550.023111][T17983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.033171][T17983] Call Trace: [ 550.036486][T17983] dump_stack+0x172/0x1f0 [ 550.040839][T17983] dump_header+0x177/0x1152 [ 550.045353][T17983] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 550.051165][T17983] ? ___ratelimit+0x2c8/0x595 [ 550.055865][T17983] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 550.061701][T17983] ? lockdep_hardirqs_on+0x418/0x5d0 [ 550.066990][T17983] ? trace_hardirqs_on+0x67/0x240 [ 550.072017][T17983] ? pagefault_out_of_memory+0x11c/0x11c [ 550.077659][T17983] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 550.083518][T17983] ? ___ratelimit+0x60/0x595 [ 550.088284][T17983] ? do_raw_spin_unlock+0x57/0x270 [ 550.093402][T17983] oom_kill_process.cold+0x10/0x15 [ 550.098680][T17983] out_of_memory+0x334/0x1340 [ 550.103363][T17983] ? lock_downgrade+0x920/0x920 [ 550.108227][T17983] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 550.114261][T17983] ? oom_killer_disable+0x280/0x280 [ 550.119582][T17983] mem_cgroup_out_of_memory+0x1d8/0x240 [ 550.125138][T17983] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 550.130780][T17983] ? do_raw_spin_unlock+0x57/0x270 [ 550.135913][T17983] ? _raw_spin_unlock+0x2d/0x50 [ 550.140917][T17983] try_charge+0xf4b/0x1440 [ 550.145355][T17983] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 550.150911][T17983] ? percpu_ref_tryget_live+0x111/0x290 [ 550.156479][T17983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 550.162729][T17983] ? __kasan_check_read+0x11/0x20 [ 550.167768][T17983] ? get_mem_cgroup_from_mm+0x156/0x320 [ 550.173336][T17983] mem_cgroup_try_charge+0x136/0x590 [ 550.178645][T17983] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 550.184991][T17983] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 550.190662][T17983] wp_page_copy+0x41e/0x1600 [ 550.195264][T17983] ? find_held_lock+0x35/0x130 [ 550.200382][T17983] ? follow_pfn+0x2a0/0x2a0 [ 550.204880][T17983] ? lock_downgrade+0x920/0x920 [ 550.209889][T17983] ? swp_swapcount+0x540/0x540 [ 550.214802][T17983] ? __kasan_check_read+0x11/0x20 [ 550.219944][T17983] ? do_raw_spin_unlock+0x57/0x270 [ 550.225087][T17983] do_wp_page+0x499/0x14d0 [ 550.229770][T17983] ? finish_mkwrite_fault+0x570/0x570 [ 550.235589][T17983] __handle_mm_fault+0x22f1/0x3f20 [ 550.240787][T17983] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 550.246459][T17983] ? __kasan_check_read+0x11/0x20 [ 550.251619][T17983] handle_mm_fault+0x1b5/0x6c0 [ 550.256386][T17983] __do_page_fault+0x536/0xdd0 [ 550.261225][T17983] do_page_fault+0x38/0x590 [ 550.265822][T17983] page_fault+0x39/0x40 [ 550.270364][T17983] RIP: 0033:0x430956 [ 550.274248][T17983] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 550.294161][T17983] RSP: 002b:00007fff35cc8b00 EFLAGS: 00010206 [ 550.300220][T17983] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 550.308615][T17983] RDX: 0000555555d86930 RSI: 0000555555d8e970 RDI: 0000000000000003 [ 550.316812][T17983] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555d85940 [ 550.324860][T17983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 550.332830][T17983] R13: 0000000000715698 R14: 0000000000085837 R15: 0000000000002710 [ 550.342000][T17983] memory: usage 1116kB, limit 0kB, failcnt 85 [ 550.348322][T17983] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 550.355402][T17983] Memory cgroup stats for /syz2: [ 550.355502][T17983] anon 0 [ 550.355502][T17983] file 102400 [ 550.355502][T17983] kernel_stack 0 [ 550.355502][T17983] slab 1269760 [ 550.355502][T17983] sock 0 [ 550.355502][T17983] shmem 45056 [ 550.355502][T17983] file_mapped 0 [ 550.355502][T17983] file_dirty 0 [ 550.355502][T17983] file_writeback 0 [ 550.355502][T17983] anon_thp 0 [ 550.355502][T17983] inactive_anon 131072 [ 550.355502][T17983] active_anon 0 [ 550.355502][T17983] inactive_file 0 [ 550.355502][T17983] active_file 0 [ 550.355502][T17983] unevictable 0 [ 550.355502][T17983] slab_reclaimable 540672 [ 550.355502][T17983] slab_unreclaimable 729088 [ 550.355502][T17983] pgfault 30492 [ 550.355502][T17983] pgmajfault 0 [ 550.355502][T17983] workingset_refault 0 [ 550.355502][T17983] workingset_activate 0 [ 550.355502][T17983] workingset_nodereclaim 0 [ 550.355502][T17983] pgrefill 33 [ 550.355502][T17983] pgscan 0 [ 550.355502][T17983] pgsteal 0 [ 550.355502][T17983] pgactivate 0 [ 550.450652][T17983] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17983,uid=0 [ 550.472413][T17983] Memory cgroup out of memory: Killed process 17983 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 550.500270][ T1065] oom_reaper: reaped process 17983 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 551.894383][ T3079] device hsr_slave_0 left promiscuous mode [ 551.934025][ T3079] device hsr_slave_1 left promiscuous mode [ 551.984445][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 551.999498][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 552.012456][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.041223][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.131080][ T3079] bond0 (unregistering): Released all slaves [ 552.294332][ T3079] device hsr_slave_0 left promiscuous mode [ 552.364017][ T3079] device hsr_slave_1 left promiscuous mode [ 552.419087][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 552.433322][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 552.445701][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.480419][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.576024][ T3079] bond0 (unregistering): Released all slaves 01:45:46 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:45:46 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:46 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:46 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000006000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:46 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8918, &(0x7f0000000000)) 01:45:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:45:46 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:46 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8925, &(0x7f0000000000)) 01:45:46 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000006040000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:46 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:45:46 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000007000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:46 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x04', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:46 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8927, &(0x7f0000000000)) [ 554.925328][T18033] IPVS: ftp: loaded support on port[0] = 21 [ 554.997598][T18033] chnl_net:caif_netlink_parms(): no params data found [ 555.026093][T18033] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.033435][T18033] bridge0: port 1(bridge_slave_0) entered disabled state [ 555.041427][T18033] device bridge_slave_0 entered promiscuous mode [ 555.050814][T18033] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.058114][T18033] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.065965][T18033] device bridge_slave_1 entered promiscuous mode [ 555.085297][T18033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 555.096269][T18033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 555.123233][T18033] team0: Port device team_slave_0 added [ 555.137575][T18033] team0: Port device team_slave_1 added [ 555.228534][T18033] device hsr_slave_0 entered promiscuous mode [ 555.284184][T18033] device hsr_slave_1 entered promiscuous mode [ 555.348471][T18033] debugfs: Directory 'hsr0' with parent '/' already present! [ 555.395762][T18033] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.402899][T18033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 555.410402][T18033] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.417551][T18033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 555.439577][T18037] IPVS: ftp: loaded support on port[0] = 21 [ 555.502218][T18033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.548243][T18033] 8021q: adding VLAN 0 to HW filter on device team0 [ 555.555524][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 555.564608][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 555.572272][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.580765][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 555.725908][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 555.737406][ T3713] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.744538][ T3713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 555.760829][T18038] IPVS: ftp: loaded support on port[0] = 21 [ 555.767354][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 555.777589][ T3713] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.784702][ T3713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 555.885659][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 555.894441][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 555.906823][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 555.930362][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 556.022906][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 556.040786][T18033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 556.141399][T18037] chnl_net:caif_netlink_parms(): no params data found [ 556.191939][T18038] chnl_net:caif_netlink_parms(): no params data found [ 556.310352][T18037] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.318996][T18037] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.326945][T18037] device bridge_slave_0 entered promiscuous mode [ 556.418263][T18033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 556.426319][T18037] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.440731][T18037] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.449965][T18037] device bridge_slave_1 entered promiscuous mode [ 556.465057][T18038] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.472294][T18038] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.481467][T18038] device bridge_slave_0 entered promiscuous mode [ 556.570267][T18037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.582383][T18038] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.589628][T18038] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.599764][T18038] device bridge_slave_1 entered promiscuous mode [ 556.609088][T18037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.718114][T18037] team0: Port device team_slave_0 added [ 556.726782][T18037] team0: Port device team_slave_1 added [ 556.734875][T18038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.878713][T18047] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 556.889527][T18047] CPU: 0 PID: 18047 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 556.898641][T18047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.908706][T18047] Call Trace: [ 556.912004][T18047] dump_stack+0x172/0x1f0 [ 556.916345][T18047] dump_header+0x177/0x1152 [ 556.920867][T18047] ? pagefault_out_of_memory+0x11c/0x11c [ 556.926507][T18047] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 556.932315][T18047] ? ___ratelimit+0x60/0x595 [ 556.936903][T18047] ? do_raw_spin_unlock+0x57/0x270 [ 556.943999][T18047] oom_kill_process.cold+0x10/0x15 [ 556.949117][T18047] out_of_memory+0x334/0x1340 [ 556.953798][T18047] ? __sched_text_start+0x8/0x8 [ 556.958641][T18047] ? oom_killer_disable+0x280/0x280 [ 556.963846][T18047] mem_cgroup_out_of_memory+0x1d8/0x240 [ 556.969420][T18047] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 556.975071][T18047] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 556.980864][T18047] ? cgroup_file_notify+0x140/0x1b0 [ 556.986061][T18047] memory_max_write+0x262/0x3a0 [ 556.990906][T18047] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 556.997673][T18047] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 557.003123][T18047] cgroup_file_write+0x241/0x790 [ 557.008054][T18047] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 557.014865][T18047] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 557.020498][T18047] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 557.026125][T18047] kernfs_fop_write+0x2b8/0x480 [ 557.030980][T18047] __vfs_write+0x8a/0x110 [ 557.035340][T18047] ? kernfs_fop_open+0xd80/0xd80 [ 557.040258][T18047] vfs_write+0x268/0x5d0 [ 557.044497][T18047] ksys_write+0x14f/0x290 [ 557.048830][T18047] ? __ia32_sys_read+0xb0/0xb0 [ 557.053596][T18047] ? do_syscall_64+0x26/0x760 [ 557.058265][T18047] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 557.064325][T18047] ? do_syscall_64+0x26/0x760 [ 557.069020][T18047] __x64_sys_write+0x73/0xb0 [ 557.073616][T18047] do_syscall_64+0xfa/0x760 [ 557.078114][T18047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 557.083995][T18047] RIP: 0033:0x459879 [ 557.087890][T18047] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 557.107503][T18047] RSP: 002b:00007fc2bfadec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 557.115937][T18047] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 557.123903][T18047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 557.131889][T18047] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 557.139845][T18047] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc2bfadf6d4 [ 557.147813][T18047] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 557.184901][T18047] memory: usage 4444kB, limit 0kB, failcnt 95 [ 557.195348][T18047] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 557.202747][T18038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.202795][T18047] Memory cgroup stats for /syz3: [ 557.205788][T18047] anon 2076672 [ 557.205788][T18047] file 192512 [ 557.205788][T18047] kernel_stack 65536 [ 557.205788][T18047] slab 2269184 [ 557.205788][T18047] sock 0 [ 557.205788][T18047] shmem 12288 [ 557.205788][T18047] file_mapped 0 [ 557.205788][T18047] file_dirty 135168 [ 557.205788][T18047] file_writeback 0 [ 557.205788][T18047] anon_thp 2097152 [ 557.205788][T18047] inactive_anon 135168 [ 557.205788][T18047] active_anon 2076672 [ 557.205788][T18047] inactive_file 81920 [ 557.205788][T18047] active_file 0 [ 557.205788][T18047] unevictable 0 [ 557.205788][T18047] slab_reclaimable 811008 [ 557.205788][T18047] slab_unreclaimable 1458176 [ 557.205788][T18047] pgfault 24453 [ 557.205788][T18047] pgmajfault 0 [ 557.205788][T18047] workingset_refault 0 [ 557.205788][T18047] workingset_activate 0 [ 557.205788][T18047] workingset_nodereclaim 0 [ 557.205788][T18047] pgrefill 33 [ 557.205788][T18047] pgscan 254 [ 557.205788][T18047] pgsteal 220 [ 557.205788][T18047] pgactivate 0 [ 557.314386][T18047] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18046,uid=0 [ 557.333438][T18037] device hsr_slave_0 entered promiscuous mode [ 557.340095][T18047] Memory cgroup out of memory: Killed process 18046 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 557.361726][ T1065] oom_reaper: reaped process 18046 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 557.414147][T18037] device hsr_slave_1 entered promiscuous mode [ 557.453712][T18037] debugfs: Directory 'hsr0' with parent '/' already present! [ 557.490454][ T3079] device bridge_slave_1 left promiscuous mode [ 557.498485][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.538642][ T3079] device bridge_slave_0 left promiscuous mode [ 557.549118][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.594345][ T3079] device hsr_slave_0 left promiscuous mode [ 559.643924][ T3079] device hsr_slave_1 left promiscuous mode [ 559.695765][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 559.709464][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 559.721150][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 559.758407][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 559.842758][ T3079] bond0 (unregistering): Released all slaves [ 559.910207][T18033] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 559.920245][T18033] CPU: 0 PID: 18033 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 559.929334][T18033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 559.939578][T18033] Call Trace: [ 559.942854][T18033] dump_stack+0x172/0x1f0 [ 559.947292][T18033] dump_header+0x177/0x1152 [ 559.951786][T18033] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 559.957583][T18033] ? ___ratelimit+0x2c8/0x595 [ 559.962383][T18033] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 559.968182][T18033] ? lockdep_hardirqs_on+0x418/0x5d0 [ 559.973450][T18033] ? trace_hardirqs_on+0x67/0x240 [ 559.978563][T18033] ? pagefault_out_of_memory+0x11c/0x11c [ 559.984188][T18033] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 559.989984][T18033] ? ___ratelimit+0x60/0x595 [ 559.994581][T18033] ? do_raw_spin_unlock+0x57/0x270 [ 559.999703][T18033] oom_kill_process.cold+0x10/0x15 [ 560.004805][T18033] out_of_memory+0x334/0x1340 [ 560.009475][T18033] ? lock_downgrade+0x920/0x920 [ 560.014318][T18033] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 560.020116][T18033] ? oom_killer_disable+0x280/0x280 [ 560.025413][T18033] mem_cgroup_out_of_memory+0x1d8/0x240 [ 560.030967][T18033] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 560.036588][T18033] ? do_raw_spin_unlock+0x57/0x270 [ 560.041679][T18033] ? _raw_spin_unlock+0x2d/0x50 [ 560.046525][T18033] try_charge+0xf4b/0x1440 [ 560.050959][T18033] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 560.056509][T18033] ? percpu_ref_tryget_live+0x111/0x290 [ 560.062045][T18033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 560.068267][T18033] ? __kasan_check_read+0x11/0x20 [ 560.073286][T18033] ? get_mem_cgroup_from_mm+0x156/0x320 [ 560.078825][T18033] mem_cgroup_try_charge+0x136/0x590 [ 560.084103][T18033] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 560.090338][T18033] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 560.095978][T18033] wp_page_copy+0x41e/0x1600 [ 560.100590][T18033] ? find_held_lock+0x35/0x130 [ 560.105442][T18033] ? follow_pfn+0x2a0/0x2a0 [ 560.110038][T18033] ? lock_downgrade+0x920/0x920 [ 560.114883][T18033] ? swp_swapcount+0x540/0x540 [ 560.119640][T18033] ? __kasan_check_read+0x11/0x20 [ 560.124648][T18033] ? do_raw_spin_unlock+0x57/0x270 [ 560.129760][T18033] do_wp_page+0x499/0x14d0 [ 560.134177][T18033] ? finish_mkwrite_fault+0x570/0x570 [ 560.139569][T18033] __handle_mm_fault+0x22f1/0x3f20 [ 560.144685][T18033] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 560.150228][T18033] ? __kasan_check_read+0x11/0x20 [ 560.155248][T18033] handle_mm_fault+0x1b5/0x6c0 [ 560.160007][T18033] __do_page_fault+0x536/0xdd0 [ 560.164869][T18033] do_page_fault+0x38/0x590 [ 560.169364][T18033] page_fault+0x39/0x40 [ 560.173493][T18033] RIP: 0033:0x430956 [ 560.177381][T18033] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 560.197059][T18033] RSP: 002b:00007fff45b2b220 EFLAGS: 00010206 [ 560.203112][T18033] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 560.211073][T18033] RDX: 00005555571d3930 RSI: 00005555571db970 RDI: 0000000000000003 [ 560.219056][T18033] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555571d2940 [ 560.227034][T18033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 560.235022][T18033] R13: 0000000000715698 R14: 0000000000087ee0 R15: 0000000000002710 [ 560.251302][T18033] memory: usage 2136kB, limit 0kB, failcnt 103 [ 560.257631][T18033] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 560.264573][T18033] Memory cgroup stats for /syz3: [ 560.264671][T18033] anon 0 [ 560.264671][T18033] file 192512 [ 560.264671][T18033] kernel_stack 65536 [ 560.264671][T18033] slab 2269184 [ 560.264671][T18033] sock 0 [ 560.264671][T18033] shmem 12288 [ 560.264671][T18033] file_mapped 0 [ 560.264671][T18033] file_dirty 135168 [ 560.264671][T18033] file_writeback 0 [ 560.264671][T18033] anon_thp 0 [ 560.264671][T18033] inactive_anon 135168 [ 560.264671][T18033] active_anon 0 [ 560.264671][T18033] inactive_file 81920 [ 560.264671][T18033] active_file 0 [ 560.264671][T18033] unevictable 0 [ 560.264671][T18033] slab_reclaimable 811008 [ 560.264671][T18033] slab_unreclaimable 1458176 [ 560.264671][T18033] pgfault 24453 [ 560.264671][T18033] pgmajfault 0 [ 560.264671][T18033] workingset_refault 0 [ 560.264671][T18033] workingset_activate 0 [ 560.264671][T18033] workingset_nodereclaim 0 [ 560.264671][T18033] pgrefill 33 [ 560.264671][T18033] pgscan 254 [ 560.264671][T18033] pgsteal 220 [ 560.264671][T18033] pgactivate 0 [ 560.359786][T18033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18033,uid=0 [ 560.359890][T18033] Memory cgroup out of memory: Killed process 18033 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 560.360742][ T1065] oom_reaper: reaped process 18033 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 560.413076][T18038] team0: Port device team_slave_0 added [ 560.421793][T18038] team0: Port device team_slave_1 added [ 560.485794][T18038] device hsr_slave_0 entered promiscuous mode [ 560.534595][T18038] device hsr_slave_1 entered promiscuous mode [ 560.583753][T18038] debugfs: Directory 'hsr0' with parent '/' already present! [ 560.872652][T18037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.922212][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 560.938491][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 560.954963][T18037] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.971656][T18038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.996129][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 561.006086][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 561.015488][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.022589][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.031299][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 561.040275][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 561.049199][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.056314][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.064433][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 561.073324][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 561.082634][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 561.091645][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 561.112882][T18037] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 561.124068][T18037] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 561.151079][T18038] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.159702][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 561.168488][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 561.176981][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 561.186075][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 561.195841][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 561.204790][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 561.213477][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 561.222258][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 561.230948][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 561.239040][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 561.265338][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 561.273096][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 561.283760][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 561.292321][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.299454][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.307771][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 561.316889][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 561.326061][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.333116][ T9063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.341508][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 561.357962][T18037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 561.378132][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 561.391187][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 561.403197][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 561.420072][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 561.447666][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 561.469957][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 561.481081][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 561.497225][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 561.509580][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 561.524297][T18038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 561.561135][T18038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 561.710145][T18055] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 561.722286][T18055] CPU: 1 PID: 18055 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 561.731418][T18055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.741491][T18055] Call Trace: [ 561.744808][T18055] dump_stack+0x172/0x1f0 [ 561.749155][T18055] dump_header+0x177/0x1152 [ 561.753666][T18055] ? pagefault_out_of_memory+0x11c/0x11c [ 561.759301][T18055] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 561.765106][T18055] ? ___ratelimit+0x60/0x595 [ 561.769696][T18055] ? do_raw_spin_unlock+0x57/0x270 [ 561.774814][T18055] oom_kill_process.cold+0x10/0x15 [ 561.779930][T18055] out_of_memory+0x334/0x1340 [ 561.784615][T18055] ? __sched_text_start+0x8/0x8 [ 561.789467][T18055] ? oom_killer_disable+0x280/0x280 [ 561.794671][T18055] mem_cgroup_out_of_memory+0x1d8/0x240 [ 561.800217][T18055] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 561.805860][T18055] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 561.811699][T18055] ? cgroup_file_notify+0x140/0x1b0 [ 561.816904][T18055] memory_max_write+0x262/0x3a0 [ 561.821757][T18055] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 561.828540][T18055] ? lock_acquire+0x190/0x410 [ 561.833214][T18055] ? kernfs_fop_write+0x227/0x480 [ 561.838244][T18055] cgroup_file_write+0x241/0x790 [ 561.843184][T18055] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 561.849955][T18055] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 561.855593][T18055] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 561.861246][T18055] kernfs_fop_write+0x2b8/0x480 [ 561.866101][T18055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 561.872612][T18055] __vfs_write+0x8a/0x110 [ 561.877111][T18055] ? kernfs_fop_open+0xd80/0xd80 [ 561.882046][T18055] vfs_write+0x268/0x5d0 [ 561.886303][T18055] ksys_write+0x14f/0x290 [ 561.890631][T18055] ? __ia32_sys_read+0xb0/0xb0 [ 561.895407][T18055] ? do_syscall_64+0x26/0x760 [ 561.900088][T18055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.906159][T18055] ? do_syscall_64+0x26/0x760 [ 561.910854][T18055] __x64_sys_write+0x73/0xb0 [ 561.915563][T18055] do_syscall_64+0xfa/0x760 [ 561.920070][T18055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.926135][T18055] RIP: 0033:0x459879 [ 561.930027][T18055] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 561.950759][T18055] RSP: 002b:00007f58e1763c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 561.959183][T18055] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 561.967236][T18055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 561.975203][T18055] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 561.983168][T18055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58e17646d4 [ 561.991299][T18055] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 562.000660][T18055] memory: usage 3552kB, limit 0kB, failcnt 77 [ 562.007336][T18055] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 562.014666][T18055] Memory cgroup stats for /syz5: [ 562.016462][T18055] anon 2232320 [ 562.016462][T18055] file 0 [ 562.016462][T18055] kernel_stack 65536 [ 562.016462][T18055] slab 1404928 [ 562.016462][T18055] sock 16384 [ 562.016462][T18055] shmem 28672 [ 562.016462][T18055] file_mapped 0 [ 562.016462][T18055] file_dirty 0 [ 562.016462][T18055] file_writeback 0 [ 562.016462][T18055] anon_thp 2097152 [ 562.016462][T18055] inactive_anon 0 [ 562.016462][T18055] active_anon 2232320 [ 562.016462][T18055] inactive_file 61440 [ 562.016462][T18055] active_file 0 [ 562.016462][T18055] unevictable 176128 [ 562.016462][T18055] slab_reclaimable 405504 [ 562.016462][T18055] slab_unreclaimable 999424 [ 562.016462][T18055] pgfault 23991 [ 562.016462][T18055] pgmajfault 0 [ 562.016462][T18055] workingset_refault 0 [ 562.016462][T18055] workingset_activate 0 [ 562.016462][T18055] workingset_nodereclaim 0 [ 562.016462][T18055] pgrefill 0 [ 562.016462][T18055] pgscan 0 [ 562.016462][T18055] pgsteal 0 [ 562.016462][T18055] pgactivate 0 [ 562.113601][T18055] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18054,uid=0 [ 562.130057][T18055] Memory cgroup out of memory: Killed process 18054 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 562.153031][ T1065] oom_reaper: reaped process 18054 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 01:45:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:45:56 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xc0', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:56 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f00000002c0)={0x18, 0x0, {0x3, @remote, 'erspan0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000000)={0x18, 0x0, {0x0, @link_local, 'ip6_vti0\x00'}}) 01:45:56 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000016040000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:45:56 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:45:56 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8933, &(0x7f0000000000)) 01:45:56 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000020000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 562.585911][T18037] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 562.673873][T18037] CPU: 1 PID: 18037 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 562.683035][T18037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.693132][T18037] Call Trace: [ 562.696429][T18037] dump_stack+0x172/0x1f0 [ 562.700769][T18037] dump_header+0x177/0x1152 [ 562.705281][T18037] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 562.711090][T18037] ? ___ratelimit+0x2c8/0x595 [ 562.715780][T18037] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 562.721610][T18037] ? lockdep_hardirqs_on+0x418/0x5d0 [ 562.726914][T18037] ? trace_hardirqs_on+0x67/0x240 [ 562.731948][T18037] ? pagefault_out_of_memory+0x11c/0x11c [ 562.737601][T18037] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 562.743417][T18037] ? ___ratelimit+0x60/0x595 [ 562.748063][T18037] ? do_raw_spin_unlock+0x57/0x270 [ 562.753184][T18037] oom_kill_process.cold+0x10/0x15 [ 562.758313][T18037] out_of_memory+0x334/0x1340 [ 562.763014][T18037] ? lock_downgrade+0x920/0x920 [ 562.767880][T18037] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 562.773702][T18037] ? oom_killer_disable+0x280/0x280 [ 562.779102][T18037] mem_cgroup_out_of_memory+0x1d8/0x240 [ 562.784663][T18037] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 562.790305][T18037] ? do_raw_spin_unlock+0x57/0x270 [ 562.795462][T18037] ? _raw_spin_unlock+0x2d/0x50 [ 562.800338][T18037] try_charge+0xf4b/0x1440 [ 562.804776][T18037] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 562.810331][T18037] ? percpu_ref_tryget_live+0x111/0x290 [ 562.815890][T18037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 562.822145][T18037] ? __kasan_check_read+0x11/0x20 [ 562.827187][T18037] ? get_mem_cgroup_from_mm+0x156/0x320 [ 562.832748][T18037] mem_cgroup_try_charge+0x136/0x590 [ 562.838050][T18037] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 562.844311][T18037] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 562.850049][T18037] wp_page_copy+0x41e/0x1600 [ 562.854662][T18037] ? find_held_lock+0x35/0x130 [ 562.859438][T18037] ? follow_pfn+0x2a0/0x2a0 [ 562.863949][T18037] ? lock_downgrade+0x920/0x920 [ 562.868816][T18037] ? swp_swapcount+0x540/0x540 [ 562.873590][T18037] ? __kasan_check_read+0x11/0x20 [ 562.878622][T18037] ? do_raw_spin_unlock+0x57/0x270 [ 562.883738][T18037] do_wp_page+0x499/0x14d0 [ 562.888225][T18037] ? finish_mkwrite_fault+0x570/0x570 [ 562.893610][T18037] __handle_mm_fault+0x22f1/0x3f20 [ 562.898737][T18037] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 562.904301][T18037] ? __kasan_check_read+0x11/0x20 [ 562.909353][T18037] handle_mm_fault+0x1b5/0x6c0 [ 562.914143][T18037] __do_page_fault+0x536/0xdd0 [ 562.919970][T18037] do_page_fault+0x38/0x590 [ 562.924489][T18037] page_fault+0x39/0x40 [ 562.928647][T18037] RIP: 0033:0x430956 [ 562.932546][T18037] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 562.954209][T18037] RSP: 002b:00007ffd7bfab830 EFLAGS: 00010206 [ 562.960280][T18037] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 562.968264][T18037] RDX: 000055555740e930 RSI: 0000555557416970 RDI: 0000000000000003 [ 562.976248][T18037] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555740d940 [ 562.984225][T18037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 562.992209][T18037] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 563.008359][T18037] memory: usage 1184kB, limit 0kB, failcnt 89 01:45:56 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c0000003f000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 563.027223][T18037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 563.043276][T18037] Memory cgroup stats for /syz5: [ 563.043377][T18037] anon 0 [ 563.043377][T18037] file 0 [ 563.043377][T18037] kernel_stack 0 [ 563.043377][T18037] slab 1404928 [ 563.043377][T18037] sock 16384 [ 563.043377][T18037] shmem 28672 [ 563.043377][T18037] file_mapped 0 [ 563.043377][T18037] file_dirty 0 [ 563.043377][T18037] file_writeback 0 01:45:56 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)) [ 563.043377][T18037] anon_thp 0 [ 563.043377][T18037] inactive_anon 0 [ 563.043377][T18037] active_anon 0 [ 563.043377][T18037] inactive_file 61440 [ 563.043377][T18037] active_file 0 [ 563.043377][T18037] unevictable 176128 [ 563.043377][T18037] slab_reclaimable 405504 [ 563.043377][T18037] slab_unreclaimable 999424 [ 563.043377][T18037] pgfault 23991 [ 563.043377][T18037] pgmajfault 0 [ 563.043377][T18037] workingset_refault 0 [ 563.043377][T18037] workingset_activate 0 [ 563.043377][T18037] workingset_nodereclaim 0 [ 563.043377][T18037] pgrefill 0 01:45:56 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 563.043377][T18037] pgscan 0 [ 563.043377][T18037] pgsteal 0 [ 563.043377][T18037] pgactivate 0 [ 563.160351][T18037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18037,uid=0 [ 563.177571][T18037] Memory cgroup out of memory: Killed process 18037 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 563.274401][ T1065] oom_reaper: reaped process 18037 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 563.286027][T18069] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 563.321836][T18069] CPU: 0 PID: 18069 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 563.330984][T18069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.341044][T18069] Call Trace: [ 563.344346][T18069] dump_stack+0x172/0x1f0 [ 563.348691][T18069] dump_header+0x177/0x1152 [ 563.353204][T18069] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 563.359035][T18069] ? ___ratelimit+0x2c8/0x595 [ 563.363722][T18069] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 563.369617][T18069] ? lockdep_hardirqs_on+0x418/0x5d0 [ 563.374914][T18069] ? trace_hardirqs_on+0x67/0x240 [ 563.379953][T18069] ? pagefault_out_of_memory+0x11c/0x11c [ 563.385596][T18069] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 563.391419][T18069] ? ___ratelimit+0x60/0x595 [ 563.396035][T18069] ? do_raw_spin_unlock+0x57/0x270 [ 563.401164][T18069] oom_kill_process.cold+0x10/0x15 [ 563.406296][T18069] out_of_memory+0x334/0x1340 [ 563.411082][T18069] ? oom_killer_disable+0x280/0x280 [ 563.416310][T18069] mem_cgroup_out_of_memory+0x1d8/0x240 [ 563.421873][T18069] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 563.427531][T18069] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 563.433350][T18069] ? cgroup_file_notify+0x140/0x1b0 [ 563.438584][T18069] memory_max_write+0x262/0x3a0 [ 563.443458][T18069] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 563.450256][T18069] ? lock_acquire+0x190/0x410 [ 563.454951][T18069] ? kernfs_fop_write+0x227/0x480 [ 563.460010][T18069] cgroup_file_write+0x241/0x790 [ 563.464970][T18069] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 563.471747][T18069] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 563.477403][T18069] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 563.483145][T18069] kernfs_fop_write+0x2b8/0x480 [ 563.488004][T18069] __vfs_write+0x8a/0x110 [ 563.492409][T18069] ? kernfs_fop_open+0xd80/0xd80 [ 563.497365][T18069] vfs_write+0x268/0x5d0 [ 563.501647][T18069] ksys_write+0x14f/0x290 [ 563.505994][T18069] ? __ia32_sys_read+0xb0/0xb0 [ 563.510763][T18069] ? do_syscall_64+0x26/0x760 [ 563.515569][T18069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 563.521650][T18069] ? do_syscall_64+0x26/0x760 [ 563.526461][T18069] __x64_sys_write+0x73/0xb0 [ 563.531056][T18069] do_syscall_64+0xfa/0x760 [ 563.535564][T18069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 563.541441][T18069] RIP: 0033:0x459879 [ 563.545322][T18069] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 563.564998][T18069] RSP: 002b:00007fad87852c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 563.573497][T18069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 563.581473][T18069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 563.589433][T18069] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 563.597384][T18069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad878536d4 [ 563.605344][T18069] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff 01:45:57 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8940, &(0x7f0000000000)) 01:45:57 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000040000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 563.773003][T18069] memory: usage 3508kB, limit 0kB, failcnt 86 [ 563.781943][T18069] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 563.789089][T18069] Memory cgroup stats for /syz2: [ 563.789201][T18069] anon 2240512 [ 563.789201][T18069] file 102400 [ 563.789201][T18069] kernel_stack 65536 [ 563.789201][T18069] slab 1269760 [ 563.789201][T18069] sock 0 [ 563.789201][T18069] shmem 45056 [ 563.789201][T18069] file_mapped 0 [ 563.789201][T18069] file_dirty 0 [ 563.789201][T18069] file_writeback 0 [ 563.789201][T18069] anon_thp 2097152 [ 563.789201][T18069] inactive_anon 131072 [ 563.789201][T18069] active_anon 2174976 [ 563.789201][T18069] inactive_file 0 [ 563.789201][T18069] active_file 0 [ 563.789201][T18069] unevictable 0 [ 563.789201][T18069] slab_reclaimable 540672 [ 563.789201][T18069] slab_unreclaimable 729088 [ 563.789201][T18069] pgfault 30657 [ 563.789201][T18069] pgmajfault 0 [ 563.789201][T18069] workingset_refault 0 [ 563.789201][T18069] workingset_activate 0 [ 563.789201][T18069] workingset_nodereclaim 0 [ 563.789201][T18069] pgrefill 33 [ 563.789201][T18069] pgscan 0 [ 563.789201][T18069] pgsteal 0 [ 563.789201][T18069] pgactivate 0 [ 563.903231][T18069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18068,uid=0 [ 563.939717][T18069] Memory cgroup out of memory: Killed process 18068 (syz-executor.2) total-vm:72708kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 563.965945][ T1065] oom_reaper: reaped process 18068 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 564.102842][T18038] syz-executor.2 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 564.115881][T18038] CPU: 1 PID: 18038 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 564.124996][T18038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 564.135035][T18038] Call Trace: [ 564.138310][T18038] dump_stack+0x172/0x1f0 [ 564.142634][T18038] dump_header+0x177/0x1152 [ 564.147133][T18038] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 564.152923][T18038] ? ___ratelimit+0x2c8/0x595 [ 564.157669][T18038] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 564.163559][T18038] ? lockdep_hardirqs_on+0x418/0x5d0 [ 564.168828][T18038] ? trace_hardirqs_on+0x67/0x240 [ 564.173842][T18038] ? pagefault_out_of_memory+0x11c/0x11c [ 564.179459][T18038] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 564.185249][T18038] ? ___ratelimit+0x60/0x595 [ 564.189823][T18038] ? do_raw_spin_unlock+0x57/0x270 [ 564.195018][T18038] oom_kill_process.cold+0x10/0x15 [ 564.200112][T18038] out_of_memory+0x334/0x1340 [ 564.204773][T18038] ? lock_downgrade+0x920/0x920 [ 564.209628][T18038] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 564.215418][T18038] ? oom_killer_disable+0x280/0x280 [ 564.220604][T18038] mem_cgroup_out_of_memory+0x1d8/0x240 [ 564.226129][T18038] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 564.231749][T18038] ? do_raw_spin_unlock+0x57/0x270 [ 564.236845][T18038] ? _raw_spin_unlock+0x2d/0x50 [ 564.241684][T18038] try_charge+0xf4b/0x1440 [ 564.246086][T18038] ? __lock_acquire+0x880/0x4a00 [ 564.251184][T18038] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 564.256717][T18038] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 564.262683][T18038] ? cache_grow_begin+0x122/0xd20 [ 564.267692][T18038] ? find_held_lock+0x35/0x130 [ 564.272443][T18038] ? cache_grow_begin+0x122/0xd20 [ 564.277461][T18038] __memcg_kmem_charge_memcg+0x71/0xf0 [ 564.282904][T18038] ? memcg_kmem_put_cache+0x50/0x50 [ 564.288090][T18038] ? __kasan_check_read+0x11/0x20 [ 564.293362][T18038] cache_grow_begin+0x629/0xd20 [ 564.298212][T18038] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 564.303913][T18038] ? mempolicy_slab_node+0x139/0x390 [ 564.309182][T18038] fallback_alloc+0x1fd/0x2d0 [ 564.313857][T18038] ____cache_alloc_node+0x1bc/0x1d0 [ 564.319044][T18038] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 564.325266][T18038] kmem_cache_alloc+0x1ef/0x710 [ 564.330099][T18038] ? lock_downgrade+0x920/0x920 [ 564.334936][T18038] ? rwlock_bug.part.0+0x90/0x90 [ 564.339865][T18038] ? ratelimit_state_init+0xb0/0xb0 [ 564.345042][T18038] ext4_alloc_inode+0x1f/0x640 [ 564.349791][T18038] ? ratelimit_state_init+0xb0/0xb0 [ 564.354973][T18038] alloc_inode+0x68/0x1e0 [ 564.359284][T18038] iget_locked+0x1a6/0x4b0 [ 564.363693][T18038] __ext4_iget+0x265/0x3bb0 [ 564.368195][T18038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 564.374421][T18038] ? ext4_get_projid+0x190/0x190 [ 564.379380][T18038] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 564.384908][T18038] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 564.390869][T18038] ? d_alloc_parallel+0xa78/0x1c30 [ 564.395971][T18038] ext4_lookup+0x3b1/0x7a0 [ 564.400368][T18038] ? ext4_cross_rename+0x1430/0x1430 [ 564.405641][T18038] ? __lock_acquire+0x16f2/0x4a00 [ 564.410658][T18038] ? __kasan_check_read+0x11/0x20 [ 564.415678][T18038] ? lockdep_init_map+0x1be/0x6d0 [ 564.420695][T18038] __lookup_slow+0x279/0x500 [ 564.425274][T18038] ? vfs_unlink+0x620/0x620 [ 564.429781][T18038] lookup_slow+0x58/0x80 [ 564.434092][T18038] path_mountpoint+0x5d2/0x1e60 [ 564.439023][T18038] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 564.444558][T18038] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 564.450523][T18038] ? path_openat+0x46d0/0x46d0 [ 564.455273][T18038] filename_mountpoint+0x190/0x3c0 [ 564.460375][T18038] ? filename_parentat.isra.0+0x410/0x410 [ 564.466085][T18038] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 564.472226][T18038] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 564.478460][T18038] ? __phys_addr_symbol+0x30/0x70 [ 564.483484][T18038] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 564.489188][T18038] ? __check_object_size+0x3d/0x437 [ 564.494488][T18038] ? strncpy_from_user+0x2b4/0x400 [ 564.499590][T18038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 564.505810][T18038] ? getname_flags+0x277/0x5b0 [ 564.510649][T18038] user_path_mountpoint_at+0x3a/0x50 [ 564.515918][T18038] ksys_umount+0x167/0xf00 [ 564.520405][T18038] ? down_read_non_owner+0x490/0x490 [ 564.525674][T18038] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 564.531908][T18038] ? __detach_mounts+0x2a0/0x2a0 [ 564.536834][T18038] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 564.542450][T18038] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 564.547897][T18038] ? do_syscall_64+0x26/0x760 [ 564.552559][T18038] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 564.558617][T18038] ? do_syscall_64+0x26/0x760 [ 564.563284][T18038] ? lockdep_hardirqs_on+0x418/0x5d0 [ 564.568562][T18038] __x64_sys_umount+0x54/0x80 [ 564.573224][T18038] do_syscall_64+0xfa/0x760 [ 564.577717][T18038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 564.583590][T18038] RIP: 0033:0x45c2a7 [ 564.587471][T18038] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 564.607062][T18038] RSP: 002b:00007ffc78c9d318 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 564.615718][T18038] RAX: ffffffffffffffda RBX: 0000000000089a2d RCX: 000000000045c2a7 [ 564.623671][T18038] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffc78c9d3c0 [ 564.631622][T18038] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000e [ 564.639584][T18038] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffc78c9e450 [ 564.647543][T18038] R13: 0000555556633940 R14: 0000000000000000 R15: 00007ffc78c9e450 [ 564.659704][T18038] memory: usage 1124kB, limit 0kB, failcnt 98 [ 564.665857][T18038] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 564.672773][T18038] Memory cgroup stats for /syz2: [ 564.673110][T18038] anon 90112 [ 564.673110][T18038] file 102400 [ 564.673110][T18038] kernel_stack 0 [ 564.673110][T18038] slab 1269760 [ 564.673110][T18038] sock 0 [ 564.673110][T18038] shmem 45056 [ 564.673110][T18038] file_mapped 0 [ 564.673110][T18038] file_dirty 0 [ 564.673110][T18038] file_writeback 0 [ 564.673110][T18038] anon_thp 0 [ 564.673110][T18038] inactive_anon 131072 [ 564.673110][T18038] active_anon 24576 [ 564.673110][T18038] inactive_file 0 [ 564.673110][T18038] active_file 0 [ 564.673110][T18038] unevictable 0 [ 564.673110][T18038] slab_reclaimable 540672 [ 564.673110][T18038] slab_unreclaimable 729088 [ 564.673110][T18038] pgfault 30657 [ 564.673110][T18038] pgmajfault 0 [ 564.673110][T18038] workingset_refault 0 [ 564.673110][T18038] workingset_activate 0 [ 564.673110][T18038] workingset_nodereclaim 0 [ 564.673110][T18038] pgrefill 33 [ 564.673110][T18038] pgscan 0 [ 564.673110][T18038] pgsteal 0 [ 564.673110][T18038] pgactivate 0 [ 564.770280][T18038] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18038,uid=0 [ 564.795683][T18038] Memory cgroup out of memory: Killed process 18038 (syz-executor.2) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 564.824949][ T1065] oom_reaper: reaped process 18038 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 01:45:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:45:58 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:45:58 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8941, &(0x7f0000000000)) [ 565.289787][T18106] IPVS: ftp: loaded support on port[0] = 21 [ 565.532899][T18106] chnl_net:caif_netlink_parms(): no params data found [ 565.632735][T18106] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.639944][T18106] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.648158][T18106] device bridge_slave_0 entered promiscuous mode [ 565.729921][T18106] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.737137][T18106] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.745592][T18106] device bridge_slave_1 entered promiscuous mode [ 565.836786][T18106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 565.847707][T18106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 565.870187][T18106] team0: Port device team_slave_0 added [ 565.878411][T18106] team0: Port device team_slave_1 added [ 565.956786][T18106] device hsr_slave_0 entered promiscuous mode [ 566.014097][T18106] device hsr_slave_1 entered promiscuous mode [ 566.063702][T18106] debugfs: Directory 'hsr0' with parent '/' already present! [ 566.148920][T18106] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.156217][T18106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 566.163519][T18106] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.170631][T18106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.281221][T18106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.294480][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 566.302913][ T3713] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.311934][ T3713] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.323915][ T3079] device bridge_slave_1 left promiscuous mode [ 566.330077][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.394865][ T3079] device bridge_slave_0 left promiscuous mode [ 566.401070][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.354343][ T3079] device hsr_slave_0 left promiscuous mode [ 568.383956][ T3079] device hsr_slave_1 left promiscuous mode [ 568.444637][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 568.457915][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 568.470708][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 568.539240][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 568.633688][ T3079] bond0 (unregistering): Released all slaves [ 568.722722][T18106] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.733102][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 568.743097][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 568.751919][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.759023][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.788082][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 568.797437][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 568.806141][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.813269][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 568.821476][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 568.830402][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 568.839165][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 568.847702][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 568.856320][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 568.865057][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 568.876286][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 568.884262][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 568.892498][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 568.907073][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 568.915676][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 568.926713][T18106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 569.002579][T18106] 8021q: adding VLAN 0 to HW filter on device batadv0 01:46:02 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={0x0, 0x0, &(0x7f00008b7ff0)={&(0x7f0000000200)=ANY=[@ANYBLOB="2400000001080100060000000000000002000000060002000c0001000800010000002ce9"], 0x24}}, 0x0) 01:46:02 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000048000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:02 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x894c, &(0x7f0000000000)) 01:46:02 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:02 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8980, &(0x7f0000000000)) 01:46:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c0000004c000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:02 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xff', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:02 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000040)=0x80000000002, 0x4) recvmmsg(r0, &(0x7f00000001c0), 0x40000000000025c, 0xea225aec34b1dd0e, 0x0) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) 01:46:03 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8981, &(0x7f0000000000)) 01:46:03 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:03 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000060000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 571.356662][T18159] IPVS: ftp: loaded support on port[0] = 21 [ 571.438936][T18159] chnl_net:caif_netlink_parms(): no params data found [ 571.470541][T18159] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.477762][T18159] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.485851][T18159] device bridge_slave_0 entered promiscuous mode [ 571.493761][T18159] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.500867][T18159] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.509490][T18159] device bridge_slave_1 entered promiscuous mode [ 571.813285][T18159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 571.826423][T18159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.012726][T18159] team0: Port device team_slave_0 added [ 572.020752][T18159] team0: Port device team_slave_1 added [ 572.033540][T18162] IPVS: ftp: loaded support on port[0] = 21 [ 572.115657][T18159] device hsr_slave_0 entered promiscuous mode [ 572.164127][T18159] device hsr_slave_1 entered promiscuous mode [ 572.233693][T18159] debugfs: Directory 'hsr0' with parent '/' already present! [ 572.561669][T18159] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.568992][T18159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 572.576437][T18159] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.583485][T18159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 572.593227][ T9063] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.601079][ T9063] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.793522][T18162] chnl_net:caif_netlink_parms(): no params data found [ 572.995651][T18162] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.002942][T18162] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.011056][T18162] device bridge_slave_0 entered promiscuous mode [ 573.019874][T18162] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.027865][T18162] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.036516][T18162] device bridge_slave_1 entered promiscuous mode [ 573.052594][T18159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 573.221187][T18162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 573.232549][T18162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.254693][T18162] team0: Port device team_slave_0 added [ 573.410210][T18162] team0: Port device team_slave_1 added [ 573.422230][T18159] 8021q: adding VLAN 0 to HW filter on device team0 [ 573.430981][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 573.440589][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 573.636259][T18162] device hsr_slave_0 entered promiscuous mode [ 573.684037][T18162] device hsr_slave_1 entered promiscuous mode [ 573.743727][T18162] debugfs: Directory 'hsr0' with parent '/' already present! [ 573.767938][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 573.777492][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 573.785983][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.793184][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 573.801880][ T3079] device bridge_slave_1 left promiscuous mode [ 573.809396][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.866601][ T3079] device bridge_slave_0 left promiscuous mode [ 573.872776][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.915254][ T3079] device bridge_slave_1 left promiscuous mode [ 573.921548][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.984742][ T3079] device bridge_slave_0 left promiscuous mode [ 573.990963][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.954307][ T3079] device hsr_slave_0 left promiscuous mode [ 577.993829][ T3079] device hsr_slave_1 left promiscuous mode [ 578.045892][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 578.059553][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 578.071874][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 578.113737][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 578.222946][ T3079] bond0 (unregistering): Released all slaves [ 578.374262][ T3079] device hsr_slave_0 left promiscuous mode [ 578.433933][ T3079] device hsr_slave_1 left promiscuous mode [ 578.497321][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 578.512007][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 578.526629][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 578.572386][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 578.662560][ T3079] bond0 (unregistering): Released all slaves [ 578.744898][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 578.758013][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 578.766601][ T3713] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.773709][ T3713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 578.795975][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 578.804678][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 578.813322][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 578.821988][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 578.830474][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 578.839242][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 578.848116][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 578.872815][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 578.881546][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 578.889991][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 578.898526][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 578.911227][T18159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 578.967234][T18162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 578.980136][T18159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 578.992268][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 579.007396][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 579.132875][T18162] 8021q: adding VLAN 0 to HW filter on device team0 [ 579.154178][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 579.170748][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 579.179395][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.186525][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.228125][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 579.241573][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 579.260228][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 579.271676][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.278793][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.335311][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 579.366826][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 579.403120][T18169] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 579.416758][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 579.426294][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 579.434892][T18169] CPU: 0 PID: 18169 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 579.444020][T18169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 579.454092][T18169] Call Trace: [ 579.457413][T18169] dump_stack+0x172/0x1f0 [ 579.461758][T18169] dump_header+0x177/0x1152 [ 579.466270][T18169] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 579.472079][T18169] ? ___ratelimit+0x2c8/0x595 [ 579.476758][T18169] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 579.482567][T18169] ? lockdep_hardirqs_on+0x418/0x5d0 [ 579.487847][T18169] ? trace_hardirqs_on+0x67/0x240 [ 579.492883][T18169] ? pagefault_out_of_memory+0x11c/0x11c [ 579.498513][T18169] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 579.504322][T18169] ? ___ratelimit+0x60/0x595 [ 579.508912][T18169] ? do_raw_spin_unlock+0x57/0x270 [ 579.514035][T18169] oom_kill_process.cold+0x10/0x15 [ 579.519146][T18169] out_of_memory+0x334/0x1340 [ 579.523867][T18169] ? trace_hardirqs_on_caller+0x6a/0x240 [ 579.529507][T18169] ? cgroup_file_notify+0x140/0x1b0 [ 579.534711][T18169] ? oom_killer_disable+0x280/0x280 [ 579.539920][T18169] mem_cgroup_out_of_memory+0x1d8/0x240 [ 579.545558][T18169] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 579.551202][T18169] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 579.557008][T18169] ? cgroup_file_notify+0x140/0x1b0 [ 579.562269][T18169] memory_max_write+0x262/0x3a0 [ 579.567127][T18169] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 579.573892][T18169] ? lock_acquire+0x190/0x410 [ 579.578568][T18169] ? kernfs_fop_write+0x227/0x480 [ 579.583968][T18169] cgroup_file_write+0x241/0x790 [ 579.588909][T18169] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 579.595672][T18169] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 579.601309][T18169] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 579.606943][T18169] kernfs_fop_write+0x2b8/0x480 [ 579.611801][T18169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 579.618051][T18169] __vfs_write+0x8a/0x110 [ 579.622382][T18169] ? kernfs_fop_open+0xd80/0xd80 [ 579.627333][T18169] vfs_write+0x268/0x5d0 [ 579.631580][T18169] ksys_write+0x14f/0x290 [ 579.635910][T18169] ? __ia32_sys_read+0xb0/0xb0 [ 579.640798][T18169] __x64_sys_write+0x73/0xb0 [ 579.645416][T18169] ? do_syscall_64+0x5b/0x760 [ 579.650091][T18169] do_syscall_64+0xfa/0x760 [ 579.654605][T18169] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 579.660496][T18169] RIP: 0033:0x459879 [ 579.664392][T18169] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 579.683993][T18169] RSP: 002b:00007f76e5cbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 579.692411][T18169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 579.700386][T18169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 579.708371][T18169] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 579.716349][T18169] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f76e5cbb6d4 [ 579.724325][T18169] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 579.745126][T18169] memory: usage 3372kB, limit 0kB, failcnt 99 [ 579.758250][T18162] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 579.771899][T18162] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 579.774517][T18169] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 579.803814][T18169] Memory cgroup stats for /syz2: [ 579.804200][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 579.805025][T18169] anon 2150400 [ 579.805025][T18169] file 102400 [ 579.805025][T18169] kernel_stack 0 [ 579.805025][T18169] slab 1269760 [ 579.805025][T18169] sock 0 [ 579.805025][T18169] shmem 45056 [ 579.805025][T18169] file_mapped 0 [ 579.805025][T18169] file_dirty 0 [ 579.805025][T18169] file_writeback 0 [ 579.805025][T18169] anon_thp 2097152 [ 579.805025][T18169] inactive_anon 131072 [ 579.805025][T18169] active_anon 2150400 [ 579.805025][T18169] inactive_file 0 [ 579.805025][T18169] active_file 0 [ 579.805025][T18169] unevictable 0 [ 579.805025][T18169] slab_reclaimable 540672 [ 579.805025][T18169] slab_unreclaimable 729088 [ 579.805025][T18169] pgfault 30690 [ 579.805025][T18169] pgmajfault 0 [ 579.805025][T18169] workingset_refault 0 [ 579.805025][T18169] workingset_activate 0 [ 579.805025][T18169] workingset_nodereclaim 0 [ 579.805025][T18169] pgrefill 33 [ 579.805025][T18169] pgscan 0 [ 579.805025][T18169] pgsteal 0 [ 579.805025][T18169] pgactivate 0 [ 579.812181][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 579.833744][T18169] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18168,uid=0 [ 579.918179][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 579.952789][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 579.962267][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 579.978416][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 579.990060][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 580.024277][T18169] Memory cgroup out of memory: Killed process 18168 (syz-executor.2) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 580.025543][T18162] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 580.062512][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 580.077963][ T1065] oom_reaper: reaped process 18168 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 01:46:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:13 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8982, &(0x7f0000000000)) 01:46:13 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xe8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) 01:46:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000068000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 580.180270][T18159] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 580.202227][T18159] CPU: 1 PID: 18159 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 580.211379][T18159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 580.221437][T18159] Call Trace: [ 580.224736][T18159] dump_stack+0x172/0x1f0 [ 580.229069][T18159] dump_header+0x177/0x1152 [ 580.233568][T18159] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 580.239373][T18159] ? ___ratelimit+0x2c8/0x595 [ 580.244061][T18159] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 580.249867][T18159] ? lockdep_hardirqs_on+0x418/0x5d0 [ 580.255150][T18159] ? trace_hardirqs_on+0x67/0x240 [ 580.260184][T18159] ? pagefault_out_of_memory+0x11c/0x11c [ 580.265824][T18159] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 580.271624][T18159] ? ___ratelimit+0x60/0x595 [ 580.276208][T18159] ? do_raw_spin_unlock+0x57/0x270 [ 580.281334][T18159] oom_kill_process.cold+0x10/0x15 [ 580.286538][T18159] out_of_memory+0x334/0x1340 [ 580.291213][T18159] ? lock_downgrade+0x920/0x920 [ 580.296158][T18159] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 580.301966][T18159] ? oom_killer_disable+0x280/0x280 [ 580.307171][T18159] mem_cgroup_out_of_memory+0x1d8/0x240 [ 580.312717][T18159] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 580.318352][T18159] ? do_raw_spin_unlock+0x57/0x270 [ 580.323461][T18159] ? _raw_spin_unlock+0x2d/0x50 [ 580.328312][T18159] try_charge+0xf4b/0x1440 [ 580.332735][T18159] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 580.338278][T18159] ? percpu_ref_tryget_live+0x111/0x290 [ 580.343822][T18159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 580.350236][T18159] ? __kasan_check_read+0x11/0x20 [ 580.355267][T18159] ? get_mem_cgroup_from_mm+0x156/0x320 [ 580.360859][T18159] mem_cgroup_try_charge+0x136/0x590 [ 580.366139][T18159] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 580.372381][T18159] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 580.378014][T18159] wp_page_copy+0x41e/0x1600 [ 580.382603][T18159] ? find_held_lock+0x35/0x130 [ 580.387367][T18159] ? follow_pfn+0x2a0/0x2a0 [ 580.391866][T18159] ? lock_downgrade+0x920/0x920 [ 580.396721][T18159] ? swp_swapcount+0x540/0x540 [ 580.401470][T18159] ? __kasan_check_read+0x11/0x20 [ 580.406478][T18159] ? do_raw_spin_unlock+0x57/0x270 [ 580.411579][T18159] do_wp_page+0x499/0x14d0 [ 580.415980][T18159] ? finish_mkwrite_fault+0x570/0x570 [ 580.421339][T18159] __handle_mm_fault+0x22f1/0x3f20 [ 580.426434][T18159] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 580.431970][T18159] ? __kasan_check_read+0x11/0x20 [ 580.436980][T18159] handle_mm_fault+0x1b5/0x6c0 [ 580.441728][T18159] __do_page_fault+0x536/0xdd0 [ 580.446478][T18159] do_page_fault+0x38/0x590 [ 580.450976][T18159] page_fault+0x39/0x40 [ 580.455110][T18159] RIP: 0033:0x430956 [ 580.458985][T18159] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 580.478568][T18159] RSP: 002b:00007ffd39f6b7d0 EFLAGS: 00010206 [ 580.484615][T18159] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 580.492565][T18159] RDX: 0000555555ad8930 RSI: 0000555555ae0970 RDI: 0000000000000003 [ 580.500514][T18159] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555ad7940 [ 580.508472][T18159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 580.516865][T18159] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 580.663843][T18159] memory: usage 1036kB, limit 0kB, failcnt 107 [ 580.670501][T18159] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 580.685251][T18159] Memory cgroup stats for /syz2: [ 580.685366][T18159] anon 49152 [ 580.685366][T18159] file 102400 [ 580.685366][T18159] kernel_stack 0 [ 580.685366][T18159] slab 1269760 [ 580.685366][T18159] sock 0 [ 580.685366][T18159] shmem 45056 [ 580.685366][T18159] file_mapped 0 [ 580.685366][T18159] file_dirty 0 [ 580.685366][T18159] file_writeback 0 [ 580.685366][T18159] anon_thp 0 [ 580.685366][T18159] inactive_anon 131072 [ 580.685366][T18159] active_anon 49152 [ 580.685366][T18159] inactive_file 0 [ 580.685366][T18159] active_file 0 [ 580.685366][T18159] unevictable 0 [ 580.685366][T18159] slab_reclaimable 540672 [ 580.685366][T18159] slab_unreclaimable 729088 [ 580.685366][T18159] pgfault 30690 [ 580.685366][T18159] pgmajfault 0 [ 580.685366][T18159] workingset_refault 0 [ 580.685366][T18159] workingset_activate 0 [ 580.685366][T18159] workingset_nodereclaim 0 [ 580.685366][T18159] pgrefill 33 [ 580.685366][T18159] pgscan 0 [ 580.685366][T18159] pgsteal 0 [ 580.685366][T18159] pgactivate 0 [ 580.826166][T18159] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18159,uid=0 [ 580.848158][T18159] Memory cgroup out of memory: Killed process 18159 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 580.871512][T18186] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 580.871601][ T1065] oom_reaper: reaped process 18159 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 580.883495][T18186] CPU: 1 PID: 18186 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 580.901917][T18186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 580.911981][T18186] Call Trace: [ 580.915277][T18186] dump_stack+0x172/0x1f0 [ 580.919601][T18186] dump_header+0x177/0x1152 [ 580.924092][T18186] ? pagefault_out_of_memory+0x11c/0x11c [ 580.929719][T18186] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 580.935511][T18186] ? ___ratelimit+0x60/0x595 [ 580.940077][T18186] ? do_raw_spin_unlock+0x57/0x270 [ 580.945185][T18186] oom_kill_process.cold+0x10/0x15 [ 580.950281][T18186] out_of_memory+0x334/0x1340 [ 580.954954][T18186] ? oom_killer_disable+0x280/0x280 [ 580.960154][T18186] mem_cgroup_out_of_memory+0x1d8/0x240 [ 580.965698][T18186] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 580.971320][T18186] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 580.977221][T18186] ? cgroup_file_notify+0x140/0x1b0 [ 580.982421][T18186] memory_max_write+0x262/0x3a0 [ 580.987258][T18186] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 580.994009][T18186] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 580.999463][T18186] cgroup_file_write+0x241/0x790 [ 581.004392][T18186] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 581.011137][T18186] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 581.016761][T18186] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 581.022381][T18186] kernfs_fop_write+0x2b8/0x480 [ 581.028019][T18186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 581.034265][T18186] __vfs_write+0x8a/0x110 [ 581.038575][T18186] ? kernfs_fop_open+0xd80/0xd80 [ 581.043494][T18186] vfs_write+0x268/0x5d0 [ 581.047718][T18186] ksys_write+0x14f/0x290 [ 581.052032][T18186] ? __ia32_sys_read+0xb0/0xb0 [ 581.056799][T18186] ? do_syscall_64+0x26/0x760 [ 581.061469][T18186] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 581.067514][T18186] ? do_syscall_64+0x26/0x760 [ 581.072229][T18186] __x64_sys_write+0x73/0xb0 [ 581.076812][T18186] do_syscall_64+0xfa/0x760 [ 581.081315][T18186] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 581.087220][T18186] RIP: 0033:0x459879 [ 581.091101][T18186] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 581.110688][T18186] RSP: 002b:00007fb42f12fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 581.119090][T18186] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 581.127056][T18186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 581.135041][T18186] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 581.143019][T18186] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb42f1306d4 [ 581.150974][T18186] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 581.178330][T18186] memory: usage 3396kB, limit 0kB, failcnt 90 [ 581.184877][T18186] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 581.191925][T18186] Memory cgroup stats for /syz5: [ 581.193019][T18186] anon 2138112 [ 581.193019][T18186] file 0 [ 581.193019][T18186] kernel_stack 65536 [ 581.193019][T18186] slab 1269760 [ 581.193019][T18186] sock 16384 [ 581.193019][T18186] shmem 28672 [ 581.193019][T18186] file_mapped 0 [ 581.193019][T18186] file_dirty 0 [ 581.193019][T18186] file_writeback 0 [ 581.193019][T18186] anon_thp 2097152 [ 581.193019][T18186] inactive_anon 0 [ 581.193019][T18186] active_anon 2138112 [ 581.193019][T18186] inactive_file 61440 [ 581.193019][T18186] active_file 0 [ 581.193019][T18186] unevictable 176128 [ 581.193019][T18186] slab_reclaimable 405504 [ 581.193019][T18186] slab_unreclaimable 864256 [ 581.193019][T18186] pgfault 24057 [ 581.193019][T18186] pgmajfault 0 [ 581.193019][T18186] workingset_refault 0 [ 581.193019][T18186] workingset_activate 0 [ 581.193019][T18186] workingset_nodereclaim 0 [ 581.193019][T18186] pgrefill 0 [ 581.193019][T18186] pgscan 0 [ 581.193019][T18186] pgsteal 0 [ 581.193019][T18186] pgactivate 0 [ 581.300112][T18186] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18183,uid=0 [ 581.334209][T18186] Memory cgroup out of memory: Killed process 18183 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 581.367483][ T1065] oom_reaper: reaped process 18183 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:46:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:15 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:15 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:15 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8983, &(0x7f0000000000)) 01:46:15 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c0000006c000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 581.717700][T18162] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 581.776880][T18162] CPU: 0 PID: 18162 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 581.786031][T18162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 581.796098][T18162] Call Trace: [ 581.799403][T18162] dump_stack+0x172/0x1f0 [ 581.803746][T18162] dump_header+0x177/0x1152 [ 581.808253][T18162] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 581.814152][T18162] ? ___ratelimit+0x2c8/0x595 [ 581.818830][T18162] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 581.824648][T18162] ? lockdep_hardirqs_on+0x418/0x5d0 [ 581.829936][T18162] ? trace_hardirqs_on+0x67/0x240 [ 581.834966][T18162] ? pagefault_out_of_memory+0x11c/0x11c [ 581.840622][T18162] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 581.846437][T18162] ? ___ratelimit+0x60/0x595 [ 581.851040][T18162] ? do_raw_spin_unlock+0x57/0x270 [ 581.856158][T18162] oom_kill_process.cold+0x10/0x15 [ 581.861345][T18162] out_of_memory+0x334/0x1340 [ 581.866004][T18162] ? lock_downgrade+0x920/0x920 [ 581.870877][T18162] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 581.876665][T18162] ? oom_killer_disable+0x280/0x280 [ 581.881851][T18162] mem_cgroup_out_of_memory+0x1d8/0x240 [ 581.887379][T18162] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 581.892994][T18162] ? do_raw_spin_unlock+0x57/0x270 [ 581.899827][T18162] ? _raw_spin_unlock+0x2d/0x50 [ 581.904661][T18162] try_charge+0xf4b/0x1440 [ 581.909065][T18162] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 581.914600][T18162] ? percpu_ref_tryget_live+0x111/0x290 [ 581.920134][T18162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 581.926379][T18162] ? __kasan_check_read+0x11/0x20 [ 581.931392][T18162] ? get_mem_cgroup_from_mm+0x156/0x320 [ 581.936929][T18162] mem_cgroup_try_charge+0x136/0x590 [ 581.942194][T18162] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 581.948421][T18162] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 581.954037][T18162] wp_page_copy+0x41e/0x1600 [ 581.958611][T18162] ? find_held_lock+0x35/0x130 [ 581.963370][T18162] ? follow_pfn+0x2a0/0x2a0 [ 581.967863][T18162] ? lock_downgrade+0x920/0x920 [ 581.972697][T18162] ? swp_swapcount+0x540/0x540 [ 581.977441][T18162] ? __kasan_check_read+0x11/0x20 [ 581.982445][T18162] ? do_raw_spin_unlock+0x57/0x270 [ 581.987536][T18162] do_wp_page+0x499/0x14d0 [ 581.991943][T18162] ? finish_mkwrite_fault+0x570/0x570 [ 581.997303][T18162] __handle_mm_fault+0x22f1/0x3f20 [ 582.002491][T18162] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 582.008032][T18162] ? __kasan_check_read+0x11/0x20 [ 582.013146][T18162] handle_mm_fault+0x1b5/0x6c0 [ 582.017897][T18162] __do_page_fault+0x536/0xdd0 [ 582.022647][T18162] do_page_fault+0x38/0x590 [ 582.027135][T18162] page_fault+0x39/0x40 [ 582.031283][T18162] RIP: 0033:0x430956 [ 582.035163][T18162] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 582.054878][T18162] RSP: 002b:00007fff9c18f920 EFLAGS: 00010206 [ 582.060930][T18162] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 582.068884][T18162] RDX: 0000555556d48930 RSI: 0000555556d50970 RDI: 0000000000000003 01:46:15 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000074000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:15 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 582.076837][T18162] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556d47940 [ 582.084811][T18162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 582.092766][T18162] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 01:46:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x28, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x28}}, 0x0) 01:46:15 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89a0, &(0x7f0000000000)) 01:46:15 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c0000007a000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:15 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 582.291850][T18207] Enabling of bearer rejected, failed to enable media [ 582.345850][T18162] memory: usage 1064kB, limit 0kB, failcnt 98 [ 582.352171][T18162] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 582.361573][T18162] Memory cgroup stats for /syz5: [ 582.361680][T18162] anon 32768 [ 582.361680][T18162] file 0 [ 582.361680][T18162] kernel_stack 65536 [ 582.361680][T18162] slab 1269760 [ 582.361680][T18162] sock 16384 [ 582.361680][T18162] shmem 28672 [ 582.361680][T18162] file_mapped 0 [ 582.361680][T18162] file_dirty 0 [ 582.361680][T18162] file_writeback 0 [ 582.361680][T18162] anon_thp 0 [ 582.361680][T18162] inactive_anon 0 [ 582.361680][T18162] active_anon 32768 [ 582.361680][T18162] inactive_file 61440 [ 582.361680][T18162] active_file 0 [ 582.361680][T18162] unevictable 176128 [ 582.361680][T18162] slab_reclaimable 405504 [ 582.361680][T18162] slab_unreclaimable 864256 [ 582.361680][T18162] pgfault 24057 [ 582.361680][T18162] pgmajfault 0 [ 582.361680][T18162] workingset_refault 0 [ 582.361680][T18162] workingset_activate 0 [ 582.361680][T18162] workingset_nodereclaim 0 [ 582.361680][T18162] pgrefill 0 [ 582.361680][T18162] pgscan 0 [ 582.361680][T18162] pgsteal 0 [ 582.361680][T18162] pgactivate 0 [ 582.461049][T18162] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18162,uid=0 [ 582.503738][T18162] Memory cgroup out of memory: Killed process 18162 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 582.550608][ T1065] oom_reaper: reaped process 18162 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 582.567987][T18219] Enabling of bearer rejected, failed to enable media 01:46:16 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:16 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:16 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:16 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c0000009effffff}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:16 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:16 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89a1, &(0x7f0000000000)) 01:46:16 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:16 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:16 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 583.285869][T18228] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 583.323931][T18228] CPU: 0 PID: 18228 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 583.333094][T18228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 583.343166][T18228] Call Trace: [ 583.346473][T18228] dump_stack+0x172/0x1f0 [ 583.350809][T18228] dump_header+0x177/0x1152 [ 583.355317][T18228] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 583.361128][T18228] ? ___ratelimit+0x2c8/0x595 [ 583.365944][T18228] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 583.371867][T18228] ? lockdep_hardirqs_on+0x418/0x5d0 [ 583.377172][T18228] ? trace_hardirqs_on+0x67/0x240 [ 583.382206][T18228] ? pagefault_out_of_memory+0x11c/0x11c [ 583.387936][T18228] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 583.393764][T18228] ? ___ratelimit+0x60/0x595 [ 583.398362][T18228] ? do_raw_spin_unlock+0x57/0x270 [ 583.403502][T18228] oom_kill_process.cold+0x10/0x15 [ 583.408675][T18228] out_of_memory+0x334/0x1340 [ 583.413377][T18228] ? __sched_text_start+0x8/0x8 [ 583.418239][T18228] ? oom_killer_disable+0x280/0x280 [ 583.423475][T18228] mem_cgroup_out_of_memory+0x1d8/0x240 [ 583.429048][T18228] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 583.434703][T18228] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 583.440546][T18228] ? cgroup_file_notify+0x140/0x1b0 [ 583.445761][T18228] memory_max_write+0x262/0x3a0 [ 583.450632][T18228] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 583.457420][T18228] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 583.462907][T18228] cgroup_file_write+0x241/0x790 [ 583.467861][T18228] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 583.474636][T18228] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 583.480272][T18228] ? kernfs_ops+0x9f/0x120 [ 583.484703][T18228] ? kernfs_ops+0xbe/0x120 [ 583.489170][T18228] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 583.494809][T18228] kernfs_fop_write+0x2b8/0x480 [ 583.499672][T18228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 583.505934][T18228] __vfs_write+0x8a/0x110 [ 583.510369][T18228] ? kernfs_fop_open+0xd80/0xd80 [ 583.515434][T18228] vfs_write+0x268/0x5d0 [ 583.519743][T18228] ksys_write+0x14f/0x290 [ 583.524096][T18228] ? __ia32_sys_read+0xb0/0xb0 [ 583.528866][T18228] ? do_syscall_64+0x26/0x760 [ 583.533547][T18228] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 583.539618][T18228] ? do_syscall_64+0x26/0x760 [ 583.544314][T18228] __x64_sys_write+0x73/0xb0 [ 583.548916][T18228] do_syscall_64+0xfa/0x760 [ 583.553427][T18228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 583.559316][T18228] RIP: 0033:0x459879 [ 583.563228][T18228] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 583.582941][T18228] RSP: 002b:00007f066b689c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 583.591372][T18228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 583.599453][T18228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 583.607444][T18228] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 583.615421][T18228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f066b68a6d4 [ 583.623404][T18228] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 583.638308][T18228] memory: usage 4492kB, limit 0kB, failcnt 104 [ 583.646359][T18228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 583.655010][T18228] Memory cgroup stats for /syz3: [ 583.657512][T18228] anon 2154496 [ 583.657512][T18228] file 192512 [ 583.657512][T18228] kernel_stack 65536 [ 583.657512][T18228] slab 2134016 [ 583.657512][T18228] sock 0 [ 583.657512][T18228] shmem 12288 [ 583.657512][T18228] file_mapped 0 [ 583.657512][T18228] file_dirty 135168 [ 583.657512][T18228] file_writeback 0 [ 583.657512][T18228] anon_thp 2097152 [ 583.657512][T18228] inactive_anon 135168 [ 583.657512][T18228] active_anon 2154496 [ 583.657512][T18228] inactive_file 81920 [ 583.657512][T18228] active_file 0 [ 583.657512][T18228] unevictable 0 [ 583.657512][T18228] slab_reclaimable 811008 [ 583.657512][T18228] slab_unreclaimable 1323008 [ 583.657512][T18228] pgfault 24915 [ 583.657512][T18228] pgmajfault 0 [ 583.657512][T18228] workingset_refault 0 [ 583.657512][T18228] workingset_activate 0 01:46:17 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 583.657512][T18228] workingset_nodereclaim 0 [ 583.657512][T18228] pgrefill 33 [ 583.657512][T18228] pgscan 254 [ 583.657512][T18228] pgsteal 220 [ 583.657512][T18228] pgactivate 0 [ 583.662778][T18228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18225,uid=0 [ 583.812153][T18228] Memory cgroup out of memory: Killed process 18225 (syz-executor.3) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 583.847544][ T1065] oom_reaper: reaped process 18225 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB 01:46:17 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:17 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c000000f0ffffff}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:17 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 584.474773][T18106] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 584.531417][T18106] CPU: 1 PID: 18106 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 584.540573][T18106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 584.550641][T18106] Call Trace: [ 584.553953][T18106] dump_stack+0x172/0x1f0 [ 584.558371][T18106] dump_header+0x177/0x1152 [ 584.562876][T18106] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 584.568694][T18106] ? ___ratelimit+0x2c8/0x595 [ 584.573470][T18106] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 584.579291][T18106] ? lockdep_hardirqs_on+0x418/0x5d0 [ 584.584584][T18106] ? trace_hardirqs_on+0x67/0x240 [ 584.589615][T18106] ? pagefault_out_of_memory+0x11c/0x11c [ 584.595253][T18106] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 584.601061][T18106] ? ___ratelimit+0x60/0x595 [ 584.605659][T18106] ? do_raw_spin_unlock+0x57/0x270 [ 584.610778][T18106] oom_kill_process.cold+0x10/0x15 [ 584.615903][T18106] out_of_memory+0x334/0x1340 [ 584.620579][T18106] ? lock_downgrade+0x920/0x920 [ 584.625430][T18106] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 584.631247][T18106] ? oom_killer_disable+0x280/0x280 [ 584.636464][T18106] mem_cgroup_out_of_memory+0x1d8/0x240 [ 584.642019][T18106] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 584.647661][T18106] ? do_raw_spin_unlock+0x57/0x270 [ 584.652771][T18106] ? _raw_spin_unlock+0x2d/0x50 [ 584.657642][T18106] try_charge+0xf4b/0x1440 [ 584.662095][T18106] ? __lock_acquire+0x880/0x4a00 [ 584.667048][T18106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 584.672607][T18106] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 584.678589][T18106] ? cache_grow_begin+0x122/0xd20 [ 584.683609][T18106] ? find_held_lock+0x35/0x130 [ 584.688375][T18106] ? cache_grow_begin+0x122/0xd20 [ 584.693409][T18106] __memcg_kmem_charge_memcg+0x71/0xf0 [ 584.698872][T18106] ? memcg_kmem_put_cache+0x50/0x50 [ 584.704079][T18106] ? __kasan_check_read+0x11/0x20 [ 584.709105][T18106] cache_grow_begin+0x629/0xd20 [ 584.713963][T18106] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 584.719685][T18106] ? mempolicy_slab_node+0x139/0x390 [ 584.724972][T18106] fallback_alloc+0x1fd/0x2d0 [ 584.729656][T18106] ____cache_alloc_node+0x1bc/0x1d0 [ 584.734907][T18106] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 584.741164][T18106] kmem_cache_alloc+0x1ef/0x710 [ 584.746047][T18106] sk_prot_alloc+0x67/0x310 [ 584.750552][T18106] sk_alloc+0x39/0xf70 [ 584.754687][T18106] inet_create+0x368/0xe00 [ 584.759132][T18106] __sock_create+0x3d8/0x730 [ 584.764174][T18106] __sys_socket+0x103/0x220 [ 584.768705][T18106] ? move_addr_to_kernel+0x80/0x80 [ 584.775985][T18106] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 584.781460][T18106] ? do_syscall_64+0x26/0x760 [ 584.786246][T18106] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 584.792321][T18106] ? do_syscall_64+0x26/0x760 [ 584.797011][T18106] __x64_sys_socket+0x73/0xb0 [ 584.801722][T18106] do_syscall_64+0xfa/0x760 [ 584.806233][T18106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 584.812124][T18106] RIP: 0033:0x45c3c7 [ 584.816017][T18106] Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 584.835621][T18106] RSP: 002b:00007ffd2525b068 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 584.844038][T18106] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045c3c7 [ 584.852014][T18106] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 584.859990][T18106] RBP: 0000000000000014 R08: 0000000000000000 R09: 000000000000000a [ 584.867969][T18106] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 584.876113][T18106] R13: 00007ffd2525b780 R14: 000000000008e551 R15: 00007ffd2525b790 [ 584.910066][T18106] memory: usage 2100kB, limit 0kB, failcnt 116 [ 584.916658][T18106] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 584.923509][T18106] Memory cgroup stats for /syz3: [ 584.929094][T18106] anon 12288 [ 584.929094][T18106] file 192512 [ 584.929094][T18106] kernel_stack 0 [ 584.929094][T18106] slab 2134016 [ 584.929094][T18106] sock 0 [ 584.929094][T18106] shmem 12288 [ 584.929094][T18106] file_mapped 0 [ 584.929094][T18106] file_dirty 135168 [ 584.929094][T18106] file_writeback 0 [ 584.929094][T18106] anon_thp 0 [ 584.929094][T18106] inactive_anon 135168 [ 584.929094][T18106] active_anon 12288 [ 584.929094][T18106] inactive_file 81920 [ 584.929094][T18106] active_file 0 [ 584.929094][T18106] unevictable 0 [ 584.929094][T18106] slab_reclaimable 811008 [ 584.929094][T18106] slab_unreclaimable 1323008 [ 584.929094][T18106] pgfault 24915 [ 584.929094][T18106] pgmajfault 0 [ 584.929094][T18106] workingset_refault 0 [ 584.929094][T18106] workingset_activate 0 [ 584.929094][T18106] workingset_nodereclaim 0 [ 584.929094][T18106] pgrefill 33 [ 584.929094][T18106] pgscan 254 [ 584.929094][T18106] pgsteal 220 [ 584.929094][T18106] pgactivate 0 [ 585.030369][T18106] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18106,uid=0 [ 585.046056][T18106] Memory cgroup out of memory: Killed process 18106 (syz-executor.3) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 585.094315][ T1065] oom_reaper: reaped process 18106 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 585.526227][T18256] IPVS: ftp: loaded support on port[0] = 21 [ 585.756398][T18256] chnl_net:caif_netlink_parms(): no params data found [ 585.859246][T18256] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.866504][T18256] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.874504][T18256] device bridge_slave_0 entered promiscuous mode [ 585.882397][T18256] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.889635][T18256] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.897443][T18256] device bridge_slave_1 entered promiscuous mode [ 585.910688][ T3079] device bridge_slave_1 left promiscuous mode [ 585.918610][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.974998][ T3079] device bridge_slave_0 left promiscuous mode [ 585.981204][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.984032][ T3079] device hsr_slave_0 left promiscuous mode [ 588.033835][ T3079] device hsr_slave_1 left promiscuous mode [ 588.101757][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 588.119529][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 588.130331][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 588.167949][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 588.243976][ T3079] bond0 (unregistering): Released all slaves [ 588.349144][T18259] IPVS: ftp: loaded support on port[0] = 21 [ 588.355368][T18256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 588.366652][T18256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 588.418041][T18256] team0: Port device team_slave_0 added [ 588.427082][T18256] team0: Port device team_slave_1 added [ 588.529086][T18256] device hsr_slave_0 entered promiscuous mode [ 588.584270][T18256] device hsr_slave_1 entered promiscuous mode [ 588.633724][T18256] debugfs: Directory 'hsr0' with parent '/' already present! [ 588.659046][T18259] chnl_net:caif_netlink_parms(): no params data found [ 588.750122][T18259] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.765987][T18259] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.781467][T18259] device bridge_slave_0 entered promiscuous mode [ 588.806005][T18259] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.813110][T18259] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.829313][T18259] device bridge_slave_1 entered promiscuous mode [ 588.872107][T18259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 588.885222][T18259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 588.932530][T18259] team0: Port device team_slave_0 added [ 588.943110][T18259] team0: Port device team_slave_1 added [ 588.964337][T18256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 589.009142][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 589.033309][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 589.047011][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 589.069807][T18256] 8021q: adding VLAN 0 to HW filter on device team0 [ 589.116903][T18259] device hsr_slave_0 entered promiscuous mode [ 589.171361][T18259] device hsr_slave_1 entered promiscuous mode [ 589.264695][T18259] debugfs: Directory 'hsr0' with parent '/' already present! [ 589.304008][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 589.313260][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 589.330017][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.337150][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 589.354026][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 589.362844][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 589.379353][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.386473][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 589.402358][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 589.411515][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 589.474453][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 589.483224][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 589.502650][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 589.512946][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 589.529679][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 589.540823][T18256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 589.551147][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 589.601923][T18256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 589.647964][T18259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 589.671363][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 589.680079][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 589.691422][T18259] 8021q: adding VLAN 0 to HW filter on device team0 [ 589.702751][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 589.719224][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 589.728387][T17988] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.735533][T17988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 589.769360][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 589.777991][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 589.796097][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 589.824530][ T3713] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.831614][ T3713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 589.858656][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 589.868169][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 589.877757][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 589.887188][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 589.913293][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 589.922311][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 589.940625][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 589.953541][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 589.964788][T18267] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 589.969268][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 589.993163][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 589.993836][T18267] CPU: 0 PID: 18267 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 590.002182][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 590.010096][T18267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.010102][T18267] Call Trace: [ 590.010125][T18267] dump_stack+0x172/0x1f0 [ 590.010146][T18267] dump_header+0x177/0x1152 [ 590.010166][T18267] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 590.010179][T18267] ? ___ratelimit+0x2c8/0x595 [ 590.010192][T18267] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 590.010209][T18267] ? lockdep_hardirqs_on+0x418/0x5d0 [ 590.010228][T18267] ? trace_hardirqs_on+0x67/0x240 [ 590.010244][T18267] ? pagefault_out_of_memory+0x11c/0x11c [ 590.010258][T18267] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 590.010277][T18267] ? ___ratelimit+0x60/0x595 [ 590.028689][T18259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 590.031404][T18267] ? do_raw_spin_unlock+0x57/0x270 [ 590.063359][T18259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 590.066754][T18267] oom_kill_process.cold+0x10/0x15 [ 590.066773][T18267] out_of_memory+0x334/0x1340 [ 590.066790][T18267] ? __sched_text_start+0x8/0x8 [ 590.066806][T18267] ? oom_killer_disable+0x280/0x280 [ 590.066833][T18267] mem_cgroup_out_of_memory+0x1d8/0x240 [ 590.066850][T18267] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 590.078277][T18267] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 590.138775][T18267] ? cgroup_file_notify+0x140/0x1b0 [ 590.143994][T18267] memory_max_write+0x262/0x3a0 [ 590.148871][T18267] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 590.155647][T18267] ? lock_acquire+0x190/0x410 [ 590.160324][T18267] ? kernfs_fop_write+0x227/0x480 [ 590.165363][T18267] cgroup_file_write+0x241/0x790 [ 590.170315][T18267] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 590.177086][T18267] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 590.182729][T18267] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 590.188367][T18267] kernfs_fop_write+0x2b8/0x480 [ 590.193218][T18267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 590.199463][T18267] __vfs_write+0x8a/0x110 [ 590.203794][T18267] ? kernfs_fop_open+0xd80/0xd80 [ 590.208745][T18267] vfs_write+0x268/0x5d0 [ 590.213095][T18267] ksys_write+0x14f/0x290 [ 590.217422][T18267] ? __ia32_sys_read+0xb0/0xb0 [ 590.222191][T18267] ? do_syscall_64+0x26/0x760 [ 590.227009][T18267] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.233213][T18267] ? do_syscall_64+0x26/0x760 [ 590.237886][T18267] __x64_sys_write+0x73/0xb0 [ 590.242471][T18267] do_syscall_64+0xfa/0x760 [ 590.247156][T18267] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.253049][T18267] RIP: 0033:0x459879 [ 590.256929][T18267] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 590.276693][T18267] RSP: 002b:00007f92b4641c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 590.285104][T18267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 590.293159][T18267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 590.301208][T18267] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 590.309183][T18267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b46426d4 [ 590.317151][T18267] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 590.354330][T18267] memory: usage 3328kB, limit 0kB, failcnt 108 [ 590.360826][T18267] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 590.371241][T18267] Memory cgroup stats for /syz2: [ 590.372687][T18267] anon 2150400 [ 590.372687][T18267] file 102400 [ 590.372687][T18267] kernel_stack 65536 [ 590.372687][T18267] slab 1134592 [ 590.372687][T18267] sock 0 [ 590.372687][T18267] shmem 45056 [ 590.372687][T18267] file_mapped 0 [ 590.372687][T18267] file_dirty 0 [ 590.372687][T18267] file_writeback 0 [ 590.372687][T18267] anon_thp 2097152 [ 590.372687][T18267] inactive_anon 131072 [ 590.372687][T18267] active_anon 2150400 [ 590.372687][T18267] inactive_file 0 [ 590.372687][T18267] active_file 0 [ 590.372687][T18267] unevictable 0 [ 590.372687][T18267] slab_reclaimable 405504 [ 590.372687][T18267] slab_unreclaimable 729088 [ 590.372687][T18267] pgfault 30756 [ 590.372687][T18267] pgmajfault 0 [ 590.372687][T18267] workingset_refault 0 [ 590.372687][T18267] workingset_activate 0 [ 590.372687][T18267] workingset_nodereclaim 0 [ 590.372687][T18267] pgrefill 33 [ 590.372687][T18267] pgscan 0 [ 590.372687][T18267] pgsteal 0 [ 590.372687][T18267] pgactivate 0 [ 590.500038][T18267] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18265,uid=0 [ 590.572163][T18267] Memory cgroup out of memory: Killed process 18265 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 590.629478][ T1065] oom_reaper: reaped process 18265 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 590.646763][T18274] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 590.685744][T18274] CPU: 1 PID: 18274 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 590.694893][T18274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.704957][T18274] Call Trace: [ 590.708255][T18274] dump_stack+0x172/0x1f0 [ 590.712600][T18274] dump_header+0x177/0x1152 [ 590.717123][T18274] ? pagefault_out_of_memory+0x11c/0x11c [ 590.722757][T18274] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 590.728805][T18274] ? ___ratelimit+0x60/0x595 [ 590.733394][T18274] ? do_raw_spin_unlock+0x57/0x270 [ 590.738509][T18274] oom_kill_process.cold+0x10/0x15 [ 590.743625][T18274] out_of_memory+0x334/0x1340 [ 590.748397][T18274] ? oom_killer_disable+0x280/0x280 [ 590.753611][T18274] mem_cgroup_out_of_memory+0x1d8/0x240 [ 590.759248][T18274] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 590.764891][T18274] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 590.772724][T18274] ? cgroup_file_notify+0x140/0x1b0 [ 590.777940][T18274] memory_max_write+0x262/0x3a0 [ 590.782801][T18274] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 590.789561][T18274] ? lock_acquire+0x190/0x410 [ 590.794237][T18274] ? kernfs_fop_write+0x227/0x480 [ 590.799269][T18274] cgroup_file_write+0x241/0x790 [ 590.804218][T18274] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 590.810993][T18274] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 590.816643][T18274] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 590.822275][T18274] kernfs_fop_write+0x2b8/0x480 [ 590.827227][T18274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 590.833474][T18274] __vfs_write+0x8a/0x110 [ 590.837802][T18274] ? kernfs_fop_open+0xd80/0xd80 [ 590.842739][T18274] vfs_write+0x268/0x5d0 [ 590.846984][T18274] ksys_write+0x14f/0x290 [ 590.851317][T18274] ? __ia32_sys_read+0xb0/0xb0 [ 590.856078][T18274] ? do_syscall_64+0x26/0x760 [ 590.860758][T18274] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.866825][T18274] ? do_syscall_64+0x26/0x760 [ 590.871511][T18274] __x64_sys_write+0x73/0xb0 [ 590.876101][T18274] do_syscall_64+0xfa/0x760 [ 590.880606][T18274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.886492][T18274] RIP: 0033:0x459879 [ 590.890385][T18274] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 590.910002][T18274] RSP: 002b:00007f704685bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 590.918411][T18274] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 590.926388][T18274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 590.934444][T18274] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 590.947108][T18274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f704685c6d4 [ 590.955082][T18274] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 590.984993][T18274] memory: usage 3392kB, limit 0kB, failcnt 99 [ 591.003980][T18274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 591.020835][T18274] Memory cgroup stats for /syz5: [ 591.022335][T18274] anon 2199552 [ 591.022335][T18274] file 0 [ 591.022335][T18274] kernel_stack 65536 [ 591.022335][T18274] slab 1269760 [ 591.022335][T18274] sock 16384 [ 591.022335][T18274] shmem 28672 [ 591.022335][T18274] file_mapped 0 [ 591.022335][T18274] file_dirty 0 [ 591.022335][T18274] file_writeback 0 [ 591.022335][T18274] anon_thp 2097152 [ 591.022335][T18274] inactive_anon 0 [ 591.022335][T18274] active_anon 2199552 [ 591.022335][T18274] inactive_file 61440 [ 591.022335][T18274] active_file 0 [ 591.022335][T18274] unevictable 176128 [ 591.022335][T18274] slab_reclaimable 405504 [ 591.022335][T18274] slab_unreclaimable 864256 [ 591.022335][T18274] pgfault 24123 [ 591.022335][T18274] pgmajfault 0 [ 591.022335][T18274] workingset_refault 0 [ 591.022335][T18274] workingset_activate 0 [ 591.022335][T18274] workingset_nodereclaim 0 [ 591.022335][T18274] pgrefill 0 [ 591.022335][T18274] pgscan 0 [ 591.022335][T18274] pgsteal 0 [ 591.022335][T18274] pgactivate 0 01:46:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:24 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:24 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:24 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c000000fffff000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:24 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89f3, &(0x7f0000000000)) [ 591.124597][T18274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18273,uid=0 [ 591.171474][T18274] Memory cgroup out of memory: Killed process 18273 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 01:46:24 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c000000ffffff7f}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 591.247330][ T1065] oom_reaper: reaped process 18273 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 591.258527][T18256] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 591.280190][T18256] CPU: 0 PID: 18256 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 591.289329][T18256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.299393][T18256] Call Trace: [ 591.302703][T18256] dump_stack+0x172/0x1f0 [ 591.307076][T18256] dump_header+0x177/0x1152 [ 591.311603][T18256] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 591.317507][T18256] ? ___ratelimit+0x2c8/0x595 [ 591.322192][T18256] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 591.328010][T18256] ? lockdep_hardirqs_on+0x418/0x5d0 [ 591.333308][T18256] ? trace_hardirqs_on+0x67/0x240 [ 591.338352][T18256] ? pagefault_out_of_memory+0x11c/0x11c [ 591.343996][T18256] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 591.349844][T18256] ? ___ratelimit+0x60/0x595 [ 591.354443][T18256] ? do_raw_spin_unlock+0x57/0x270 [ 591.359568][T18256] oom_kill_process.cold+0x10/0x15 [ 591.364697][T18256] out_of_memory+0x334/0x1340 [ 591.369393][T18256] ? lock_downgrade+0x920/0x920 [ 591.374256][T18256] ? oom_killer_disable+0x280/0x280 [ 591.379472][T18256] mem_cgroup_out_of_memory+0x1d8/0x240 [ 591.385036][T18256] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 591.390702][T18256] ? do_raw_spin_unlock+0x57/0x270 [ 591.395848][T18256] ? _raw_spin_unlock+0x2d/0x50 [ 591.400720][T18256] try_charge+0xf4b/0x1440 [ 591.405161][T18256] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 591.410715][T18256] ? percpu_ref_tryget_live+0x111/0x290 [ 591.416488][T18256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 591.422741][T18256] ? __kasan_check_read+0x11/0x20 [ 591.427799][T18256] ? get_mem_cgroup_from_mm+0x156/0x320 [ 591.433355][T18256] mem_cgroup_try_charge+0x136/0x590 [ 591.438650][T18256] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 591.444913][T18256] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 591.450563][T18256] wp_page_copy+0x41e/0x1600 [ 591.455168][T18256] ? find_held_lock+0x35/0x130 [ 591.459952][T18256] ? follow_pfn+0x2a0/0x2a0 [ 591.464490][T18256] ? lock_downgrade+0x920/0x920 [ 591.469352][T18256] ? swp_swapcount+0x540/0x540 [ 591.474124][T18256] ? __kasan_check_read+0x11/0x20 [ 591.479156][T18256] ? do_raw_spin_unlock+0x57/0x270 [ 591.484278][T18256] do_wp_page+0x499/0x14d0 [ 591.488819][T18256] ? finish_mkwrite_fault+0x570/0x570 [ 591.494213][T18256] __handle_mm_fault+0x22f1/0x3f20 [ 591.499348][T18256] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 591.504922][T18256] ? __kasan_check_read+0x11/0x20 [ 591.509954][T18256] handle_mm_fault+0x1b5/0x6c0 [ 591.514746][T18256] __do_page_fault+0x536/0xdd0 [ 591.519531][T18256] do_page_fault+0x38/0x590 [ 591.524127][T18256] page_fault+0x39/0x40 [ 591.528292][T18256] RIP: 0033:0x430956 [ 591.532200][T18256] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 591.551812][T18256] RSP: 002b:00007ffcc9c24700 EFLAGS: 00010206 [ 591.557894][T18256] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 591.565877][T18256] RDX: 0000555556f80930 RSI: 0000555556f88970 RDI: 0000000000000003 [ 591.573864][T18256] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556f7f940 [ 591.581849][T18256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 591.589819][T18256] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 591.665442][T18256] memory: usage 996kB, limit 0kB, failcnt 116 [ 591.672744][T18256] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 591.723849][T18256] Memory cgroup stats for /syz2: [ 591.756287][T18256] anon 49152 [ 591.756287][T18256] file 102400 [ 591.756287][T18256] kernel_stack 0 [ 591.756287][T18256] slab 1134592 [ 591.756287][T18256] sock 0 [ 591.756287][T18256] shmem 45056 [ 591.756287][T18256] file_mapped 0 [ 591.756287][T18256] file_dirty 0 [ 591.756287][T18256] file_writeback 0 [ 591.756287][T18256] anon_thp 0 [ 591.756287][T18256] inactive_anon 131072 [ 591.756287][T18256] active_anon 49152 [ 591.756287][T18256] inactive_file 0 [ 591.756287][T18256] active_file 0 [ 591.756287][T18256] unevictable 0 [ 591.756287][T18256] slab_reclaimable 405504 [ 591.756287][T18256] slab_unreclaimable 729088 [ 591.756287][T18256] pgfault 30756 [ 591.756287][T18256] pgmajfault 0 [ 591.756287][T18256] workingset_refault 0 [ 591.756287][T18256] workingset_activate 0 [ 591.756287][T18256] workingset_nodereclaim 0 [ 591.756287][T18256] pgrefill 33 [ 591.756287][T18256] pgscan 0 [ 591.756287][T18256] pgsteal 0 [ 591.756287][T18256] pgactivate 0 [ 591.862673][T18256] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18256,uid=0 [ 591.904955][T18256] Memory cgroup out of memory: Killed process 18256 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 591.944498][ T1065] oom_reaper: reaped process 18256 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:46:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:26 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c000000ffffff9e}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:26 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xae01, &(0x7f0000000000)) 01:46:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 592.671331][T18259] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 592.709633][T18259] CPU: 1 PID: 18259 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 592.718847][T18259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 592.728906][T18259] Call Trace: [ 592.732215][T18259] dump_stack+0x172/0x1f0 [ 592.736559][T18259] dump_header+0x177/0x1152 [ 592.741067][T18259] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 592.747049][T18259] ? ___ratelimit+0x2c8/0x595 [ 592.751727][T18259] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 592.757542][T18259] ? lockdep_hardirqs_on+0x418/0x5d0 [ 592.762832][T18259] ? trace_hardirqs_on+0x67/0x240 [ 592.767866][T18259] ? pagefault_out_of_memory+0x11c/0x11c [ 592.775074][T18259] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 592.780894][T18259] ? ___ratelimit+0x60/0x595 [ 592.785496][T18259] ? do_raw_spin_unlock+0x57/0x270 [ 592.790620][T18259] oom_kill_process.cold+0x10/0x15 [ 592.795745][T18259] out_of_memory+0x334/0x1340 [ 592.800433][T18259] ? lock_downgrade+0x920/0x920 [ 592.805300][T18259] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 592.811118][T18259] ? oom_killer_disable+0x280/0x280 [ 592.816338][T18259] mem_cgroup_out_of_memory+0x1d8/0x240 [ 592.821902][T18259] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 592.827560][T18259] ? do_raw_spin_unlock+0x57/0x270 [ 592.832683][T18259] ? _raw_spin_unlock+0x2d/0x50 [ 592.837539][T18259] try_charge+0xf4b/0x1440 [ 592.841966][T18259] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 592.847513][T18259] ? percpu_ref_tryget_live+0x111/0x290 [ 592.853068][T18259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 592.859311][T18259] ? __kasan_check_read+0x11/0x20 [ 592.864346][T18259] ? get_mem_cgroup_from_mm+0x156/0x320 [ 592.869908][T18259] mem_cgroup_try_charge+0x136/0x590 [ 592.875204][T18259] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 592.881457][T18259] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 592.887097][T18259] __handle_mm_fault+0x1e34/0x3f20 [ 592.892224][T18259] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 592.897793][T18259] ? __kasan_check_read+0x11/0x20 [ 592.902830][T18259] handle_mm_fault+0x1b5/0x6c0 [ 592.907605][T18259] __do_page_fault+0x536/0xdd0 [ 592.912386][T18259] do_page_fault+0x38/0x590 [ 592.916895][T18259] page_fault+0x39/0x40 [ 592.921053][T18259] RIP: 0033:0x42fdcc [ 592.924958][T18259] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d 9a 51 64 00 77 70 89 ef [ 592.946103][T18259] RSP: 002b:00007ffe91899fc0 EFLAGS: 00010202 [ 592.952186][T18259] RAX: 0000000000000020 RBX: 0000000000715640 RCX: 0000000000458be4 [ 592.960174][T18259] RDX: 00007ffe9189a0b0 RSI: 0000000000008030 RDI: 0000000000715640 01:46:26 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xae41, &(0x7f0000000000)) [ 592.968156][T18259] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000555555d8b940 [ 592.976141][T18259] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe9189b290 [ 592.984130][T18259] R13: 00007ffe9189b280 R14: 0000000000000000 R15: 00007ffe9189b290 [ 593.011181][T18259] memory: usage 1052kB, limit 0kB, failcnt 107 01:46:26 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 593.018080][T18259] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 593.025792][T18259] Memory cgroup stats for /syz5: [ 593.025893][T18259] anon 0 [ 593.025893][T18259] file 0 [ 593.025893][T18259] kernel_stack 65536 [ 593.025893][T18259] slab 1269760 [ 593.025893][T18259] sock 16384 [ 593.025893][T18259] shmem 28672 [ 593.025893][T18259] file_mapped 0 [ 593.025893][T18259] file_dirty 0 [ 593.025893][T18259] file_writeback 0 [ 593.025893][T18259] anon_thp 0 [ 593.025893][T18259] inactive_anon 0 [ 593.025893][T18259] active_anon 0 [ 593.025893][T18259] inactive_file 61440 [ 593.025893][T18259] active_file 0 [ 593.025893][T18259] unevictable 176128 [ 593.025893][T18259] slab_reclaimable 405504 [ 593.025893][T18259] slab_unreclaimable 864256 [ 593.025893][T18259] pgfault 24123 [ 593.025893][T18259] pgmajfault 0 [ 593.025893][T18259] workingset_refault 0 [ 593.025893][T18259] workingset_activate 0 [ 593.025893][T18259] workingset_nodereclaim 0 [ 593.025893][T18259] pgrefill 0 [ 593.025893][T18259] pgscan 0 [ 593.025893][T18259] pgsteal 0 [ 593.025893][T18259] pgactivate 0 01:46:26 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xae80, &(0x7f0000000000)) [ 593.253759][T18259] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18259,uid=0 [ 593.316428][T18259] Memory cgroup out of memory: Killed process 18259 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 593.385138][ T1065] oom_reaper: reaped process 18259 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 593.931546][T18314] IPVS: ftp: loaded support on port[0] = 21 [ 594.448710][T18314] chnl_net:caif_netlink_parms(): no params data found [ 594.479617][T18314] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.486874][T18314] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.495374][T18314] device bridge_slave_0 entered promiscuous mode [ 594.640348][T18314] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.648131][T18314] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.656267][T18314] device bridge_slave_1 entered promiscuous mode [ 594.678365][T18314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 594.883382][T18314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 594.910259][T18317] IPVS: ftp: loaded support on port[0] = 21 [ 594.912719][T18314] team0: Port device team_slave_0 added [ 595.069163][T18314] team0: Port device team_slave_1 added [ 595.112100][ T3079] device bridge_slave_1 left promiscuous mode [ 595.122679][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.164466][ T3079] device bridge_slave_0 left promiscuous mode [ 595.170663][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.235971][ T3079] device bridge_slave_1 left promiscuous mode [ 595.242178][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.295643][ T3079] device bridge_slave_0 left promiscuous mode [ 595.301878][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.234342][ T3079] device hsr_slave_0 left promiscuous mode [ 599.293793][ T3079] device hsr_slave_1 left promiscuous mode [ 599.351755][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 599.366321][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 599.379577][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 599.429052][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.502440][ T3079] bond0 (unregistering): Released all slaves [ 599.644632][ T3079] device hsr_slave_0 left promiscuous mode [ 599.703873][ T3079] device hsr_slave_1 left promiscuous mode [ 599.756151][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 599.770234][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 599.782777][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 599.824761][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.893452][ T3079] bond0 (unregistering): Released all slaves [ 600.066843][T18314] device hsr_slave_0 entered promiscuous mode [ 600.123987][T18314] device hsr_slave_1 entered promiscuous mode [ 600.173826][T18314] debugfs: Directory 'hsr0' with parent '/' already present! [ 600.265176][T18317] chnl_net:caif_netlink_parms(): no params data found [ 600.307891][T18317] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.315527][T18317] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.323462][T18317] device bridge_slave_0 entered promiscuous mode [ 600.403916][T18317] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.411029][T18317] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.429215][T18317] device bridge_slave_1 entered promiscuous mode [ 600.489960][T18314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 600.500096][T18317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 600.516339][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 600.525407][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 600.535074][T18317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 600.547653][T18314] 8021q: adding VLAN 0 to HW filter on device team0 [ 600.576267][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 600.585815][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 600.594708][T17988] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.601764][T17988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.609558][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 600.618882][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 600.634889][T17988] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.642157][T17988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.665339][T18317] team0: Port device team_slave_0 added [ 600.672668][T18317] team0: Port device team_slave_1 added [ 600.689132][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 600.702291][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 600.718897][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 600.785702][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 600.802290][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 600.812691][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 600.832368][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 600.842742][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 600.859671][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 600.870642][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 600.887258][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 600.946718][T18317] device hsr_slave_0 entered promiscuous mode [ 600.991256][T18317] device hsr_slave_1 entered promiscuous mode [ 601.051205][T18317] debugfs: Directory 'hsr0' with parent '/' already present! [ 601.062963][T18314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 601.087042][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 601.146478][T18314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.207883][T18317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 601.230224][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 601.244621][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 601.256635][T18317] 8021q: adding VLAN 0 to HW filter on device team0 [ 601.277672][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 601.295986][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 601.312279][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.319420][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 601.353913][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 601.368567][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 601.389856][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 601.423395][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.430544][ T9063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 601.439851][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 601.450663][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 601.476041][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 601.484971][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 601.494133][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 601.503009][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 601.515578][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 601.525582][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 601.534813][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 601.545688][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 601.559225][T18317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 601.576788][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 601.628890][T18317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.641192][T18325] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 601.652594][T18325] CPU: 1 PID: 18325 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 601.661728][T18325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.671801][T18325] Call Trace: [ 601.675113][T18325] dump_stack+0x172/0x1f0 [ 601.679460][T18325] dump_header+0x177/0x1152 [ 601.683984][T18325] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 601.689967][T18325] ? ___ratelimit+0x2c8/0x595 [ 601.694815][T18325] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 601.700624][T18325] ? lockdep_hardirqs_on+0x418/0x5d0 [ 601.706074][T18325] ? trace_hardirqs_on+0x67/0x240 [ 601.711102][T18325] ? pagefault_out_of_memory+0x11c/0x11c [ 601.716731][T18325] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 601.722538][T18325] ? ___ratelimit+0x60/0x595 [ 601.727119][T18325] ? do_raw_spin_unlock+0x57/0x270 [ 601.732220][T18325] oom_kill_process.cold+0x10/0x15 [ 601.737367][T18325] out_of_memory+0x334/0x1340 [ 601.742041][T18325] ? __sched_text_start+0x8/0x8 [ 601.746902][T18325] ? oom_killer_disable+0x280/0x280 [ 601.752269][T18325] mem_cgroup_out_of_memory+0x1d8/0x240 [ 601.757806][T18325] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 601.763437][T18325] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 601.769238][T18325] ? cgroup_file_notify+0x140/0x1b0 [ 601.774434][T18325] memory_max_write+0x262/0x3a0 [ 601.779289][T18325] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 601.786054][T18325] ? lock_acquire+0x190/0x410 [ 601.790741][T18325] ? kernfs_fop_write+0x227/0x480 [ 601.795763][T18325] cgroup_file_write+0x241/0x790 [ 601.800689][T18325] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 601.807449][T18325] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 601.813082][T18325] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 601.818702][T18325] kernfs_fop_write+0x2b8/0x480 [ 601.823544][T18325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 601.829801][T18325] __vfs_write+0x8a/0x110 [ 601.834150][T18325] ? kernfs_fop_open+0xd80/0xd80 [ 601.839096][T18325] vfs_write+0x268/0x5d0 [ 601.843348][T18325] ksys_write+0x14f/0x290 [ 601.847679][T18325] ? __ia32_sys_read+0xb0/0xb0 [ 601.852430][T18325] ? do_syscall_64+0x26/0x760 [ 601.857091][T18325] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 601.863142][T18325] ? do_syscall_64+0x26/0x760 [ 601.867809][T18325] __x64_sys_write+0x73/0xb0 [ 601.872400][T18325] do_syscall_64+0xfa/0x760 [ 601.876920][T18325] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 601.882793][T18325] RIP: 0033:0x459879 [ 601.886680][T18325] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 601.906359][T18325] RSP: 002b:00007f8bfb3bcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 601.914753][T18325] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 601.922917][T18325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 601.930877][T18325] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 601.938832][T18325] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8bfb3bd6d4 [ 601.946787][T18325] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 601.971574][T18325] memory: usage 4104kB, limit 0kB, failcnt 117 [ 601.991535][T18325] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 602.010992][T18325] Memory cgroup stats for /syz3: [ 602.012398][T18325] anon 2084864 [ 602.012398][T18325] file 192512 [ 602.012398][T18325] kernel_stack 65536 [ 602.012398][T18325] slab 2134016 [ 602.012398][T18325] sock 0 [ 602.012398][T18325] shmem 12288 [ 602.012398][T18325] file_mapped 0 [ 602.012398][T18325] file_dirty 135168 [ 602.012398][T18325] file_writeback 0 [ 602.012398][T18325] anon_thp 2097152 [ 602.012398][T18325] inactive_anon 135168 [ 602.012398][T18325] active_anon 2084864 [ 602.012398][T18325] inactive_file 81920 [ 602.012398][T18325] active_file 0 [ 602.012398][T18325] unevictable 0 [ 602.012398][T18325] slab_reclaimable 811008 [ 602.012398][T18325] slab_unreclaimable 1323008 [ 602.012398][T18325] pgfault 25014 [ 602.012398][T18325] pgmajfault 0 [ 602.012398][T18325] workingset_refault 0 [ 602.012398][T18325] workingset_activate 0 [ 602.012398][T18325] workingset_nodereclaim 0 [ 602.012398][T18325] pgrefill 33 [ 602.012398][T18325] pgscan 254 [ 602.012398][T18325] pgsteal 220 [ 602.012398][T18325] pgactivate 0 [ 602.165930][T18325] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18324,uid=0 [ 602.193110][T18325] Memory cgroup out of memory: Killed process 18324 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 602.216562][ T1065] oom_reaper: reaped process 18324 (syz-executor.3), now anon-rss:0kB, file-rss:34876kB, shmem-rss:0kB [ 602.228379][T18332] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 602.242658][T18332] CPU: 1 PID: 18332 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 602.251776][T18332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.261841][T18332] Call Trace: [ 602.265402][T18332] dump_stack+0x172/0x1f0 [ 602.269736][T18332] dump_header+0x177/0x1152 [ 602.274241][T18332] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 602.280330][T18332] ? ___ratelimit+0x2c8/0x595 [ 602.285178][T18332] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 602.290981][T18332] ? lockdep_hardirqs_on+0x418/0x5d0 [ 602.296262][T18332] ? trace_hardirqs_on+0x67/0x240 [ 602.301292][T18332] ? pagefault_out_of_memory+0x11c/0x11c [ 602.307015][T18332] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 602.312816][T18332] ? ___ratelimit+0x60/0x595 [ 602.317397][T18332] ? do_raw_spin_unlock+0x57/0x270 [ 602.322512][T18332] oom_kill_process.cold+0x10/0x15 [ 602.327712][T18332] out_of_memory+0x334/0x1340 [ 602.332393][T18332] ? oom_killer_disable+0x280/0x280 [ 602.337599][T18332] mem_cgroup_out_of_memory+0x1d8/0x240 [ 602.343501][T18332] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 602.349139][T18332] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 602.354958][T18332] ? cgroup_file_notify+0x140/0x1b0 [ 602.360243][T18332] memory_max_write+0x262/0x3a0 [ 602.365102][T18332] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 602.371864][T18332] ? lock_acquire+0x20b/0x410 [ 602.376542][T18332] ? retint_kernel+0x2b/0x2b [ 602.381133][T18332] cgroup_file_write+0x241/0x790 [ 602.386069][T18332] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 602.392832][T18332] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 602.398471][T18332] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 602.404101][T18332] kernfs_fop_write+0x2b8/0x480 [ 602.408948][T18332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.415189][T18332] __vfs_write+0x8a/0x110 [ 602.419517][T18332] ? kernfs_fop_open+0xd80/0xd80 [ 602.424450][T18332] vfs_write+0x268/0x5d0 [ 602.428691][T18332] ksys_write+0x14f/0x290 [ 602.433018][T18332] ? __ia32_sys_read+0xb0/0xb0 [ 602.437786][T18332] __x64_sys_write+0x73/0xb0 [ 602.442375][T18332] ? do_syscall_64+0x5b/0x760 [ 602.447059][T18332] do_syscall_64+0xfa/0x760 [ 602.451567][T18332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.457449][T18332] RIP: 0033:0x459879 [ 602.461339][T18332] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 602.480935][T18332] RSP: 002b:00007f6ebbdafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 602.489339][T18332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 602.497303][T18332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 602.505273][T18332] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 602.514114][T18332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ebbdb06d4 [ 602.522078][T18332] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 602.555175][T18332] memory: usage 3344kB, limit 0kB, failcnt 117 [ 602.561698][T18332] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 602.569306][T18332] Memory cgroup stats for /syz2: [ 602.571361][T18332] anon 2174976 [ 602.571361][T18332] file 102400 [ 602.571361][T18332] kernel_stack 65536 [ 602.571361][T18332] slab 1134592 [ 602.571361][T18332] sock 0 [ 602.571361][T18332] shmem 45056 [ 602.571361][T18332] file_mapped 0 [ 602.571361][T18332] file_dirty 0 [ 602.571361][T18332] file_writeback 0 [ 602.571361][T18332] anon_thp 2097152 [ 602.571361][T18332] inactive_anon 131072 [ 602.571361][T18332] active_anon 2174976 [ 602.571361][T18332] inactive_file 0 [ 602.571361][T18332] active_file 0 [ 602.571361][T18332] unevictable 0 [ 602.571361][T18332] slab_reclaimable 405504 [ 602.571361][T18332] slab_unreclaimable 729088 [ 602.571361][T18332] pgfault 30822 [ 602.571361][T18332] pgmajfault 0 [ 602.571361][T18332] workingset_refault 0 [ 602.571361][T18332] workingset_activate 0 [ 602.571361][T18332] workingset_nodereclaim 0 [ 602.571361][T18332] pgrefill 33 [ 602.571361][T18332] pgscan 0 [ 602.571361][T18332] pgsteal 0 [ 602.571361][T18332] pgactivate 0 [ 602.680158][T18332] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18331,uid=0 01:46:36 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:36 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:36 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x40042409, &(0x7f0000000000)) 01:46:36 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c000000fffffff0}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:36 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 602.758478][T18332] Memory cgroup out of memory: Killed process 18331 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 602.783050][ T1065] oom_reaper: reaped process 18331 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 602.829940][T18314] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 602.863213][T18314] CPU: 0 PID: 18314 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 602.872355][T18314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.882408][T18314] Call Trace: [ 602.885701][T18314] dump_stack+0x172/0x1f0 [ 602.890041][T18314] dump_header+0x177/0x1152 [ 602.894557][T18314] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 602.900375][T18314] ? ___ratelimit+0x2c8/0x595 [ 602.905060][T18314] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 602.910872][T18314] ? lockdep_hardirqs_on+0x418/0x5d0 [ 602.916163][T18314] ? trace_hardirqs_on+0x67/0x240 [ 602.921212][T18314] ? pagefault_out_of_memory+0x11c/0x11c [ 602.926856][T18314] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 602.932669][T18314] ? ___ratelimit+0x60/0x595 [ 602.939533][T18314] ? do_raw_spin_unlock+0x57/0x270 [ 602.944663][T18314] oom_kill_process.cold+0x10/0x15 [ 602.949795][T18314] out_of_memory+0x334/0x1340 [ 602.954482][T18314] ? lock_downgrade+0x920/0x920 [ 602.959336][T18314] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 602.965147][T18314] ? oom_killer_disable+0x280/0x280 [ 602.970357][T18314] mem_cgroup_out_of_memory+0x1d8/0x240 [ 602.975906][T18314] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 602.981551][T18314] ? do_raw_spin_unlock+0x57/0x270 [ 602.986665][T18314] ? _raw_spin_unlock+0x2d/0x50 [ 602.991564][T18314] try_charge+0xf4b/0x1440 [ 602.996089][T18314] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 603.001631][T18314] ? percpu_ref_tryget_live+0x111/0x290 [ 603.007188][T18314] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 603.013434][T18314] ? __kasan_check_read+0x11/0x20 [ 603.018479][T18314] ? get_mem_cgroup_from_mm+0x156/0x320 [ 603.024133][T18314] mem_cgroup_try_charge+0x136/0x590 [ 603.029422][T18314] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 603.035684][T18314] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 603.041341][T18314] wp_page_copy+0x41e/0x1600 [ 603.045949][T18314] ? find_held_lock+0x35/0x130 [ 603.050803][T18314] ? follow_pfn+0x2a0/0x2a0 [ 603.055320][T18314] ? lock_downgrade+0x920/0x920 [ 603.060179][T18314] ? swp_swapcount+0x540/0x540 [ 603.064960][T18314] ? __kasan_check_read+0x11/0x20 [ 603.069981][T18314] ? do_raw_spin_unlock+0x57/0x270 [ 603.075129][T18314] do_wp_page+0x499/0x14d0 [ 603.079555][T18314] ? finish_mkwrite_fault+0x570/0x570 [ 603.084941][T18314] __handle_mm_fault+0x22f1/0x3f20 [ 603.090064][T18314] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 603.095628][T18314] ? __kasan_check_read+0x11/0x20 [ 603.100678][T18314] handle_mm_fault+0x1b5/0x6c0 [ 603.105544][T18314] __do_page_fault+0x536/0xdd0 [ 603.110326][T18314] do_page_fault+0x38/0x590 [ 603.114856][T18314] page_fault+0x39/0x40 [ 603.119729][T18314] RIP: 0033:0x430956 [ 603.123629][T18314] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 603.143413][T18314] RSP: 002b:00007ffea08b45c0 EFLAGS: 00010206 [ 603.149478][T18314] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 603.157458][T18314] RDX: 0000555555730930 RSI: 0000555555738970 RDI: 0000000000000003 [ 603.165434][T18314] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555572f940 [ 603.173431][T18314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 603.181413][T18314] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 01:46:36 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:36 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x7500000000000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:36 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x400443c8, &(0x7f0000000000)) [ 603.461967][T18348] bridge_slave_0: FDB only supports static addresses 01:46:37 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:37 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x2}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:37 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x400454ca, &(0x7f0000000000)) [ 603.663721][T18314] memory: usage 1768kB, limit 0kB, failcnt 125 [ 603.673277][T18355] bridge_slave_0: FDB only supports static addresses [ 603.680519][T18314] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 603.722026][T18314] Memory cgroup stats for /syz3: [ 603.722137][T18314] anon 0 [ 603.722137][T18314] file 192512 [ 603.722137][T18314] kernel_stack 65536 [ 603.722137][T18314] slab 2134016 [ 603.722137][T18314] sock 0 [ 603.722137][T18314] shmem 12288 [ 603.722137][T18314] file_mapped 0 [ 603.722137][T18314] file_dirty 135168 [ 603.722137][T18314] file_writeback 0 [ 603.722137][T18314] anon_thp 0 [ 603.722137][T18314] inactive_anon 135168 [ 603.722137][T18314] active_anon 0 [ 603.722137][T18314] inactive_file 81920 [ 603.722137][T18314] active_file 0 [ 603.722137][T18314] unevictable 0 [ 603.722137][T18314] slab_reclaimable 811008 [ 603.722137][T18314] slab_unreclaimable 1323008 [ 603.722137][T18314] pgfault 25014 [ 603.722137][T18314] pgmajfault 0 [ 603.722137][T18314] workingset_refault 0 [ 603.722137][T18314] workingset_activate 0 [ 603.722137][T18314] workingset_nodereclaim 0 [ 603.722137][T18314] pgrefill 33 [ 603.722137][T18314] pgscan 254 [ 603.722137][T18314] pgsteal 220 [ 603.722137][T18314] pgactivate 0 [ 603.877304][T18314] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18314,uid=0 [ 603.893378][T18314] Memory cgroup out of memory: Killed process 18314 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 604.030930][ T1065] oom_reaper: reaped process 18314 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 604.043427][T18317] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 604.074404][T18317] CPU: 0 PID: 18317 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 604.083562][T18317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.093787][T18317] Call Trace: [ 604.097094][T18317] dump_stack+0x172/0x1f0 [ 604.101529][T18317] dump_header+0x177/0x1152 [ 604.106052][T18317] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 604.111873][T18317] ? ___ratelimit+0x2c8/0x595 [ 604.116716][T18317] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 604.122671][T18317] ? lockdep_hardirqs_on+0x418/0x5d0 [ 604.128330][T18317] ? trace_hardirqs_on+0x67/0x240 [ 604.133698][T18317] ? pagefault_out_of_memory+0x11c/0x11c [ 604.139383][T18317] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 604.145206][T18317] ? ___ratelimit+0x60/0x595 [ 604.149810][T18317] ? do_raw_spin_unlock+0x57/0x270 [ 604.155171][T18317] oom_kill_process.cold+0x10/0x15 [ 604.160665][T18317] out_of_memory+0x334/0x1340 [ 604.165359][T18317] ? lock_downgrade+0x920/0x920 [ 604.170225][T18317] ? oom_killer_disable+0x280/0x280 [ 604.175455][T18317] mem_cgroup_out_of_memory+0x1d8/0x240 [ 604.181030][T18317] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 604.186697][T18317] ? do_raw_spin_unlock+0x57/0x270 [ 604.191954][T18317] ? _raw_spin_unlock+0x2d/0x50 [ 604.196985][T18317] try_charge+0xf4b/0x1440 [ 604.201624][T18317] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 604.207334][T18317] ? percpu_ref_tryget_live+0x111/0x290 [ 604.212997][T18317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.219449][T18317] ? __kasan_check_read+0x11/0x20 [ 604.224654][T18317] ? get_mem_cgroup_from_mm+0x156/0x320 [ 604.230217][T18317] mem_cgroup_try_charge+0x136/0x590 [ 604.235516][T18317] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 604.241900][T18317] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 604.247549][T18317] wp_page_copy+0x41e/0x1600 [ 604.252482][T18317] ? find_held_lock+0x35/0x130 [ 604.257281][T18317] ? follow_pfn+0x2a0/0x2a0 [ 604.261798][T18317] ? lock_downgrade+0x920/0x920 [ 604.266675][T18317] ? swp_swapcount+0x540/0x540 [ 604.271640][T18317] ? __kasan_check_read+0x11/0x20 [ 604.276695][T18317] ? do_raw_spin_unlock+0x57/0x270 [ 604.281823][T18317] do_wp_page+0x499/0x14d0 [ 604.286359][T18317] ? finish_mkwrite_fault+0x570/0x570 [ 604.291920][T18317] __handle_mm_fault+0x22f1/0x3f20 [ 604.297058][T18317] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 604.302764][T18317] ? __kasan_check_read+0x11/0x20 [ 604.307816][T18317] handle_mm_fault+0x1b5/0x6c0 [ 604.312846][T18317] __do_page_fault+0x536/0xdd0 [ 604.317650][T18317] do_page_fault+0x38/0x590 [ 604.322315][T18317] page_fault+0x39/0x40 [ 604.326479][T18317] RIP: 0033:0x430956 [ 604.330382][T18317] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 604.350353][T18317] RSP: 002b:00007ffe4c20b950 EFLAGS: 00010206 [ 604.356524][T18317] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 604.364569][T18317] RDX: 0000555555608930 RSI: 0000555555610970 RDI: 0000000000000003 [ 604.372600][T18317] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555607940 [ 604.380689][T18317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 604.388708][T18317] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 604.400895][T18317] memory: usage 1000kB, limit 0kB, failcnt 125 [ 604.407209][T18317] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 604.419116][T18317] Memory cgroup stats for /syz2: [ 604.419235][T18317] anon 0 [ 604.419235][T18317] file 102400 [ 604.419235][T18317] kernel_stack 65536 [ 604.419235][T18317] slab 1134592 [ 604.419235][T18317] sock 0 [ 604.419235][T18317] shmem 45056 [ 604.419235][T18317] file_mapped 0 [ 604.419235][T18317] file_dirty 0 [ 604.419235][T18317] file_writeback 0 [ 604.419235][T18317] anon_thp 0 [ 604.419235][T18317] inactive_anon 131072 [ 604.419235][T18317] active_anon 0 [ 604.419235][T18317] inactive_file 0 [ 604.419235][T18317] active_file 0 [ 604.419235][T18317] unevictable 0 [ 604.419235][T18317] slab_reclaimable 405504 [ 604.419235][T18317] slab_unreclaimable 729088 [ 604.419235][T18317] pgfault 30855 [ 604.419235][T18317] pgmajfault 0 [ 604.419235][T18317] workingset_refault 0 [ 604.419235][T18317] workingset_activate 0 [ 604.419235][T18317] workingset_nodereclaim 0 [ 604.419235][T18317] pgrefill 33 [ 604.419235][T18317] pgscan 0 [ 604.419235][T18317] pgsteal 0 [ 604.419235][T18317] pgactivate 0 [ 604.516266][T18317] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18317,uid=0 [ 604.532432][T18317] Memory cgroup out of memory: Killed process 18317 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 604.551064][ T1065] oom_reaper: reaped process 18317 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:46:38 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:46:38 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:38 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:38 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x40045568, &(0x7f0000000000)) [ 605.560420][T18374] IPVS: ftp: loaded support on port[0] = 21 [ 605.785474][T18374] chnl_net:caif_netlink_parms(): no params data found [ 605.954780][T18374] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.963028][T18374] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.971067][T18374] device bridge_slave_0 entered promiscuous mode [ 605.980571][T18374] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.987789][T18374] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.996538][T18374] device bridge_slave_1 entered promiscuous mode [ 606.165745][T18374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 606.178611][T18374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 606.342770][T18374] team0: Port device team_slave_0 added [ 606.352518][T18374] team0: Port device team_slave_1 added [ 606.536983][T18374] device hsr_slave_0 entered promiscuous mode [ 606.594285][T18374] device hsr_slave_1 entered promiscuous mode [ 606.665055][T18374] debugfs: Directory 'hsr0' with parent '/' already present! [ 606.867164][T18374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 607.031004][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 607.039639][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 607.050692][T18374] 8021q: adding VLAN 0 to HW filter on device team0 [ 607.066969][ T3079] device bridge_slave_1 left promiscuous mode [ 607.073184][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.145309][ T3079] device bridge_slave_0 left promiscuous mode [ 607.151751][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.206609][ T3079] device bridge_slave_1 left promiscuous mode [ 607.212886][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.274508][ T3079] device bridge_slave_0 left promiscuous mode [ 607.280723][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.304415][ T3079] device hsr_slave_0 left promiscuous mode [ 611.343841][ T3079] device hsr_slave_1 left promiscuous mode [ 611.433067][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 611.448067][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 611.466185][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 611.531607][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 611.623159][ T3079] bond0 (unregistering): Released all slaves [ 611.774944][ T3079] device hsr_slave_0 left promiscuous mode [ 611.813854][ T3079] device hsr_slave_1 left promiscuous mode [ 611.862970][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 611.877694][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 611.891813][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 611.950987][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 612.023211][ T3079] bond0 (unregistering): Released all slaves [ 612.109226][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 612.118623][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 612.128600][T17538] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.135890][T17538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.144651][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 612.163654][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 612.172351][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 612.181431][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.189056][ T9063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.197087][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 612.205973][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 612.226522][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 612.236316][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 612.253454][T18374] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 612.264911][T18374] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 612.279416][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 612.287938][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 612.297273][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 612.306753][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 612.316396][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 612.325515][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 612.335128][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 612.344760][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 612.374561][T18374] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 612.663330][T18381] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 612.682347][T18381] CPU: 1 PID: 18381 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 612.691590][T18381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.702256][T18381] Call Trace: [ 612.715668][T18381] dump_stack+0x172/0x1f0 [ 612.720994][T18381] dump_header+0x177/0x1152 [ 612.726360][T18381] ? pagefault_out_of_memory+0x11c/0x11c [ 612.732636][T18381] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 612.738923][T18381] ? ___ratelimit+0x60/0x595 [ 612.744086][T18381] ? do_raw_spin_unlock+0x57/0x270 [ 612.749477][T18381] oom_kill_process.cold+0x10/0x15 [ 612.754779][T18381] out_of_memory+0x334/0x1340 [ 612.759732][T18381] ? retint_kernel+0x2b/0x2b [ 612.764441][T18381] ? oom_killer_disable+0x280/0x280 [ 612.772274][T18381] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 612.778018][T18381] mem_cgroup_out_of_memory+0x1d8/0x240 [ 612.783579][T18381] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 612.789417][T18381] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 612.795669][T18381] ? cgroup_file_notify+0x140/0x1b0 [ 612.801152][T18381] memory_max_write+0x262/0x3a0 [ 612.806193][T18381] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 612.813396][T18381] ? lock_acquire+0x190/0x410 [ 612.818964][T18381] ? kernfs_fop_write+0x227/0x480 [ 612.824201][T18381] cgroup_file_write+0x241/0x790 [ 612.829434][T18381] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 612.836561][T18381] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 612.842332][T18381] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 612.848255][T18381] kernfs_fop_write+0x2b8/0x480 [ 612.853323][T18381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.860023][T18381] __vfs_write+0x8a/0x110 [ 612.864450][T18381] ? kernfs_fop_open+0xd80/0xd80 [ 612.869840][T18381] vfs_write+0x268/0x5d0 [ 612.874287][T18381] ksys_write+0x14f/0x290 [ 612.878680][T18381] ? __ia32_sys_read+0xb0/0xb0 [ 612.883455][T18381] ? do_syscall_64+0x26/0x760 [ 612.888159][T18381] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.894424][T18381] ? do_syscall_64+0x26/0x760 [ 612.899427][T18381] __x64_sys_write+0x73/0xb0 [ 612.904129][T18381] do_syscall_64+0xfa/0x760 [ 612.908757][T18381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.914754][T18381] RIP: 0033:0x459879 [ 612.918744][T18381] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.942525][T18381] RSP: 002b:00007f9c8544fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 612.951209][T18381] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 612.959591][T18381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 612.967714][T18381] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 612.975691][T18381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c854506d4 [ 612.984457][T18381] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 613.001294][T18381] memory: usage 3176kB, limit 0kB, failcnt 108 [ 613.009937][T18381] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 613.017641][T18381] Memory cgroup stats for /syz5: [ 613.019319][T18381] anon 2134016 [ 613.019319][T18381] file 0 [ 613.019319][T18381] kernel_stack 65536 [ 613.019319][T18381] slab 995328 [ 613.019319][T18381] sock 16384 [ 613.019319][T18381] shmem 28672 [ 613.019319][T18381] file_mapped 0 [ 613.019319][T18381] file_dirty 0 [ 613.019319][T18381] file_writeback 0 [ 613.019319][T18381] anon_thp 2097152 [ 613.019319][T18381] inactive_anon 0 [ 613.019319][T18381] active_anon 2134016 [ 613.019319][T18381] inactive_file 61440 [ 613.019319][T18381] active_file 0 [ 613.019319][T18381] unevictable 176128 [ 613.019319][T18381] slab_reclaimable 405504 [ 613.019319][T18381] slab_unreclaimable 589824 [ 613.019319][T18381] pgfault 24222 [ 613.019319][T18381] pgmajfault 0 [ 613.019319][T18381] workingset_refault 0 [ 613.019319][T18381] workingset_activate 0 [ 613.019319][T18381] workingset_nodereclaim 0 [ 613.019319][T18381] pgrefill 0 [ 613.019319][T18381] pgscan 0 [ 613.019319][T18381] pgsteal 0 [ 613.019319][T18381] pgactivate 0 [ 613.128895][T18381] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18380,uid=0 [ 613.149251][T18381] Memory cgroup out of memory: Killed process 18380 (syz-executor.5) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 613.172534][ T1065] oom_reaper: reaped process 18380 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:46:47 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x4004556b, &(0x7f0000000000)) 01:46:47 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x3}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:47 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:47 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:46:47 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 613.497891][T18374] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 613.527901][T18374] CPU: 1 PID: 18374 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 613.538848][T18374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.549721][T18374] Call Trace: [ 613.553302][T18374] dump_stack+0x172/0x1f0 [ 613.557926][T18374] dump_header+0x177/0x1152 [ 613.562787][T18374] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 613.569149][T18374] ? ___ratelimit+0x2c8/0x595 [ 613.574423][T18374] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 613.581077][T18374] ? lockdep_hardirqs_on+0x418/0x5d0 [ 613.586651][T18374] ? trace_hardirqs_on+0x67/0x240 [ 613.591994][T18374] ? pagefault_out_of_memory+0x11c/0x11c [ 613.598443][T18374] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 613.604286][T18374] ? ___ratelimit+0x60/0x595 [ 613.609410][T18374] ? do_raw_spin_unlock+0x57/0x270 [ 613.614736][T18374] oom_kill_process.cold+0x10/0x15 [ 613.620039][T18374] out_of_memory+0x334/0x1340 [ 613.624751][T18374] ? lock_downgrade+0x920/0x920 [ 613.630080][T18374] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 613.637030][T18374] ? oom_killer_disable+0x280/0x280 01:46:47 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x400455cb, &(0x7f0000000000)) [ 613.643163][T18374] mem_cgroup_out_of_memory+0x1d8/0x240 [ 613.649341][T18374] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 613.655192][T18374] ? do_raw_spin_unlock+0x57/0x270 [ 613.660778][T18374] ? _raw_spin_unlock+0x2d/0x50 [ 613.665837][T18374] try_charge+0xf4b/0x1440 [ 613.670549][T18374] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 613.676404][T18374] ? percpu_ref_tryget_live+0x111/0x290 [ 613.682139][T18374] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 613.688495][T18374] ? __kasan_check_read+0x11/0x20 [ 613.693713][T18374] ? get_mem_cgroup_from_mm+0x156/0x320 [ 613.699384][T18374] mem_cgroup_try_charge+0x136/0x590 [ 613.704694][T18374] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 613.711051][T18374] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 613.717926][T18374] __handle_mm_fault+0x1e34/0x3f20 [ 613.723170][T18374] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 613.729018][T18374] ? __kasan_check_read+0x11/0x20 [ 613.734252][T18374] handle_mm_fault+0x1b5/0x6c0 [ 613.739199][T18374] __do_page_fault+0x536/0xdd0 [ 613.744217][T18374] do_page_fault+0x38/0x590 [ 613.748846][T18374] page_fault+0x39/0x40 [ 613.753306][T18374] RIP: 0033:0x4034f2 [ 613.757408][T18374] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 a9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 c9 42 05 00 48 [ 613.778755][T18374] RSP: 002b:00007ffe613dff50 EFLAGS: 00010246 [ 613.784925][T18374] RAX: 0000000000000000 RBX: 00000000000958ef RCX: 0000000000413480 [ 613.793013][T18374] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe613e1080 [ 613.801157][T18374] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556fa8940 [ 613.809332][T18374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe613e1080 [ 613.817319][T18374] R13: 00007ffe613e1070 R14: 0000000000000000 R15: 00007ffe613e1080 [ 613.838260][T18374] memory: usage 852kB, limit 0kB, failcnt 116 [ 613.848778][T18374] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 613.883311][T18374] Memory cgroup stats for /syz5: [ 613.883426][T18374] anon 32768 [ 613.883426][T18374] file 0 [ 613.883426][T18374] kernel_stack 0 [ 613.883426][T18374] slab 995328 [ 613.883426][T18374] sock 16384 [ 613.883426][T18374] shmem 28672 [ 613.883426][T18374] file_mapped 0 [ 613.883426][T18374] file_dirty 0 [ 613.883426][T18374] file_writeback 0 [ 613.883426][T18374] anon_thp 0 [ 613.883426][T18374] inactive_anon 0 [ 613.883426][T18374] active_anon 32768 [ 613.883426][T18374] inactive_file 61440 [ 613.883426][T18374] active_file 0 [ 613.883426][T18374] unevictable 176128 [ 613.883426][T18374] slab_reclaimable 405504 [ 613.883426][T18374] slab_unreclaimable 589824 01:46:47 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x40049409, &(0x7f0000000000)) 01:46:47 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 613.883426][T18374] pgfault 24222 [ 613.883426][T18374] pgmajfault 0 [ 613.883426][T18374] workingset_refault 0 [ 613.883426][T18374] workingset_activate 0 [ 613.883426][T18374] workingset_nodereclaim 0 [ 613.883426][T18374] pgrefill 0 [ 613.883426][T18374] pgscan 0 [ 613.883426][T18374] pgsteal 0 [ 613.883426][T18374] pgactivate 0 [ 613.895561][T18392] bridge_slave_0: FDB only supports static addresses 01:46:47 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xff', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:47 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x40086602, &(0x7f0000000000)) 01:46:47 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:46:47 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:46:47 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x4008ae9c, &(0x7f0000000000)) [ 614.503101][T18414] bridge_slave_0: FDB only supports static addresses 01:46:48 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xff', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 614.563782][T18374] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18374,uid=0 [ 614.623836][T18374] Memory cgroup out of memory: Killed process 18374 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 614.690958][ T1065] oom_reaper: reaped process 18374 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 615.977253][T18426] IPVS: ftp: loaded support on port[0] = 21 [ 616.060973][T18426] chnl_net:caif_netlink_parms(): no params data found [ 616.091664][T18426] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.099188][T18426] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.107274][T18426] device bridge_slave_0 entered promiscuous mode [ 616.115674][T18426] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.122773][T18426] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.130839][T18426] device bridge_slave_1 entered promiscuous mode [ 616.150272][T18426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 616.622689][T18426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 616.649279][T18426] team0: Port device team_slave_0 added [ 616.659398][T18426] team0: Port device team_slave_1 added [ 616.671440][T18429] IPVS: ftp: loaded support on port[0] = 21 [ 616.947061][T18426] device hsr_slave_0 entered promiscuous mode [ 616.984154][T18426] device hsr_slave_1 entered promiscuous mode [ 617.023733][T18426] debugfs: Directory 'hsr0' with parent '/' already present! [ 617.526378][T18429] chnl_net:caif_netlink_parms(): no params data found [ 617.560965][T18429] bridge0: port 1(bridge_slave_0) entered blocking state [ 617.569047][T18429] bridge0: port 1(bridge_slave_0) entered disabled state [ 617.577358][T18429] device bridge_slave_0 entered promiscuous mode [ 617.586701][T18429] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.593924][T18429] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.601797][T18429] device bridge_slave_1 entered promiscuous mode [ 617.840908][T18429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.854018][T18429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.102343][T18429] team0: Port device team_slave_0 added [ 618.109904][T18429] team0: Port device team_slave_1 added [ 618.407243][T18429] device hsr_slave_0 entered promiscuous mode [ 618.444044][T18429] device hsr_slave_1 entered promiscuous mode [ 618.483890][T18429] debugfs: Directory 'hsr0' with parent '/' already present! [ 618.497049][T18426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 618.732371][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 618.740175][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 618.749991][T18426] 8021q: adding VLAN 0 to HW filter on device team0 [ 618.763405][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 618.775783][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 618.785159][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.792241][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 619.027255][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 619.035339][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 619.044509][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 619.052872][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.059968][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.068529][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 619.077717][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 619.096438][ T3079] device bridge_slave_1 left promiscuous mode [ 619.102670][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.135678][ T3079] device bridge_slave_0 left promiscuous mode [ 619.141912][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.186188][ T3079] device bridge_slave_1 left promiscuous mode [ 619.192554][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.225060][ T3079] device bridge_slave_0 left promiscuous mode [ 619.231252][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.275229][ T3079] device bridge_slave_1 left promiscuous mode [ 619.281584][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.327024][ T3079] device bridge_slave_0 left promiscuous mode [ 619.333218][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.234192][ T3079] device hsr_slave_0 left promiscuous mode [ 625.283994][ T3079] device hsr_slave_1 left promiscuous mode [ 625.361490][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 625.375376][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 625.387621][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.430513][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.523524][ T3079] bond0 (unregistering): Released all slaves [ 625.674667][ T3079] device hsr_slave_0 left promiscuous mode [ 625.713852][ T3079] device hsr_slave_1 left promiscuous mode [ 625.781525][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 625.795068][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 625.807068][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.890598][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.992348][ T3079] bond0 (unregistering): Released all slaves [ 626.164520][ T3079] device hsr_slave_0 left promiscuous mode [ 626.203839][ T3079] device hsr_slave_1 left promiscuous mode [ 626.262994][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 626.276592][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 626.287928][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.330790][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.422390][ T3079] bond0 (unregistering): Released all slaves [ 626.502063][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 626.516226][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 626.526929][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 626.535753][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 626.553230][T18426] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 626.565679][T18426] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 626.577573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 626.586257][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 626.595291][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 626.605344][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 626.613943][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 626.622561][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 626.642408][T18426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 626.672546][T18429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 626.688771][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 626.698968][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 626.710901][T18429] 8021q: adding VLAN 0 to HW filter on device team0 [ 626.726355][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 626.736526][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 626.745986][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.753049][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 626.761717][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 626.781525][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 626.791879][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 626.800996][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.808130][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 626.824309][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 626.833538][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 626.842421][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 626.863245][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 626.872678][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 626.891670][T18429] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 626.911610][T18429] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 626.937872][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 626.951409][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 626.962258][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 626.974261][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 626.982706][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 626.997539][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 627.067305][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 627.068490][T18437] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 627.078768][T18429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 627.094250][T18437] CPU: 1 PID: 18437 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 627.103368][T18437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.113433][T18437] Call Trace: [ 627.116739][T18437] dump_stack+0x172/0x1f0 [ 627.121053][T18437] dump_header+0x177/0x1152 [ 627.125571][T18437] ? pagefault_out_of_memory+0x11c/0x11c [ 627.131386][T18437] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 627.137178][T18437] ? ___ratelimit+0x60/0x595 [ 627.141750][T18437] ? do_raw_spin_unlock+0x57/0x270 [ 627.146845][T18437] oom_kill_process.cold+0x10/0x15 [ 627.151939][T18437] out_of_memory+0x334/0x1340 [ 627.156658][T18437] ? trace_hardirqs_on_caller+0x6a/0x240 [ 627.162289][T18437] ? cgroup_file_notify+0x140/0x1b0 [ 627.167485][T18437] ? oom_killer_disable+0x280/0x280 [ 627.172685][T18437] mem_cgroup_out_of_memory+0x1d8/0x240 [ 627.178230][T18437] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 627.183851][T18437] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 627.189642][T18437] ? cgroup_file_notify+0x140/0x1b0 [ 627.194832][T18437] memory_max_write+0x262/0x3a0 [ 627.199666][T18437] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 627.206498][T18437] ? lock_acquire+0x190/0x410 [ 627.211164][T18437] ? kernfs_fop_write+0x227/0x480 [ 627.216180][T18437] cgroup_file_write+0x241/0x790 [ 627.221139][T18437] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 627.228083][T18437] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 627.233724][T18437] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 627.239342][T18437] kernfs_fop_write+0x2b8/0x480 [ 627.244362][T18437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 627.250585][T18437] __vfs_write+0x8a/0x110 [ 627.254962][T18437] ? kernfs_fop_open+0xd80/0xd80 [ 627.259880][T18437] vfs_write+0x268/0x5d0 [ 627.264105][T18437] ksys_write+0x14f/0x290 [ 627.268417][T18437] ? __ia32_sys_read+0xb0/0xb0 [ 627.273167][T18437] ? do_syscall_64+0x26/0x760 [ 627.277916][T18437] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 627.283970][T18437] ? do_syscall_64+0x26/0x760 [ 627.288637][T18437] __x64_sys_write+0x73/0xb0 [ 627.293364][T18437] do_syscall_64+0xfa/0x760 [ 627.297859][T18437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 627.303748][T18437] RIP: 0033:0x459879 [ 627.307631][T18437] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 627.327392][T18437] RSP: 002b:00007f4fa1efac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 627.335786][T18437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 627.343747][T18437] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 627.351713][T18437] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 627.359686][T18437] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fa1efb6d4 [ 627.367681][T18437] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 627.392522][T18437] memory: usage 4004kB, limit 0kB, failcnt 126 [ 627.400190][T18437] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.408926][T18437] Memory cgroup stats for /syz3: [ 627.410362][T18437] anon 2072576 [ 627.410362][T18437] file 192512 [ 627.410362][T18437] kernel_stack 65536 [ 627.410362][T18437] slab 1863680 [ 627.410362][T18437] sock 0 [ 627.410362][T18437] shmem 12288 [ 627.410362][T18437] file_mapped 0 [ 627.410362][T18437] file_dirty 135168 [ 627.410362][T18437] file_writeback 0 [ 627.410362][T18437] anon_thp 2097152 [ 627.410362][T18437] inactive_anon 135168 [ 627.410362][T18437] active_anon 2072576 [ 627.410362][T18437] inactive_file 81920 [ 627.410362][T18437] active_file 0 [ 627.410362][T18437] unevictable 0 [ 627.410362][T18437] slab_reclaimable 675840 [ 627.410362][T18437] slab_unreclaimable 1187840 [ 627.410362][T18437] pgfault 25080 [ 627.410362][T18437] pgmajfault 0 [ 627.410362][T18437] workingset_refault 0 [ 627.410362][T18437] workingset_activate 0 [ 627.410362][T18437] workingset_nodereclaim 0 [ 627.410362][T18437] pgrefill 33 [ 627.410362][T18437] pgscan 254 [ 627.410362][T18437] pgsteal 220 [ 627.410362][T18437] pgactivate 0 [ 627.514060][T18437] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18436,uid=0 [ 627.531139][T18437] Memory cgroup out of memory: Killed process 18436 (syz-executor.3) total-vm:72580kB, anon-rss:2180kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 627.569161][ T1065] oom_reaper: reaped process 18436 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 627.897207][T18444] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 627.908338][T18444] CPU: 0 PID: 18444 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 627.917541][T18444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.927604][T18444] Call Trace: [ 627.930914][T18444] dump_stack+0x172/0x1f0 [ 627.935268][T18444] dump_header+0x177/0x1152 [ 627.939781][T18444] ? pagefault_out_of_memory+0x11c/0x11c [ 627.945416][T18444] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 627.951309][T18444] ? ___ratelimit+0x60/0x595 [ 627.955900][T18444] ? do_raw_spin_unlock+0x57/0x270 [ 627.961024][T18444] oom_kill_process.cold+0x10/0x15 [ 627.966142][T18444] out_of_memory+0x334/0x1340 [ 627.970828][T18444] ? __sched_text_start+0x8/0x8 [ 627.975689][T18444] ? oom_killer_disable+0x280/0x280 [ 627.980912][T18444] mem_cgroup_out_of_memory+0x1d8/0x240 [ 627.986459][T18444] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 627.992108][T18444] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 627.997924][T18444] ? cgroup_file_notify+0x140/0x1b0 [ 628.003142][T18444] memory_max_write+0x262/0x3a0 [ 628.008000][T18444] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 628.014770][T18444] ? lock_acquire+0x190/0x410 [ 628.019448][T18444] ? kernfs_fop_write+0x227/0x480 [ 628.024498][T18444] cgroup_file_write+0x241/0x790 [ 628.029467][T18444] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 628.036256][T18444] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 628.041921][T18444] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 628.047838][T18444] kernfs_fop_write+0x2b8/0x480 [ 628.052787][T18444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.059040][T18444] __vfs_write+0x8a/0x110 [ 628.063368][T18444] ? kernfs_fop_open+0xd80/0xd80 [ 628.068313][T18444] vfs_write+0x268/0x5d0 [ 628.072741][T18444] ksys_write+0x14f/0x290 [ 628.077080][T18444] ? __ia32_sys_read+0xb0/0xb0 [ 628.081850][T18444] __x64_sys_write+0x73/0xb0 [ 628.086456][T18444] do_syscall_64+0xfa/0x760 [ 628.090973][T18444] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 628.096861][T18444] RIP: 0033:0x459879 [ 628.100841][T18444] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 628.120444][T18444] RSP: 002b:00007f5f75b65c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 628.128870][T18444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 628.136849][T18444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 628.144998][T18444] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 628.152980][T18444] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f75b666d4 [ 628.160949][T18444] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 628.182537][T18444] memory: usage 3344kB, limit 0kB, failcnt 126 [ 628.189480][T18444] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 628.198883][T18444] Memory cgroup stats for /syz2: [ 628.200838][T18444] anon 2138112 [ 628.200838][T18444] file 102400 [ 628.200838][T18444] kernel_stack 131072 [ 628.200838][T18444] slab 1134592 [ 628.200838][T18444] sock 0 [ 628.200838][T18444] shmem 45056 [ 628.200838][T18444] file_mapped 0 [ 628.200838][T18444] file_dirty 0 [ 628.200838][T18444] file_writeback 0 [ 628.200838][T18444] anon_thp 2097152 [ 628.200838][T18444] inactive_anon 131072 [ 628.200838][T18444] active_anon 2138112 01:47:01 executing program 3: 01:47:01 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x4014563c, &(0x7f0000000000)) [ 628.200838][T18444] inactive_file 0 [ 628.200838][T18444] active_file 0 [ 628.200838][T18444] unevictable 0 [ 628.200838][T18444] slab_reclaimable 405504 [ 628.200838][T18444] slab_unreclaimable 729088 [ 628.200838][T18444] pgfault 30921 [ 628.200838][T18444] pgmajfault 0 [ 628.200838][T18444] workingset_refault 0 [ 628.200838][T18444] workingset_activate 0 [ 628.200838][T18444] workingset_nodereclaim 0 [ 628.200838][T18444] pgrefill 33 [ 628.200838][T18444] pgscan 0 [ 628.200838][T18444] pgsteal 0 [ 628.200838][T18444] pgactivate 0 [ 628.310852][T18444] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18443,uid=0 [ 628.328525][T18444] Memory cgroup out of memory: Killed process 18443 (syz-executor.2) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 628.354394][T18426] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 628.358773][ T1065] oom_reaper: reaped process 18443 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 628.370428][T18426] CPU: 0 PID: 18426 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 628.384530][T18426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.394591][T18426] Call Trace: [ 628.397898][T18426] dump_stack+0x172/0x1f0 [ 628.402235][T18426] dump_header+0x177/0x1152 [ 628.406740][T18426] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 628.412554][T18426] ? ___ratelimit+0x2c8/0x595 [ 628.417234][T18426] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 628.423046][T18426] ? lockdep_hardirqs_on+0x418/0x5d0 [ 628.428335][T18426] ? trace_hardirqs_on+0x67/0x240 [ 628.433377][T18426] ? pagefault_out_of_memory+0x11c/0x11c [ 628.439010][T18426] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 628.444822][T18426] ? ___ratelimit+0x60/0x595 [ 628.449405][T18426] ? do_raw_spin_unlock+0x57/0x270 [ 628.454519][T18426] oom_kill_process.cold+0x10/0x15 [ 628.459639][T18426] out_of_memory+0x334/0x1340 [ 628.464490][T18426] ? lock_downgrade+0x920/0x920 [ 628.469345][T18426] ? oom_killer_disable+0x280/0x280 [ 628.474559][T18426] mem_cgroup_out_of_memory+0x1d8/0x240 [ 628.480108][T18426] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 628.485744][T18426] ? do_raw_spin_unlock+0x57/0x270 [ 628.490853][T18426] ? _raw_spin_unlock+0x2d/0x50 [ 628.495717][T18426] try_charge+0xf4b/0x1440 [ 628.500148][T18426] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 628.505692][T18426] ? percpu_ref_tryget_live+0x111/0x290 [ 628.511243][T18426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.517495][T18426] ? __kasan_check_read+0x11/0x20 [ 628.522525][T18426] ? get_mem_cgroup_from_mm+0x156/0x320 [ 628.528104][T18426] mem_cgroup_try_charge+0x136/0x590 [ 628.533407][T18426] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 628.539675][T18426] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 628.545494][T18426] wp_page_copy+0x41e/0x1600 [ 628.550082][T18426] ? find_held_lock+0x35/0x130 [ 628.554952][T18426] ? follow_pfn+0x2a0/0x2a0 [ 628.559472][T18426] ? lock_downgrade+0x920/0x920 [ 628.564329][T18426] ? swp_swapcount+0x540/0x540 [ 628.569185][T18426] ? __kasan_check_read+0x11/0x20 [ 628.574209][T18426] ? do_raw_spin_unlock+0x57/0x270 [ 628.579434][T18426] do_wp_page+0x499/0x14d0 [ 628.583872][T18426] ? finish_mkwrite_fault+0x570/0x570 [ 628.589263][T18426] __handle_mm_fault+0x22f1/0x3f20 [ 628.594388][T18426] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 628.599955][T18426] ? __kasan_check_read+0x11/0x20 [ 628.605429][T18426] handle_mm_fault+0x1b5/0x6c0 [ 628.610206][T18426] __do_page_fault+0x536/0xdd0 [ 628.614972][T18426] do_page_fault+0x38/0x590 [ 628.619486][T18426] page_fault+0x39/0x40 [ 628.623644][T18426] RIP: 0033:0x430956 [ 628.627540][T18426] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 628.647143][T18426] RSP: 002b:00007ffc1872b490 EFLAGS: 00010206 [ 628.653210][T18426] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 628.661178][T18426] RDX: 0000555555a29930 RSI: 0000555555a31970 RDI: 0000000000000003 [ 628.669148][T18426] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555a28940 [ 628.677204][T18426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 628.685171][T18426] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 628.722272][T18426] memory: usage 1668kB, limit 0kB, failcnt 134 [ 628.735992][T18426] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 628.761707][T18426] Memory cgroup stats for /syz3: [ 628.761820][T18426] anon 0 [ 628.761820][T18426] file 192512 [ 628.761820][T18426] kernel_stack 0 [ 628.761820][T18426] slab 1863680 [ 628.761820][T18426] sock 0 [ 628.761820][T18426] shmem 12288 [ 628.761820][T18426] file_mapped 0 [ 628.761820][T18426] file_dirty 135168 [ 628.761820][T18426] file_writeback 0 [ 628.761820][T18426] anon_thp 0 [ 628.761820][T18426] inactive_anon 135168 [ 628.761820][T18426] active_anon 0 [ 628.761820][T18426] inactive_file 81920 [ 628.761820][T18426] active_file 0 [ 628.761820][T18426] unevictable 0 [ 628.761820][T18426] slab_reclaimable 675840 [ 628.761820][T18426] slab_unreclaimable 1187840 [ 628.761820][T18426] pgfault 25080 [ 628.761820][T18426] pgmajfault 0 [ 628.761820][T18426] workingset_refault 0 [ 628.761820][T18426] workingset_activate 0 [ 628.761820][T18426] workingset_nodereclaim 0 [ 628.761820][T18426] pgrefill 33 [ 628.761820][T18426] pgscan 254 [ 628.761820][T18426] pgsteal 220 [ 628.761820][T18426] pgactivate 0 01:47:02 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:47:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x5}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:02 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xff', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:02 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x401c5504, &(0x7f0000000000)) [ 629.000403][T18426] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18426,uid=0 [ 629.016837][T18426] Memory cgroup out of memory: Killed process 18426 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 629.035685][ T1065] oom_reaper: reaped process 18426 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 629.102317][T18429] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 629.115513][T18454] bridge_slave_0: FDB only supports static addresses [ 629.135901][T18429] CPU: 0 PID: 18429 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 629.145064][T18429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.155126][T18429] Call Trace: [ 629.158442][T18429] dump_stack+0x172/0x1f0 [ 629.162897][T18429] dump_header+0x177/0x1152 [ 629.167423][T18429] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 629.173237][T18429] ? ___ratelimit+0x2c8/0x595 [ 629.177919][T18429] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 629.183732][T18429] ? lockdep_hardirqs_on+0x418/0x5d0 [ 629.189027][T18429] ? trace_hardirqs_on+0x67/0x240 [ 629.194063][T18429] ? pagefault_out_of_memory+0x11c/0x11c [ 629.199704][T18429] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 629.205563][T18429] ? ___ratelimit+0x60/0x595 [ 629.210147][T18429] ? do_raw_spin_unlock+0x57/0x270 [ 629.215267][T18429] oom_kill_process.cold+0x10/0x15 [ 629.220409][T18429] out_of_memory+0x334/0x1340 [ 629.225091][T18429] ? lock_downgrade+0x920/0x920 [ 629.229944][T18429] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 629.235757][T18429] ? oom_killer_disable+0x280/0x280 [ 629.241018][T18429] mem_cgroup_out_of_memory+0x1d8/0x240 [ 629.246575][T18429] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 629.252304][T18429] ? do_raw_spin_unlock+0x57/0x270 [ 629.257421][T18429] ? _raw_spin_unlock+0x2d/0x50 [ 629.262280][T18429] try_charge+0xf4b/0x1440 [ 629.266719][T18429] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 629.272358][T18429] ? percpu_ref_tryget_live+0x111/0x290 [ 629.277923][T18429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 629.284174][T18429] ? __kasan_check_read+0x11/0x20 [ 629.289218][T18429] ? get_mem_cgroup_from_mm+0x156/0x320 [ 629.294778][T18429] mem_cgroup_try_charge+0x136/0x590 [ 629.300090][T18429] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 629.306361][T18429] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 629.312003][T18429] __handle_mm_fault+0x1e34/0x3f20 [ 629.317123][T18429] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 629.322691][T18429] ? __kasan_check_read+0x11/0x20 [ 629.327729][T18429] handle_mm_fault+0x1b5/0x6c0 [ 629.332511][T18429] __do_page_fault+0x536/0xdd0 [ 629.337292][T18429] do_page_fault+0x38/0x590 [ 629.341885][T18429] page_fault+0x39/0x40 [ 629.346035][T18429] RIP: 0033:0x42fd9f [ 629.349924][T18429] Code: 68 45 4e 00 ba 59 0a 00 00 be 88 36 4e 00 bf 30 3e 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 <41> 56 48 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb [ 629.369537][T18429] RSP: 002b:00007ffcb6694000 EFLAGS: 00010217 [ 629.375617][T18429] RAX: 0000000000008030 RBX: 0000000000715640 RCX: 0000000000458be4 [ 629.383655][T18429] RDX: 00007ffcb6694030 RSI: 0000000000008030 RDI: 0000000000715640 [ 629.391642][T18429] RBP: 0000000000008030 R08: 0000000000000001 R09: 00005555560ac940 [ 629.399657][T18429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcb6695210 [ 629.407941][T18429] R13: 00007ffcb6695200 R14: 0000000000000000 R15: 00007ffcb6695210 01:47:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:02 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x4020940d, &(0x7f0000000000)) 01:47:02 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xff', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:03 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x4020ae46, &(0x7f0000000000)) 01:47:03 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 629.843699][T18429] memory: usage 964kB, limit 0kB, failcnt 134 [ 629.849819][T18429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 629.862557][T18429] Memory cgroup stats for /syz2: [ 629.862661][T18429] anon 0 [ 629.862661][T18429] file 102400 [ 629.862661][T18429] kernel_stack 0 [ 629.862661][T18429] slab 1134592 [ 629.862661][T18429] sock 0 [ 629.862661][T18429] shmem 45056 [ 629.862661][T18429] file_mapped 0 [ 629.862661][T18429] file_dirty 0 [ 629.862661][T18429] file_writeback 0 [ 629.862661][T18429] anon_thp 0 [ 629.862661][T18429] inactive_anon 131072 [ 629.862661][T18429] active_anon 0 [ 629.862661][T18429] inactive_file 0 [ 629.862661][T18429] active_file 0 [ 629.862661][T18429] unevictable 0 [ 629.862661][T18429] slab_reclaimable 405504 [ 629.862661][T18429] slab_unreclaimable 729088 [ 629.862661][T18429] pgfault 30921 [ 629.862661][T18429] pgmajfault 0 [ 629.862661][T18429] workingset_refault 0 [ 629.862661][T18429] workingset_activate 0 01:47:03 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x40305828, &(0x7f0000000000)) [ 629.862661][T18429] workingset_nodereclaim 0 [ 629.862661][T18429] pgrefill 33 [ 629.862661][T18429] pgscan 0 [ 629.862661][T18429] pgsteal 0 [ 629.862661][T18429] pgactivate 0 [ 630.006087][T18429] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18429,uid=0 [ 630.025997][T18429] Memory cgroup out of memory: Killed process 18429 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 630.051739][T18468] bridge_slave_0: FDB only supports static addresses 01:47:03 executing program 3: [ 630.096353][T18464] bridge_slave_0: FDB only supports static addresses 01:47:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:47:04 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:04 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x4090ae82, &(0x7f0000000000)) [ 631.410857][T18490] IPVS: ftp: loaded support on port[0] = 21 [ 631.492537][T18490] chnl_net:caif_netlink_parms(): no params data found [ 631.521962][T18490] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.529517][T18490] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.538256][T18490] device bridge_slave_0 entered promiscuous mode [ 631.546577][T18490] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.553943][T18490] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.561687][T18490] device bridge_slave_1 entered promiscuous mode [ 631.848194][T18490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 631.859263][T18490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 632.011933][T18490] team0: Port device team_slave_0 added [ 632.020436][T18490] team0: Port device team_slave_1 added [ 632.076896][T18490] device hsr_slave_0 entered promiscuous mode [ 632.114005][T18490] device hsr_slave_1 entered promiscuous mode [ 632.174280][T18490] debugfs: Directory 'hsr0' with parent '/' already present! [ 632.489435][T18490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 632.503229][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 632.512069][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 632.524457][T18490] 8021q: adding VLAN 0 to HW filter on device team0 [ 632.674252][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 632.682918][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 632.691718][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.698836][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 632.706718][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 632.716196][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 632.724843][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.731983][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 632.881991][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 632.900013][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 632.908734][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 632.918595][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 632.927410][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 633.076849][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 633.085204][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 633.093945][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 633.102344][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 633.110885][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 633.261857][T18490] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 633.273227][T18490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 633.281311][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 633.289752][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 633.447013][T18490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 633.486153][ T3079] device bridge_slave_1 left promiscuous mode [ 633.492387][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.554599][ T3079] device bridge_slave_0 left promiscuous mode [ 633.560806][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.625026][ T3079] device bridge_slave_1 left promiscuous mode [ 633.631238][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.698312][ T3079] device bridge_slave_0 left promiscuous mode [ 633.704659][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.424363][ T3079] device hsr_slave_0 left promiscuous mode [ 637.463881][ T3079] device hsr_slave_1 left promiscuous mode [ 637.542127][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 637.556493][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 637.567665][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 637.651096][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 637.722385][ T3079] bond0 (unregistering): Released all slaves [ 637.886673][ T3079] device hsr_slave_0 left promiscuous mode [ 637.943860][ T3079] device hsr_slave_1 left promiscuous mode [ 638.021759][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 638.036636][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 638.047619][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 638.080443][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 638.171699][ T3079] bond0 (unregistering): Released all slaves [ 638.421694][T18498] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 638.432299][T18498] CPU: 0 PID: 18498 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 638.441588][T18498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 638.451651][T18498] Call Trace: [ 638.455067][T18498] dump_stack+0x172/0x1f0 [ 638.459401][T18498] dump_header+0x177/0x1152 [ 638.463888][T18498] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 638.469708][T18498] ? ___ratelimit+0x2c8/0x595 [ 638.474387][T18498] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 638.480189][T18498] ? lockdep_hardirqs_on+0x418/0x5d0 [ 638.485463][T18498] ? trace_hardirqs_on+0x67/0x240 [ 638.490487][T18498] ? pagefault_out_of_memory+0x11c/0x11c [ 638.496117][T18498] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 638.501917][T18498] ? ___ratelimit+0x60/0x595 [ 638.506519][T18498] ? do_raw_spin_unlock+0x57/0x270 [ 638.511652][T18498] oom_kill_process.cold+0x10/0x15 [ 638.516790][T18498] out_of_memory+0x334/0x1340 [ 638.521595][T18498] ? __sched_text_start+0x8/0x8 [ 638.526447][T18498] ? oom_killer_disable+0x280/0x280 [ 638.531664][T18498] mem_cgroup_out_of_memory+0x1d8/0x240 [ 638.537244][T18498] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 638.542895][T18498] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 638.548764][T18498] ? cgroup_file_notify+0x140/0x1b0 [ 638.553969][T18498] memory_max_write+0x262/0x3a0 [ 638.558829][T18498] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 638.565582][T18498] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 638.572345][T18498] cgroup_file_write+0x241/0x790 [ 638.577289][T18498] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 638.584046][T18498] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 638.589678][T18498] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 638.595310][T18498] kernfs_fop_write+0x2b8/0x480 [ 638.600165][T18498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 638.606387][T18498] __vfs_write+0x8a/0x110 [ 638.610700][T18498] ? kernfs_fop_open+0xd80/0xd80 [ 638.615645][T18498] vfs_write+0x268/0x5d0 [ 638.619968][T18498] ksys_write+0x14f/0x290 [ 638.624291][T18498] ? __ia32_sys_read+0xb0/0xb0 [ 638.629043][T18498] __x64_sys_write+0x73/0xb0 [ 638.633636][T18498] do_syscall_64+0xfa/0x760 [ 638.638137][T18498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 638.644030][T18498] RIP: 0033:0x459879 [ 638.648288][T18498] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 638.667978][T18498] RSP: 002b:00007feaa4588c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 638.676488][T18498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 638.684571][T18498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 638.692548][T18498] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 638.700518][T18498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaa45896d4 [ 638.708482][T18498] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 638.733970][T18498] memory: usage 3084kB, limit 0kB, failcnt 117 [ 638.741210][T18498] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 638.748642][T18498] Memory cgroup stats for /syz5: [ 638.750272][T18498] anon 2125824 [ 638.750272][T18498] file 0 [ 638.750272][T18498] kernel_stack 0 [ 638.750272][T18498] slab 860160 [ 638.750272][T18498] sock 16384 [ 638.750272][T18498] shmem 28672 [ 638.750272][T18498] file_mapped 0 [ 638.750272][T18498] file_dirty 0 [ 638.750272][T18498] file_writeback 0 [ 638.750272][T18498] anon_thp 2097152 [ 638.750272][T18498] inactive_anon 0 [ 638.750272][T18498] active_anon 2125824 [ 638.750272][T18498] inactive_file 61440 [ 638.750272][T18498] active_file 0 [ 638.750272][T18498] unevictable 176128 [ 638.750272][T18498] slab_reclaimable 405504 [ 638.750272][T18498] slab_unreclaimable 454656 [ 638.750272][T18498] pgfault 24255 [ 638.750272][T18498] pgmajfault 0 [ 638.750272][T18498] workingset_refault 0 [ 638.750272][T18498] workingset_activate 0 [ 638.750272][T18498] workingset_nodereclaim 0 [ 638.750272][T18498] pgrefill 0 [ 638.750272][T18498] pgscan 0 [ 638.750272][T18498] pgsteal 0 [ 638.750272][T18498] pgactivate 0 [ 638.848582][T18498] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18497,uid=0 [ 638.864957][T18498] Memory cgroup out of memory: Killed process 18497 (syz-executor.5) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 638.886692][ T1065] oom_reaper: reaped process 18497 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:47:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:12 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x7}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:12 executing program 3: 01:47:12 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80044323, &(0x7f0000000000)) 01:47:12 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x7f', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:12 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 639.146848][T18490] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 639.171319][T18504] bridge_slave_0: FDB only supports static addresses [ 639.207875][T18490] CPU: 0 PID: 18490 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 639.217026][T18490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.227095][T18490] Call Trace: [ 639.230404][T18490] dump_stack+0x172/0x1f0 [ 639.234834][T18490] dump_header+0x177/0x1152 [ 639.239340][T18490] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 639.245181][T18490] ? ___ratelimit+0x2c8/0x595 [ 639.249867][T18490] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 639.255723][T18490] ? lockdep_hardirqs_on+0x418/0x5d0 [ 639.261012][T18490] ? trace_hardirqs_on+0x67/0x240 [ 639.266033][T18490] ? pagefault_out_of_memory+0x11c/0x11c [ 639.266048][T18490] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 639.266064][T18490] ? ___ratelimit+0x60/0x595 [ 639.266075][T18490] ? do_raw_spin_unlock+0x57/0x270 [ 639.266090][T18490] oom_kill_process.cold+0x10/0x15 [ 639.266106][T18490] out_of_memory+0x334/0x1340 [ 639.266120][T18490] ? lock_downgrade+0x920/0x920 [ 639.266149][T18490] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 639.266166][T18490] ? oom_killer_disable+0x280/0x280 [ 639.312928][T18490] mem_cgroup_out_of_memory+0x1d8/0x240 [ 639.318488][T18490] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 639.324137][T18490] ? do_raw_spin_unlock+0x57/0x270 [ 639.329256][T18490] ? _raw_spin_unlock+0x2d/0x50 [ 639.334119][T18490] try_charge+0xf4b/0x1440 [ 639.338547][T18490] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 639.344100][T18490] ? percpu_ref_tryget_live+0x111/0x290 [ 639.349652][T18490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 01:47:12 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80044326, &(0x7f0000000000)) 01:47:12 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x8c', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 639.355902][T18490] ? __kasan_check_read+0x11/0x20 [ 639.360962][T18490] ? get_mem_cgroup_from_mm+0x156/0x320 [ 639.366534][T18490] mem_cgroup_try_charge+0x136/0x590 [ 639.371828][T18490] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 639.378101][T18490] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 639.383742][T18490] wp_page_copy+0x41e/0x1600 [ 639.388335][T18490] ? find_held_lock+0x35/0x130 [ 639.393125][T18490] ? follow_pfn+0x2a0/0x2a0 [ 639.397646][T18490] ? lock_downgrade+0x920/0x920 [ 639.402511][T18490] ? swp_swapcount+0x540/0x540 01:47:12 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x800454d2, &(0x7f0000000000)) [ 639.407288][T18490] ? __kasan_check_read+0x11/0x20 [ 639.412317][T18490] ? do_raw_spin_unlock+0x57/0x270 [ 639.417443][T18490] do_wp_page+0x499/0x14d0 [ 639.421980][T18490] ? finish_mkwrite_fault+0x570/0x570 [ 639.427368][T18490] __handle_mm_fault+0x22f1/0x3f20 [ 639.432494][T18490] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 639.438091][T18490] ? __kasan_check_read+0x11/0x20 [ 639.443146][T18490] handle_mm_fault+0x1b5/0x6c0 [ 639.447925][T18490] __do_page_fault+0x536/0xdd0 [ 639.452708][T18490] do_page_fault+0x38/0x590 [ 639.457228][T18490] page_fault+0x39/0x40 [ 639.461381][T18490] RIP: 0033:0x430956 [ 639.465280][T18490] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 639.484887][T18490] RSP: 002b:00007ffc7e344350 EFLAGS: 00010206 [ 639.490983][T18490] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 639.498955][T18490] RDX: 000055555616f930 RSI: 0000555556177970 RDI: 0000000000000003 [ 639.506935][T18490] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555616e940 [ 639.514920][T18490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 639.523332][T18490] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 01:47:13 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80086301, &(0x7f0000000000)) 01:47:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x48}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:13 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xf0', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 639.651627][T18490] memory: usage 752kB, limit 0kB, failcnt 125 [ 639.704151][T18490] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 639.711058][T18490] Memory cgroup stats for /syz5: [ 639.711171][T18490] anon 24576 [ 639.711171][T18490] file 0 [ 639.711171][T18490] kernel_stack 0 [ 639.711171][T18490] slab 860160 [ 639.711171][T18490] sock 16384 [ 639.711171][T18490] shmem 28672 [ 639.711171][T18490] file_mapped 0 [ 639.711171][T18490] file_dirty 0 [ 639.711171][T18490] file_writeback 0 [ 639.711171][T18490] anon_thp 0 [ 639.711171][T18490] inactive_anon 0 [ 639.711171][T18490] active_anon 24576 [ 639.711171][T18490] inactive_file 61440 [ 639.711171][T18490] active_file 0 [ 639.711171][T18490] unevictable 176128 [ 639.711171][T18490] slab_reclaimable 405504 [ 639.711171][T18490] slab_unreclaimable 454656 [ 639.711171][T18490] pgfault 24255 [ 639.711171][T18490] pgmajfault 0 [ 639.711171][T18490] workingset_refault 0 [ 639.711171][T18490] workingset_activate 0 [ 639.711171][T18490] workingset_nodereclaim 0 [ 639.711171][T18490] pgrefill 0 [ 639.711171][T18490] pgscan 0 [ 639.711171][T18490] pgsteal 0 [ 639.711171][T18490] pgactivate 0 [ 639.837661][T18523] bridge_slave_0: FDB only supports static addresses [ 640.033810][T18490] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18490,uid=0 [ 640.063823][T18490] Memory cgroup out of memory: Killed process 18490 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 01:47:14 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:14 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xf6', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 641.535445][T18533] IPVS: ftp: loaded support on port[0] = 21 [ 641.650319][T18533] chnl_net:caif_netlink_parms(): no params data found [ 641.700618][T18533] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.707918][T18533] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.716001][T18533] device bridge_slave_0 entered promiscuous mode [ 641.723866][T18533] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.731000][T18533] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.740316][T18533] device bridge_slave_1 entered promiscuous mode [ 641.761324][T18533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 641.772524][T18533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 641.792433][T18533] team0: Port device team_slave_0 added [ 641.799756][T18533] team0: Port device team_slave_1 added [ 641.877264][T18533] device hsr_slave_0 entered promiscuous mode [ 641.914178][T18533] device hsr_slave_1 entered promiscuous mode [ 641.973814][T18533] debugfs: Directory 'hsr0' with parent '/' already present! [ 642.160206][T18533] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.167476][T18533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.174937][T18533] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.182439][T18533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 642.283391][T18536] IPVS: ftp: loaded support on port[0] = 21 [ 642.402997][T18533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.495147][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 642.503440][ T9063] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.512143][ T9063] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.520372][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 642.543305][T18533] 8021q: adding VLAN 0 to HW filter on device team0 [ 642.684032][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 642.692601][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.699773][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 642.719983][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 642.729700][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 642.738912][T17988] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.746169][T17988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.754985][T18536] chnl_net:caif_netlink_parms(): no params data found [ 642.838614][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 642.850815][T18539] IPVS: ftp: loaded support on port[0] = 21 [ 642.854944][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 642.964968][T18536] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.972111][T18536] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.980421][T18536] device bridge_slave_0 entered promiscuous mode [ 642.990517][T18536] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.997689][T18536] bridge0: port 2(bridge_slave_1) entered disabled state [ 643.006950][T18536] device bridge_slave_1 entered promiscuous mode [ 643.015185][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 643.028004][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 643.036914][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 643.139146][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 643.149543][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 643.170343][T18536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 643.260562][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 643.269526][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 643.282812][T18533] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 643.295428][T18533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 643.305159][T18536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 643.330433][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 643.339100][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 643.349280][ T3079] device bridge_slave_1 left promiscuous mode [ 643.356057][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 643.405370][ T3079] device bridge_slave_0 left promiscuous mode [ 643.411583][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.324091][ T3079] device hsr_slave_0 left promiscuous mode [ 645.393804][ T3079] device hsr_slave_1 left promiscuous mode [ 645.461360][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 645.475472][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 645.486610][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 645.520139][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 645.610440][ T3079] bond0 (unregistering): Released all slaves [ 645.721177][T18536] team0: Port device team_slave_0 added [ 645.745232][T18536] team0: Port device team_slave_1 added [ 645.797846][T18533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 645.856434][T18536] device hsr_slave_0 entered promiscuous mode [ 645.904115][T18536] device hsr_slave_1 entered promiscuous mode [ 645.943705][T18536] debugfs: Directory 'hsr0' with parent '/' already present! [ 645.951411][T18539] chnl_net:caif_netlink_parms(): no params data found [ 646.049961][T18539] bridge0: port 1(bridge_slave_0) entered blocking state [ 646.059125][T18539] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.067549][T18539] device bridge_slave_0 entered promiscuous mode [ 646.076585][T18539] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.084965][T18539] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.093077][T18539] device bridge_slave_1 entered promiscuous mode [ 646.128003][T18539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.169475][T18539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.217045][T18539] team0: Port device team_slave_0 added [ 646.256333][T18539] team0: Port device team_slave_1 added [ 646.310773][T18547] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 646.330192][T18547] CPU: 1 PID: 18547 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 646.339316][T18547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.339323][T18547] Call Trace: [ 646.339347][T18547] dump_stack+0x172/0x1f0 [ 646.339379][T18547] dump_header+0x177/0x1152 [ 646.339405][T18547] ? pagefault_out_of_memory+0x11c/0x11c [ 646.339425][T18547] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 646.373850][T18547] ? ___ratelimit+0x60/0x595 [ 646.373865][T18547] ? do_raw_spin_unlock+0x57/0x270 [ 646.373884][T18547] oom_kill_process.cold+0x10/0x15 [ 646.373900][T18547] out_of_memory+0x334/0x1340 [ 646.373927][T18547] ? __sched_text_start+0x8/0x8 [ 646.388864][T18547] ? oom_killer_disable+0x280/0x280 [ 646.388893][T18547] mem_cgroup_out_of_memory+0x1d8/0x240 [ 646.388908][T18547] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 646.388930][T18547] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 646.404790][T18547] ? cgroup_file_notify+0x140/0x1b0 [ 646.404811][T18547] memory_max_write+0x262/0x3a0 [ 646.404832][T18547] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 646.404853][T18547] ? lock_acquire+0x190/0x410 [ 646.428176][T18547] ? kernfs_fop_write+0x227/0x480 [ 646.428201][T18547] cgroup_file_write+0x241/0x790 [ 646.428223][T18547] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 646.442199][T18547] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 646.442223][T18547] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 646.442243][T18547] kernfs_fop_write+0x2b8/0x480 [ 646.467554][T18547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 646.467575][T18547] __vfs_write+0x8a/0x110 [ 646.467591][T18547] ? kernfs_fop_open+0xd80/0xd80 [ 646.467606][T18547] vfs_write+0x268/0x5d0 [ 646.467624][T18547] ksys_write+0x14f/0x290 [ 646.492961][T18547] ? __ia32_sys_read+0xb0/0xb0 [ 646.503349][T18547] ? do_syscall_64+0x26/0x760 [ 646.516938][T18547] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.516955][T18547] ? do_syscall_64+0x26/0x760 [ 646.516977][T18547] __x64_sys_write+0x73/0xb0 [ 646.537263][T18547] do_syscall_64+0xfa/0x760 [ 646.537284][T18547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.537299][T18547] RIP: 0033:0x459879 [ 646.548105][T18547] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 646.548114][T18547] RSP: 002b:00007f762d959c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 646.548125][T18547] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 646.548134][T18547] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 646.548141][T18547] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 646.548149][T18547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f762d95a6d4 [ 646.548156][T18547] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 646.561332][T18547] memory: usage 3240kB, limit 0kB, failcnt 135 [ 646.631362][T18547] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 646.638604][T18547] Memory cgroup stats for /syz2: [ 646.640007][T18547] anon 2125824 [ 646.640007][T18547] file 102400 [ 646.640007][T18547] kernel_stack 0 [ 646.640007][T18547] slab 860160 [ 646.640007][T18547] sock 0 [ 646.640007][T18547] shmem 45056 [ 646.640007][T18547] file_mapped 0 [ 646.640007][T18547] file_dirty 0 [ 646.640007][T18547] file_writeback 0 [ 646.640007][T18547] anon_thp 2097152 [ 646.640007][T18547] inactive_anon 131072 [ 646.640007][T18547] active_anon 2125824 [ 646.640007][T18547] inactive_file 0 [ 646.640007][T18547] active_file 0 [ 646.640007][T18547] unevictable 0 [ 646.640007][T18547] slab_reclaimable 270336 [ 646.640007][T18547] slab_unreclaimable 589824 [ 646.640007][T18547] pgfault 30987 [ 646.640007][T18547] pgmajfault 0 [ 646.640007][T18547] workingset_refault 0 [ 646.640007][T18547] workingset_activate 0 [ 646.640007][T18547] workingset_nodereclaim 0 [ 646.640007][T18547] pgrefill 33 [ 646.640007][T18547] pgscan 0 [ 646.640007][T18547] pgsteal 0 [ 646.640007][T18547] pgactivate 0 [ 646.750171][T18547] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18546,uid=0 [ 646.775380][T18547] Memory cgroup out of memory: Killed process 18546 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 646.803697][ T1065] oom_reaper: reaped process 18546 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 646.886831][T18539] device hsr_slave_0 entered promiscuous mode [ 646.924060][T18539] device hsr_slave_1 entered promiscuous mode [ 646.963670][T18539] debugfs: Directory 'hsr0' with parent '/' already present! [ 647.054969][T18536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 647.098814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 647.110904][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 647.140275][T18536] 8021q: adding VLAN 0 to HW filter on device team0 [ 647.180348][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 647.195127][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 647.224402][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.231492][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 647.258111][T18539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 647.266429][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 647.275939][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 647.291858][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 647.303050][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.310282][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 647.326970][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 647.340285][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 647.351773][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 647.368573][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 647.391552][T18539] 8021q: adding VLAN 0 to HW filter on device team0 [ 647.416065][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 647.432538][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 647.440991][T18533] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 647.442627][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 647.463652][T18533] CPU: 1 PID: 18533 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 647.469001][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 647.472866][T18533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 647.482110][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 647.490778][T18533] Call Trace: [ 647.490802][T18533] dump_stack+0x172/0x1f0 [ 647.490822][T18533] dump_header+0x177/0x1152 [ 647.490837][T18533] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 647.490849][T18533] ? ___ratelimit+0x2c8/0x595 [ 647.490867][T18533] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 647.499964][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 647.501949][T18533] ? lockdep_hardirqs_on+0x418/0x5d0 [ 647.507395][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 647.510835][T18533] ? trace_hardirqs_on+0x67/0x240 [ 647.552827][T18533] ? pagefault_out_of_memory+0x11c/0x11c [ 647.558458][T18533] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 647.564273][T18533] ? ___ratelimit+0x60/0x595 [ 647.568856][T18533] ? do_raw_spin_unlock+0x57/0x270 [ 647.573969][T18533] oom_kill_process.cold+0x10/0x15 [ 647.579166][T18533] out_of_memory+0x334/0x1340 [ 647.583843][T18533] ? lock_downgrade+0x920/0x920 [ 647.588692][T18533] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 647.594496][T18533] ? oom_killer_disable+0x280/0x280 [ 647.599704][T18533] mem_cgroup_out_of_memory+0x1d8/0x240 [ 647.605249][T18533] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 647.610883][T18533] ? do_raw_spin_unlock+0x57/0x270 [ 647.616034][T18533] ? _raw_spin_unlock+0x2d/0x50 [ 647.620885][T18533] try_charge+0xf4b/0x1440 [ 647.625308][T18533] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 647.630849][T18533] ? percpu_ref_tryget_live+0x111/0x290 [ 647.636381][T18533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 647.642609][T18533] ? __kasan_check_read+0x11/0x20 [ 647.647624][T18533] ? get_mem_cgroup_from_mm+0x156/0x320 [ 647.653156][T18533] mem_cgroup_try_charge+0x136/0x590 [ 647.658425][T18533] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 647.664656][T18533] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 647.670274][T18533] wp_page_copy+0x41e/0x1600 [ 647.674847][T18533] ? find_held_lock+0x35/0x130 [ 647.679595][T18533] ? follow_pfn+0x2a0/0x2a0 [ 647.684079][T18533] ? lock_downgrade+0x920/0x920 [ 647.688927][T18533] ? swp_swapcount+0x540/0x540 [ 647.693677][T18533] ? __kasan_check_read+0x11/0x20 [ 647.698686][T18533] ? do_raw_spin_unlock+0x57/0x270 [ 647.703811][T18533] do_wp_page+0x499/0x14d0 [ 647.708299][T18533] ? finish_mkwrite_fault+0x570/0x570 [ 647.713661][T18533] __handle_mm_fault+0x22f1/0x3f20 [ 647.718758][T18533] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 647.724299][T18533] ? __kasan_check_read+0x11/0x20 [ 647.729310][T18533] handle_mm_fault+0x1b5/0x6c0 [ 647.734067][T18533] __do_page_fault+0x536/0xdd0 [ 647.738821][T18533] do_page_fault+0x38/0x590 [ 647.743311][T18533] page_fault+0x39/0x40 [ 647.747447][T18533] RIP: 0033:0x430956 [ 647.751328][T18533] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 647.770922][T18533] RSP: 002b:00007ffc4695c920 EFLAGS: 00010206 [ 647.776987][T18533] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 647.784945][T18533] RDX: 000055555616c930 RSI: 0000555556174970 RDI: 0000000000000003 [ 647.792901][T18533] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555616b940 [ 647.800851][T18533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 647.808803][T18533] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 647.827747][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 647.837151][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 647.845703][T17538] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.852858][T17538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 647.861206][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 647.871737][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 647.882325][T17538] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.889452][T17538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 647.901694][T18536] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 647.912500][T18533] memory: usage 900kB, limit 0kB, failcnt 143 [ 647.918648][T18533] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 647.926123][T18533] Memory cgroup stats for /syz2: [ 647.926234][T18533] anon 24576 [ 647.926234][T18533] file 102400 [ 647.926234][T18533] kernel_stack 0 [ 647.926234][T18533] slab 860160 [ 647.926234][T18533] sock 0 [ 647.926234][T18533] shmem 45056 [ 647.926234][T18533] file_mapped 0 [ 647.926234][T18533] file_dirty 0 [ 647.926234][T18533] file_writeback 0 [ 647.926234][T18533] anon_thp 0 [ 647.926234][T18533] inactive_anon 131072 [ 647.926234][T18533] active_anon 24576 [ 647.926234][T18533] inactive_file 0 [ 647.926234][T18533] active_file 0 [ 647.926234][T18533] unevictable 0 [ 647.926234][T18533] slab_reclaimable 270336 [ 647.926234][T18533] slab_unreclaimable 589824 [ 647.926234][T18533] pgfault 30987 [ 647.926234][T18533] pgmajfault 0 [ 647.926234][T18533] workingset_refault 0 [ 647.926234][T18533] workingset_activate 0 [ 647.926234][T18533] workingset_nodereclaim 0 [ 647.926234][T18533] pgrefill 33 [ 647.926234][T18533] pgscan 0 [ 647.926234][T18533] pgsteal 0 [ 647.926234][T18533] pgactivate 0 [ 647.930975][T18536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 647.931234][T18533] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18533,uid=0 [ 648.035452][T18536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 648.055516][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 648.065523][T18533] Memory cgroup out of memory: Killed process 18533 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 648.071744][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 648.103217][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 648.112168][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 648.142099][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 648.152166][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 648.162752][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 648.199624][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 648.209784][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 648.226028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 648.241578][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 648.250404][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 648.259194][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 648.270373][T18539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 648.487252][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 648.509754][T18539] 8021q: adding VLAN 0 to HW filter on device batadv0 01:47:22 executing program 3: 01:47:22 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4c}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:22 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80104592, &(0x7f0000000000)) 01:47:22 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xfe', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 648.654917][T18558] bridge_slave_0: FDB only supports static addresses 01:47:22 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x60}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:22 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80108906, &(0x7f0000000000)) 01:47:22 executing program 3: 01:47:22 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 648.901684][T18569] bridge_slave_0: FDB only supports static addresses 01:47:22 executing program 3: [ 649.224877][T18579] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 649.271127][T18579] CPU: 0 PID: 18579 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 649.280374][T18579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.291152][T18579] Call Trace: [ 649.294802][T18579] dump_stack+0x172/0x1f0 [ 649.299148][T18579] dump_header+0x177/0x1152 [ 649.303835][T18579] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 649.309643][T18579] ? ___ratelimit+0x2c8/0x595 [ 649.314322][T18579] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 649.320310][T18579] ? lockdep_hardirqs_on+0x418/0x5d0 [ 649.325610][T18579] ? trace_hardirqs_on+0x67/0x240 [ 649.330644][T18579] ? pagefault_out_of_memory+0x11c/0x11c [ 649.336290][T18579] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 649.342100][T18579] ? ___ratelimit+0x60/0x595 [ 649.346808][T18579] oom_kill_process.cold+0x10/0x15 [ 649.351930][T18579] out_of_memory+0x334/0x1340 [ 649.357060][T18579] ? __sched_text_start+0x8/0x8 [ 649.361912][T18579] ? oom_killer_disable+0x280/0x280 [ 649.367141][T18579] mem_cgroup_out_of_memory+0x1d8/0x240 [ 649.372692][T18579] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 649.379917][T18579] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 649.385999][T18579] ? cgroup_file_notify+0x140/0x1b0 [ 649.391213][T18579] memory_max_write+0x262/0x3a0 [ 649.396088][T18579] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 649.402865][T18579] ? lock_acquire+0x190/0x410 [ 649.407640][T18579] ? kernfs_fop_write+0x227/0x480 [ 649.412690][T18579] cgroup_file_write+0x241/0x790 [ 649.417652][T18579] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 649.424505][T18579] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 649.430153][T18579] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 649.435805][T18579] kernfs_fop_write+0x2b8/0x480 [ 649.440670][T18579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 649.446917][T18579] __vfs_write+0x8a/0x110 [ 649.451256][T18579] ? kernfs_fop_open+0xd80/0xd80 [ 649.456197][T18579] vfs_write+0x268/0x5d0 [ 649.460439][T18579] ksys_write+0x14f/0x290 [ 649.464768][T18579] ? __ia32_sys_read+0xb0/0xb0 [ 649.469538][T18579] ? do_syscall_64+0x26/0x760 [ 649.474302][T18579] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 649.480455][T18579] ? do_syscall_64+0x26/0x760 [ 649.485151][T18579] __x64_sys_write+0x73/0xb0 [ 649.489746][T18579] do_syscall_64+0xfa/0x760 [ 649.494257][T18579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 649.500148][T18579] RIP: 0033:0x459879 [ 649.504049][T18579] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 649.523660][T18579] RSP: 002b:00007f47a434bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 649.532076][T18579] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 649.540046][T18579] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 649.548026][T18579] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 649.555999][T18579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47a434c6d4 [ 649.563981][T18579] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 649.815630][T18579] memory: usage 3212kB, limit 0kB, failcnt 126 [ 649.821836][T18579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 649.829573][T18579] Memory cgroup stats for /syz5: [ 649.829685][T18579] anon 2138112 [ 649.829685][T18579] file 0 [ 649.829685][T18579] kernel_stack 65536 [ 649.829685][T18579] slab 860160 [ 649.829685][T18579] sock 16384 [ 649.829685][T18579] shmem 28672 [ 649.829685][T18579] file_mapped 0 [ 649.829685][T18579] file_dirty 0 [ 649.829685][T18579] file_writeback 0 [ 649.829685][T18579] anon_thp 2097152 [ 649.829685][T18579] inactive_anon 0 [ 649.829685][T18579] active_anon 2138112 [ 649.829685][T18579] inactive_file 61440 [ 649.829685][T18579] active_file 0 [ 649.829685][T18579] unevictable 176128 [ 649.829685][T18579] slab_reclaimable 405504 [ 649.829685][T18579] slab_unreclaimable 454656 [ 649.829685][T18579] pgfault 24354 [ 649.829685][T18579] pgmajfault 0 [ 649.829685][T18579] workingset_refault 0 [ 649.829685][T18579] workingset_activate 0 [ 649.829685][T18579] workingset_nodereclaim 0 [ 649.829685][T18579] pgrefill 0 [ 649.829685][T18579] pgscan 0 [ 649.829685][T18579] pgsteal 0 [ 649.829685][T18579] pgactivate 0 [ 649.927791][T18579] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18571,uid=0 [ 649.944938][T18579] Memory cgroup out of memory: Killed process 18571 (syz-executor.5) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 649.964226][ T1065] oom_reaper: reaped process 18571 (syz-executor.5), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 01:47:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:23 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x80108907, &(0x7f0000000000)) 01:47:23 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:23 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x68}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 650.080519][T18539] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 650.086665][T18592] bridge_slave_0: FDB only supports static addresses [ 650.098142][T18539] CPU: 0 PID: 18539 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 650.107265][T18539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 650.107271][T18539] Call Trace: [ 650.107293][T18539] dump_stack+0x172/0x1f0 [ 650.107317][T18539] dump_header+0x177/0x1152 [ 650.125062][T18539] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 650.125078][T18539] ? ___ratelimit+0x2c8/0x595 [ 650.125091][T18539] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 650.125109][T18539] ? lockdep_hardirqs_on+0x418/0x5d0 [ 650.125124][T18539] ? trace_hardirqs_on+0x67/0x240 [ 650.125139][T18539] ? pagefault_out_of_memory+0x11c/0x11c [ 650.125157][T18539] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 650.135437][T18539] ? ___ratelimit+0x60/0x595 [ 650.135450][T18539] ? do_raw_spin_unlock+0x57/0x270 01:47:23 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6c}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 650.135469][T18539] oom_kill_process.cold+0x10/0x15 [ 650.135486][T18539] out_of_memory+0x334/0x1340 [ 650.135500][T18539] ? lock_downgrade+0x920/0x920 [ 650.135523][T18539] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 650.135540][T18539] ? oom_killer_disable+0x280/0x280 [ 650.203102][T18539] mem_cgroup_out_of_memory+0x1d8/0x240 [ 650.208653][T18539] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 650.214296][T18539] ? do_raw_spin_unlock+0x57/0x270 [ 650.219525][T18539] ? _raw_spin_unlock+0x2d/0x50 [ 650.224387][T18539] try_charge+0xf4b/0x1440 [ 650.228818][T18539] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 650.234368][T18539] ? percpu_ref_tryget_live+0x111/0x290 [ 650.239923][T18539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 650.246182][T18539] ? __kasan_check_read+0x11/0x20 [ 650.251224][T18539] ? get_mem_cgroup_from_mm+0x156/0x320 [ 650.256871][T18539] mem_cgroup_try_charge+0x136/0x590 [ 650.262163][T18539] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 650.268417][T18539] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 650.274141][T18539] wp_page_copy+0x41e/0x1600 [ 650.278742][T18539] ? find_held_lock+0x35/0x130 [ 650.283523][T18539] ? follow_pfn+0x2a0/0x2a0 [ 650.288030][T18539] ? lock_downgrade+0x920/0x920 [ 650.292879][T18539] ? swp_swapcount+0x540/0x540 [ 650.297626][T18539] ? __kasan_check_read+0x11/0x20 [ 650.302633][T18539] ? do_raw_spin_unlock+0x57/0x270 [ 650.307727][T18539] do_wp_page+0x499/0x14d0 [ 650.312128][T18539] ? finish_mkwrite_fault+0x570/0x570 [ 650.317490][T18539] __handle_mm_fault+0x22f1/0x3f20 [ 650.322616][T18539] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 650.328181][T18539] ? __kasan_check_read+0x11/0x20 [ 650.333200][T18539] handle_mm_fault+0x1b5/0x6c0 [ 650.337955][T18539] __do_page_fault+0x536/0xdd0 [ 650.342712][T18539] do_page_fault+0x38/0x590 [ 650.347202][T18539] page_fault+0x39/0x40 [ 650.351333][T18539] RIP: 0033:0x430956 [ 650.355211][T18539] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 650.374801][T18539] RSP: 002b:00007ffd56cbc230 EFLAGS: 00010206 [ 650.380848][T18539] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 650.388809][T18539] RDX: 00005555557b2930 RSI: 00005555557ba970 RDI: 0000000000000003 [ 650.396792][T18539] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555557b1940 [ 650.404753][T18539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 650.412715][T18539] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 650.455513][T18539] memory: usage 828kB, limit 0kB, failcnt 134 [ 650.465657][T18539] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 650.472535][T18539] Memory cgroup stats for /syz5: [ 650.472647][T18539] anon 94208 [ 650.472647][T18539] file 0 [ 650.472647][T18539] kernel_stack 65536 [ 650.472647][T18539] slab 860160 [ 650.472647][T18539] sock 16384 [ 650.472647][T18539] shmem 28672 [ 650.472647][T18539] file_mapped 0 [ 650.472647][T18539] file_dirty 0 [ 650.472647][T18539] file_writeback 0 [ 650.472647][T18539] anon_thp 0 [ 650.472647][T18539] inactive_anon 0 [ 650.472647][T18539] active_anon 94208 [ 650.472647][T18539] inactive_file 61440 [ 650.472647][T18539] active_file 0 [ 650.472647][T18539] unevictable 176128 [ 650.472647][T18539] slab_reclaimable 405504 [ 650.472647][T18539] slab_unreclaimable 454656 [ 650.472647][T18539] pgfault 24354 [ 650.472647][T18539] pgmajfault 0 [ 650.472647][T18539] workingset_refault 0 [ 650.472647][T18539] workingset_activate 0 [ 650.472647][T18539] workingset_nodereclaim 0 [ 650.472647][T18539] pgrefill 0 [ 650.472647][T18539] pgscan 0 [ 650.472647][T18539] pgsteal 0 [ 650.472647][T18539] pgactivate 0 [ 650.568950][T18539] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18539,uid=0 [ 650.591903][T18539] Memory cgroup out of memory: Killed process 18539 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 650.616148][ T1065] oom_reaper: reaped process 18539 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 650.627438][T18598] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 650.638485][T18598] CPU: 1 PID: 18598 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 650.647613][T18598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 650.657670][T18598] Call Trace: [ 650.660942][T18598] dump_stack+0x172/0x1f0 [ 650.665253][T18598] dump_header+0x177/0x1152 [ 650.669739][T18598] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 650.675523][T18598] ? ___ratelimit+0x2c8/0x595 [ 650.680176][T18598] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 650.685965][T18598] ? lockdep_hardirqs_on+0x418/0x5d0 [ 650.691234][T18598] ? trace_hardirqs_on+0x67/0x240 [ 650.696288][T18598] ? pagefault_out_of_memory+0x11c/0x11c [ 650.701906][T18598] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 650.707693][T18598] ? ___ratelimit+0x60/0x595 [ 650.712258][T18598] ? do_raw_spin_unlock+0x57/0x270 [ 650.717355][T18598] oom_kill_process.cold+0x10/0x15 [ 650.722447][T18598] out_of_memory+0x334/0x1340 [ 650.727104][T18598] ? oom_killer_disable+0x280/0x280 [ 650.732375][T18598] mem_cgroup_out_of_memory+0x1d8/0x240 [ 650.737898][T18598] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 650.743514][T18598] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 650.749303][T18598] ? cgroup_file_notify+0x140/0x1b0 [ 650.754504][T18598] memory_max_write+0x262/0x3a0 [ 650.759338][T18598] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 650.767893][T18598] ? lock_acquire+0x190/0x410 [ 650.772548][T18598] ? kernfs_fop_write+0x227/0x480 [ 650.777553][T18598] cgroup_file_write+0x241/0x790 [ 650.782494][T18598] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 650.789255][T18598] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 650.794871][T18598] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 650.800487][T18598] kernfs_fop_write+0x2b8/0x480 [ 650.805336][T18598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 650.811556][T18598] __vfs_write+0x8a/0x110 [ 650.815868][T18598] ? kernfs_fop_open+0xd80/0xd80 [ 650.820785][T18598] vfs_write+0x268/0x5d0 [ 650.825018][T18598] ksys_write+0x14f/0x290 [ 650.829325][T18598] ? __ia32_sys_read+0xb0/0xb0 [ 650.834090][T18598] ? do_syscall_64+0x26/0x760 [ 650.838754][T18598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 650.844799][T18598] ? do_syscall_64+0x26/0x760 [ 650.849459][T18598] __x64_sys_write+0x73/0xb0 [ 650.854030][T18598] do_syscall_64+0xfa/0x760 [ 650.858513][T18598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 650.864382][T18598] RIP: 0033:0x459879 [ 650.868258][T18598] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 650.887841][T18598] RSP: 002b:00007f4329f54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 650.896335][T18598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 650.904289][T18598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 650.912238][T18598] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 650.920189][T18598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4329f556d4 [ 650.928136][T18598] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 650.941919][T18598] memory: usage 3912kB, limit 0kB, failcnt 135 [ 650.942022][T18604] bridge_slave_0: FDB only supports static addresses [ 650.960117][T18598] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 650.970850][T18598] Memory cgroup stats for /syz3: [ 650.970965][T18598] anon 2117632 [ 650.970965][T18598] file 192512 [ 650.970965][T18598] kernel_stack 65536 [ 650.970965][T18598] slab 1728512 [ 650.970965][T18598] sock 0 [ 650.970965][T18598] shmem 12288 [ 650.970965][T18598] file_mapped 0 [ 650.970965][T18598] file_dirty 135168 [ 650.970965][T18598] file_writeback 0 [ 650.970965][T18598] anon_thp 2097152 [ 650.970965][T18598] inactive_anon 135168 [ 650.970965][T18598] active_anon 2117632 [ 650.970965][T18598] inactive_file 81920 [ 650.970965][T18598] active_file 0 [ 650.970965][T18598] unevictable 0 [ 650.970965][T18598] slab_reclaimable 675840 [ 650.970965][T18598] slab_unreclaimable 1052672 [ 650.970965][T18598] pgfault 25311 [ 650.970965][T18598] pgmajfault 0 [ 650.970965][T18598] workingset_refault 0 [ 650.970965][T18598] workingset_activate 0 [ 650.970965][T18598] workingset_nodereclaim 0 [ 650.970965][T18598] pgrefill 33 [ 650.970965][T18598] pgscan 254 [ 650.970965][T18598] pgsteal 220 [ 650.970965][T18598] pgactivate 0 [ 651.079293][T18598] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18593,uid=0 [ 651.103740][T18598] Memory cgroup out of memory: Killed process 18593 (syz-executor.3) total-vm:72708kB, anon-rss:2200kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 651.150464][ T1065] oom_reaper: reaped process 18593 (syz-executor.3), now anon-rss:0kB, file-rss:34876kB, shmem-rss:0kB [ 651.340383][T18608] IPVS: ftp: loaded support on port[0] = 21 [ 651.697925][T18608] chnl_net:caif_netlink_parms(): no params data found [ 651.800434][T18608] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.807841][T18608] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.815652][T18608] device bridge_slave_0 entered promiscuous mode [ 651.823373][T18608] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.830560][T18608] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.838378][T18608] device bridge_slave_1 entered promiscuous mode [ 651.926149][T18608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 651.937424][T18608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 651.958427][T18608] team0: Port device team_slave_0 added [ 651.965430][T18608] team0: Port device team_slave_1 added [ 652.035898][T18608] device hsr_slave_0 entered promiscuous mode [ 652.074044][T18608] device hsr_slave_1 entered promiscuous mode [ 652.113728][T18608] debugfs: Directory 'hsr0' with parent '/' already present! [ 652.122155][ T3079] device bridge_slave_1 left promiscuous mode [ 652.128608][ T3079] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.194746][ T3079] device bridge_slave_0 left promiscuous mode [ 652.200957][ T3079] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.164286][ T3079] device hsr_slave_0 left promiscuous mode [ 654.203917][ T3079] device hsr_slave_1 left promiscuous mode [ 654.256553][ T3079] team0 (unregistering): Port device team_slave_1 removed [ 654.270753][ T3079] team0 (unregistering): Port device team_slave_0 removed [ 654.282543][ T3079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 654.312655][ T3079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 654.393513][ T3079] bond0 (unregistering): Released all slaves [ 654.561630][T18608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 654.576594][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 654.586227][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 654.596099][T18608] 8021q: adding VLAN 0 to HW filter on device team0 [ 654.606307][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 654.615430][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 654.624274][T17988] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.631337][T17988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 654.704933][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 654.718412][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 654.729370][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 654.743508][T17988] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.750646][T17988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 654.766512][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 654.802770][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 654.812072][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 654.832097][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 654.848179][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 654.858035][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 654.867081][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 654.875917][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 654.885008][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 654.893430][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 654.904891][T18608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 654.920824][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 654.953378][T18608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 655.226297][T18617] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 655.245751][T18617] CPU: 1 PID: 18617 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 655.254877][T18617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 655.264933][T18617] Call Trace: [ 655.268230][T18617] dump_stack+0x172/0x1f0 [ 655.272567][T18617] dump_header+0x177/0x1152 [ 655.277071][T18617] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 655.282878][T18617] ? ___ratelimit+0x2c8/0x595 [ 655.287554][T18617] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 655.293360][T18617] ? lockdep_hardirqs_on+0x418/0x5d0 [ 655.298642][T18617] ? trace_hardirqs_on+0x67/0x240 [ 655.303665][T18617] ? pagefault_out_of_memory+0x11c/0x11c [ 655.309385][T18617] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 655.315193][T18617] ? ___ratelimit+0x60/0x595 [ 655.319779][T18617] ? do_raw_spin_unlock+0x57/0x270 [ 655.324888][T18617] oom_kill_process.cold+0x10/0x15 [ 655.329996][T18617] out_of_memory+0x334/0x1340 [ 655.334672][T18617] ? retint_kernel+0x2b/0x2b [ 655.339264][T18617] ? oom_killer_disable+0x280/0x280 [ 655.344456][T18617] ? out_of_memory+0x25/0x1340 [ 655.349226][T18617] mem_cgroup_out_of_memory+0x1d8/0x240 [ 655.354772][T18617] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 655.360406][T18617] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 655.366215][T18617] ? cgroup_file_notify+0x140/0x1b0 [ 655.371424][T18617] memory_max_write+0x262/0x3a0 [ 655.376282][T18617] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 655.383038][T18617] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 655.388499][T18617] cgroup_file_write+0x241/0x790 [ 655.393437][T18617] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 655.400194][T18617] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 655.405830][T18617] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 655.411475][T18617] kernfs_fop_write+0x2b8/0x480 [ 655.416327][T18617] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 655.422574][T18617] __vfs_write+0x8a/0x110 [ 655.427074][T18617] ? kernfs_fop_open+0xd80/0xd80 [ 655.432010][T18617] vfs_write+0x268/0x5d0 [ 655.436255][T18617] ksys_write+0x14f/0x290 [ 655.440582][T18617] ? __ia32_sys_read+0xb0/0xb0 [ 655.445352][T18617] __x64_sys_write+0x73/0xb0 [ 655.449940][T18617] ? do_syscall_64+0x5b/0x760 [ 655.454618][T18617] do_syscall_64+0xfa/0x760 [ 655.459130][T18617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 655.465017][T18617] RIP: 0033:0x459879 [ 655.468906][T18617] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 655.488503][T18617] RSP: 002b:00007f8e27cafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 655.496918][T18617] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 655.504882][T18617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 655.512847][T18617] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 655.520811][T18617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e27cb06d4 [ 655.528771][T18617] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 655.551158][T18617] memory: usage 3204kB, limit 0kB, failcnt 144 [ 655.557926][T18617] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.566289][T18617] Memory cgroup stats for /syz2: [ 655.567697][T18617] anon 2142208 [ 655.567697][T18617] file 102400 [ 655.567697][T18617] kernel_stack 65536 [ 655.567697][T18617] slab 860160 [ 655.567697][T18617] sock 0 [ 655.567697][T18617] shmem 45056 [ 655.567697][T18617] file_mapped 0 [ 655.567697][T18617] file_dirty 0 [ 655.567697][T18617] file_writeback 0 [ 655.567697][T18617] anon_thp 2097152 [ 655.567697][T18617] inactive_anon 131072 [ 655.567697][T18617] active_anon 2142208 [ 655.567697][T18617] inactive_file 0 [ 655.567697][T18617] active_file 0 [ 655.567697][T18617] unevictable 0 [ 655.567697][T18617] slab_reclaimable 270336 [ 655.567697][T18617] slab_unreclaimable 589824 [ 655.567697][T18617] pgfault 31020 [ 655.567697][T18617] pgmajfault 0 [ 655.567697][T18617] workingset_refault 0 [ 655.567697][T18617] workingset_activate 0 [ 655.567697][T18617] workingset_nodereclaim 0 [ 655.567697][T18617] pgrefill 33 [ 655.567697][T18617] pgscan 0 [ 655.567697][T18617] pgsteal 0 [ 655.567697][T18617] pgactivate 0 [ 655.669701][T18617] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18616,uid=0 [ 655.686928][T18617] Memory cgroup out of memory: Killed process 18616 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 655.711911][ T1065] oom_reaper: reaped process 18616 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:47:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:47:29 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc0045878, &(0x7f0000000000)) 01:47:29 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\xff', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x74}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:29 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:47:29 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 656.049425][T18536] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 656.091648][T18536] CPU: 1 PID: 18536 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 656.100792][T18536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.110834][T18536] Call Trace: [ 656.114131][T18536] dump_stack+0x172/0x1f0 [ 656.118463][T18536] dump_header+0x177/0x1152 [ 656.122967][T18536] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 656.128808][T18536] ? ___ratelimit+0x2c8/0x595 [ 656.133534][T18536] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 656.139343][T18536] ? lockdep_hardirqs_on+0x418/0x5d0 [ 656.144635][T18536] ? trace_hardirqs_on+0x67/0x240 [ 656.149664][T18536] ? pagefault_out_of_memory+0x11c/0x11c [ 656.155297][T18536] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 656.161100][T18536] ? ___ratelimit+0x60/0x595 [ 656.165680][T18536] ? do_raw_spin_unlock+0x57/0x270 [ 656.170790][T18536] oom_kill_process.cold+0x10/0x15 [ 656.175903][T18536] out_of_memory+0x334/0x1340 [ 656.180577][T18536] ? lock_downgrade+0x920/0x920 [ 656.185433][T18536] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 656.191234][T18536] ? oom_killer_disable+0x280/0x280 [ 656.196446][T18536] mem_cgroup_out_of_memory+0x1d8/0x240 [ 656.202002][T18536] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 656.207641][T18536] ? do_raw_spin_unlock+0x57/0x270 [ 656.212755][T18536] ? _raw_spin_unlock+0x2d/0x50 [ 656.217618][T18536] try_charge+0xf4b/0x1440 [ 656.222104][T18536] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 656.227650][T18536] ? find_held_lock+0x35/0x130 [ 656.232415][T18536] ? get_mem_cgroup_from_mm+0x139/0x320 [ 656.237965][T18536] ? lock_downgrade+0x920/0x920 [ 656.242815][T18536] ? percpu_ref_tryget_live+0x111/0x290 [ 656.248365][T18536] __memcg_kmem_charge_memcg+0x71/0xf0 [ 656.253826][T18536] ? memcg_kmem_put_cache+0x50/0x50 [ 656.259034][T18536] ? get_mem_cgroup_from_mm+0x156/0x320 [ 656.264584][T18536] __memcg_kmem_charge+0x13a/0x3a0 [ 656.269700][T18536] __alloc_pages_nodemask+0x4f7/0x900 [ 656.275073][T18536] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 656.280624][T18536] ? __alloc_pages_slowpath+0x2540/0x2540 [ 656.286343][T18536] ? percpu_ref_put_many+0xb6/0x190 [ 656.291550][T18536] ? lockdep_hardirqs_on+0x418/0x5d0 [ 656.296835][T18536] ? trace_hardirqs_on+0x67/0x240 [ 656.301965][T18536] ? __kasan_check_read+0x11/0x20 [ 656.307004][T18536] copy_process+0x3f8/0x6830 [ 656.311600][T18536] ? __kasan_check_read+0x11/0x20 [ 656.316635][T18536] ? __kasan_check_read+0x11/0x20 [ 656.321671][T18536] ? __lock_acquire+0x16f2/0x4a00 [ 656.326889][T18536] ? __cleanup_sighand+0x60/0x60 [ 656.331835][T18536] ? __might_fault+0x12b/0x1e0 [ 656.336608][T18536] ? __might_fault+0x12b/0x1e0 [ 656.341411][T18536] _do_fork+0x146/0xfa0 [ 656.345584][T18536] ? copy_init_mm+0x20/0x20 [ 656.350117][T18536] ? __kasan_check_read+0x11/0x20 [ 656.355149][T18536] ? _copy_to_user+0x118/0x160 [ 656.359923][T18536] __x64_sys_clone+0x1ab/0x270 [ 656.364689][T18536] ? __ia32_sys_vfork+0xd0/0xd0 [ 656.369549][T18536] ? do_syscall_64+0x26/0x760 [ 656.374247][T18536] ? lockdep_hardirqs_on+0x418/0x5d0 [ 656.379532][T18536] ? trace_hardirqs_on+0x67/0x240 [ 656.384580][T18536] do_syscall_64+0xfa/0x760 [ 656.389092][T18536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 656.394982][T18536] RIP: 0033:0x457e4a [ 656.398881][T18536] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 656.418502][T18536] RSP: 002b:00007ffe308acb80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 656.426927][T18536] RAX: ffffffffffffffda RBX: 00007ffe308acb80 RCX: 0000000000457e4a [ 656.434909][T18536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 01:47:29 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 656.442900][T18536] RBP: 00007ffe308acbc0 R08: 0000000000000001 R09: 000055555560b940 [ 656.450877][T18536] R10: 000055555560bc10 R11: 0000000000000246 R12: 0000000000000001 [ 656.458860][T18536] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe308acc10 01:47:30 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc0045878, &(0x7f0000000000)) [ 656.485406][T18624] bridge_slave_0: FDB only supports static addresses 01:47:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x7a}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:30 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc004743e, &(0x7f0000000000)) 01:47:30 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:30 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc008561c, &(0x7f0000000000)) [ 656.776267][T18639] bridge_slave_0: FDB only supports static addresses [ 656.874051][T18536] memory: usage 1336kB, limit 0kB, failcnt 143 [ 656.882605][T18536] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 656.940691][T18536] Memory cgroup stats for /syz3: [ 656.940796][T18536] anon 8192 [ 656.940796][T18536] file 192512 [ 656.940796][T18536] kernel_stack 0 [ 656.940796][T18536] slab 1593344 [ 656.940796][T18536] sock 0 [ 656.940796][T18536] shmem 12288 [ 656.940796][T18536] file_mapped 0 [ 656.940796][T18536] file_dirty 135168 [ 656.940796][T18536] file_writeback 0 [ 656.940796][T18536] anon_thp 0 [ 656.940796][T18536] inactive_anon 135168 [ 656.940796][T18536] active_anon 8192 [ 656.940796][T18536] inactive_file 81920 [ 656.940796][T18536] active_file 0 [ 656.940796][T18536] unevictable 0 [ 656.940796][T18536] slab_reclaimable 675840 [ 656.940796][T18536] slab_unreclaimable 917504 [ 656.940796][T18536] pgfault 25311 [ 656.940796][T18536] pgmajfault 0 [ 656.940796][T18536] workingset_refault 0 [ 656.940796][T18536] workingset_activate 0 [ 656.940796][T18536] workingset_nodereclaim 0 [ 656.940796][T18536] pgrefill 33 [ 656.940796][T18536] pgscan 254 [ 656.940796][T18536] pgsteal 220 [ 656.940796][T18536] pgactivate 0 [ 657.043999][T18536] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18536,uid=0 [ 657.060253][T18536] Memory cgroup out of memory: Killed process 18536 (syz-executor.3) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 657.084993][ T1065] oom_reaper: reaped process 18536 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 657.088028][T18608] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 657.140902][T18608] CPU: 1 PID: 18608 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 657.150043][T18608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.160202][T18608] Call Trace: [ 657.163478][T18608] dump_stack+0x172/0x1f0 [ 657.167790][T18608] dump_header+0x177/0x1152 [ 657.172274][T18608] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 657.178063][T18608] ? ___ratelimit+0x2c8/0x595 [ 657.182717][T18608] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 657.188515][T18608] ? lockdep_hardirqs_on+0x418/0x5d0 [ 657.193784][T18608] ? trace_hardirqs_on+0x67/0x240 [ 657.198785][T18608] ? pagefault_out_of_memory+0x11c/0x11c [ 657.204423][T18608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 657.210297][T18608] ? ___ratelimit+0x60/0x595 [ 657.214864][T18608] ? do_raw_spin_unlock+0x57/0x270 [ 657.219954][T18608] oom_kill_process.cold+0x10/0x15 [ 657.225042][T18608] out_of_memory+0x334/0x1340 [ 657.229717][T18608] ? lock_downgrade+0x920/0x920 [ 657.234559][T18608] ? oom_killer_disable+0x280/0x280 [ 657.239796][T18608] mem_cgroup_out_of_memory+0x1d8/0x240 [ 657.245320][T18608] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 657.250932][T18608] ? do_raw_spin_unlock+0x57/0x270 [ 657.256021][T18608] ? _raw_spin_unlock+0x2d/0x50 [ 657.260850][T18608] try_charge+0xf4b/0x1440 [ 657.265249][T18608] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 657.270768][T18608] ? percpu_ref_tryget_live+0x111/0x290 [ 657.276298][T18608] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.282517][T18608] ? __kasan_check_read+0x11/0x20 [ 657.287542][T18608] ? get_mem_cgroup_from_mm+0x156/0x320 [ 657.293171][T18608] mem_cgroup_try_charge+0x136/0x590 [ 657.298452][T18608] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 657.304679][T18608] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 657.310294][T18608] wp_page_copy+0x41e/0x1600 [ 657.314861][T18608] ? find_held_lock+0x35/0x130 [ 657.319611][T18608] ? follow_pfn+0x2a0/0x2a0 [ 657.324105][T18608] ? lock_downgrade+0x920/0x920 [ 657.328941][T18608] ? swp_swapcount+0x540/0x540 [ 657.333683][T18608] ? __kasan_check_read+0x11/0x20 [ 657.338723][T18608] ? do_raw_spin_unlock+0x57/0x270 [ 657.343818][T18608] do_wp_page+0x499/0x14d0 [ 657.348215][T18608] ? finish_mkwrite_fault+0x570/0x570 [ 657.353585][T18608] __handle_mm_fault+0x22f1/0x3f20 [ 657.358677][T18608] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 657.364204][T18608] ? __kasan_check_read+0x11/0x20 [ 657.369221][T18608] handle_mm_fault+0x1b5/0x6c0 [ 657.373965][T18608] __do_page_fault+0x536/0xdd0 [ 657.378713][T18608] do_page_fault+0x38/0x590 [ 657.383224][T18608] page_fault+0x39/0x40 [ 657.387360][T18608] RIP: 0033:0x430956 [ 657.391349][T18608] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 657.410942][T18608] RSP: 002b:00007ffedb1cc3a0 EFLAGS: 00010206 [ 657.416989][T18608] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 657.424942][T18608] RDX: 0000555556eb5930 RSI: 0000555556ebd970 RDI: 0000000000000003 [ 657.432894][T18608] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556eb4940 [ 657.440841][T18608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 657.448793][T18608] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 657.458232][T18608] memory: usage 868kB, limit 0kB, failcnt 152 [ 657.465024][T18608] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.471876][T18608] Memory cgroup stats for /syz2: [ 657.471957][T18608] anon 40960 [ 657.471957][T18608] file 102400 [ 657.471957][T18608] kernel_stack 0 [ 657.471957][T18608] slab 860160 [ 657.471957][T18608] sock 0 [ 657.471957][T18608] shmem 45056 [ 657.471957][T18608] file_mapped 0 [ 657.471957][T18608] file_dirty 0 [ 657.471957][T18608] file_writeback 0 [ 657.471957][T18608] anon_thp 0 [ 657.471957][T18608] inactive_anon 131072 [ 657.471957][T18608] active_anon 40960 [ 657.471957][T18608] inactive_file 0 [ 657.471957][T18608] active_file 0 [ 657.471957][T18608] unevictable 0 [ 657.471957][T18608] slab_reclaimable 270336 [ 657.471957][T18608] slab_unreclaimable 589824 [ 657.471957][T18608] pgfault 31020 [ 657.471957][T18608] pgmajfault 0 [ 657.471957][T18608] workingset_refault 0 [ 657.471957][T18608] workingset_activate 0 [ 657.471957][T18608] workingset_nodereclaim 0 [ 657.471957][T18608] pgrefill 33 [ 657.471957][T18608] pgscan 0 [ 657.471957][T18608] pgsteal 0 [ 657.471957][T18608] pgactivate 0 [ 657.575563][T18608] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18608,uid=0 [ 657.598095][T18608] Memory cgroup out of memory: Killed process 18608 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 657.623096][ T1065] oom_reaper: reaped process 18608 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 01:47:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:47:31 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0xf0}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:31 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc0104307, &(0x7f0000000000)) 01:47:31 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 658.250867][T18650] IPVS: ftp: loaded support on port[0] = 21 [ 658.261372][T18656] bridge_slave_0: FDB only supports static addresses [ 658.569882][T18658] bridge_slave_0: FDB only supports static addresses [ 658.976759][T18650] chnl_net:caif_netlink_parms(): no params data found [ 659.007277][T18650] bridge0: port 1(bridge_slave_0) entered blocking state [ 659.014549][T18650] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.022257][T18650] device bridge_slave_0 entered promiscuous mode [ 659.030635][T18650] bridge0: port 2(bridge_slave_1) entered blocking state [ 659.038000][T18650] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.046140][T18650] device bridge_slave_1 entered promiscuous mode [ 659.131541][T18650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 659.144385][T18650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.237159][T18650] team0: Port device team_slave_0 added [ 659.245019][T18650] team0: Port device team_slave_1 added [ 659.306862][T18650] device hsr_slave_0 entered promiscuous mode [ 659.344122][T18650] device hsr_slave_1 entered promiscuous mode [ 659.413770][T18650] debugfs: Directory 'hsr0' with parent '/' already present! [ 659.499244][T18650] bridge0: port 2(bridge_slave_1) entered blocking state [ 659.506571][T18650] bridge0: port 2(bridge_slave_1) entered forwarding state [ 659.513961][T18650] bridge0: port 1(bridge_slave_0) entered blocking state [ 659.521118][T18650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 659.634129][T18650] 8021q: adding VLAN 0 to HW filter on device bond0 [ 659.648613][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 659.657946][T17988] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.666313][T17988] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.678719][ T21] device bridge_slave_1 left promiscuous mode [ 659.685479][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.725013][ T21] device bridge_slave_0 left promiscuous mode [ 659.731209][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.734319][ T21] device hsr_slave_0 left promiscuous mode [ 661.774142][ T21] device hsr_slave_1 left promiscuous mode [ 661.825270][ T21] team0 (unregistering): Port device team_slave_1 removed [ 661.838048][ T21] team0 (unregistering): Port device team_slave_0 removed [ 661.850105][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 661.879725][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 661.970890][ T21] bond0 (unregistering): Released all slaves [ 662.078765][T18650] 8021q: adding VLAN 0 to HW filter on device team0 [ 662.096078][T18664] IPVS: ftp: loaded support on port[0] = 21 [ 662.112913][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 662.122150][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 662.130957][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state [ 662.138086][ T9063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 662.146646][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 662.155623][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 662.164263][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state [ 662.171319][ T9063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 662.208898][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 662.226163][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 662.244040][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 662.252657][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 662.261208][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 662.269983][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 662.278853][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 662.287442][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 662.300191][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 662.311197][T18650] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 662.324611][T18650] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 662.335838][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 662.345136][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 662.397623][T18664] chnl_net:caif_netlink_parms(): no params data found [ 662.492624][T18650] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 662.518034][T18664] bridge0: port 1(bridge_slave_0) entered blocking state [ 662.534327][T18664] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.542455][T18664] device bridge_slave_0 entered promiscuous mode [ 662.555735][T18664] bridge0: port 2(bridge_slave_1) entered blocking state [ 662.562890][T18664] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.581170][T18664] device bridge_slave_1 entered promiscuous mode [ 662.627322][T18664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 662.653043][T18664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 662.711713][T18664] team0: Port device team_slave_0 added [ 662.752122][T18664] team0: Port device team_slave_1 added [ 662.857159][T18672] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 662.868004][T18672] CPU: 1 PID: 18672 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 662.877120][T18672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.887173][T18672] Call Trace: [ 662.890476][T18672] dump_stack+0x172/0x1f0 [ 662.894808][T18672] dump_header+0x177/0x1152 [ 662.900010][T18672] ? pagefault_out_of_memory+0x11c/0x11c [ 662.905640][T18672] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 662.911471][T18672] ? ___ratelimit+0x60/0x595 [ 662.916060][T18672] ? do_raw_spin_unlock+0x57/0x270 [ 662.921171][T18672] oom_kill_process.cold+0x10/0x15 [ 662.926280][T18672] out_of_memory+0x334/0x1340 [ 662.933510][T18672] ? __sched_text_start+0x8/0x8 [ 662.938360][T18672] ? oom_killer_disable+0x280/0x280 [ 662.943570][T18672] mem_cgroup_out_of_memory+0x1d8/0x240 [ 662.949113][T18672] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 662.954750][T18672] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 662.960553][T18672] ? cgroup_file_notify+0x140/0x1b0 [ 662.965755][T18672] memory_max_write+0x262/0x3a0 [ 662.970606][T18672] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 662.977368][T18672] ? cgroup_file_write+0x86/0x790 [ 662.982394][T18672] cgroup_file_write+0x241/0x790 [ 662.987333][T18672] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 662.994088][T18672] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 662.999725][T18672] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 663.005356][T18672] kernfs_fop_write+0x2b8/0x480 [ 663.010202][T18672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.016543][T18672] __vfs_write+0x8a/0x110 [ 663.020866][T18672] ? kernfs_fop_open+0xd80/0xd80 [ 663.025806][T18672] vfs_write+0x268/0x5d0 [ 663.030047][T18672] ksys_write+0x14f/0x290 [ 663.034379][T18672] ? __ia32_sys_read+0xb0/0xb0 [ 663.040441][T18672] ? do_syscall_64+0x26/0x760 [ 663.045117][T18672] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.051364][T18672] ? do_syscall_64+0x26/0x760 [ 663.056046][T18672] __x64_sys_write+0x73/0xb0 [ 663.060721][T18672] do_syscall_64+0xfa/0x760 [ 663.065230][T18672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.071128][T18672] RIP: 0033:0x459879 [ 663.075021][T18672] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.094622][T18672] RSP: 002b:00007f4beb756c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 663.103027][T18672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 663.110993][T18672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 663.118976][T18672] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 663.126941][T18672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4beb7576d4 [ 663.134903][T18672] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 663.154848][T18664] device hsr_slave_0 entered promiscuous mode [ 663.161246][T18672] memory: usage 3152kB, limit 0kB, failcnt 135 [ 663.169216][T18672] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.176603][T18672] Memory cgroup stats for /syz5: [ 663.178510][T18672] anon 2195456 [ 663.178510][T18672] file 0 [ 663.178510][T18672] kernel_stack 65536 [ 663.178510][T18672] slab 860160 [ 663.178510][T18672] sock 16384 [ 663.178510][T18672] shmem 28672 [ 663.178510][T18672] file_mapped 0 [ 663.178510][T18672] file_dirty 0 [ 663.178510][T18672] file_writeback 0 [ 663.178510][T18672] anon_thp 2097152 [ 663.178510][T18672] inactive_anon 0 [ 663.178510][T18672] active_anon 2195456 [ 663.178510][T18672] inactive_file 61440 [ 663.178510][T18672] active_file 0 [ 663.178510][T18672] unevictable 176128 [ 663.178510][T18672] slab_reclaimable 405504 [ 663.178510][T18672] slab_unreclaimable 454656 [ 663.178510][T18672] pgfault 24420 [ 663.178510][T18672] pgmajfault 0 [ 663.178510][T18672] workingset_refault 0 [ 663.178510][T18672] workingset_activate 0 [ 663.178510][T18672] workingset_nodereclaim 0 [ 663.178510][T18672] pgrefill 0 [ 663.178510][T18672] pgscan 0 [ 663.178510][T18672] pgsteal 0 [ 663.178510][T18672] pgactivate 0 [ 663.275521][T18672] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18671,uid=0 [ 663.294349][T18664] device hsr_slave_1 entered promiscuous mode [ 663.308096][T18672] Memory cgroup out of memory: Killed process 18671 (syz-executor.5) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 663.337464][ T1065] oom_reaper: reaped process 18671 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 663.353652][T18664] debugfs: Directory 'hsr0' with parent '/' already present! [ 663.468323][T18664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 663.490526][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 663.507585][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 663.522651][T18664] 8021q: adding VLAN 0 to HW filter on device team0 [ 663.547303][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 663.562084][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 663.578916][T17538] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.587198][T17538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 663.623930][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 663.632733][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 663.650716][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 663.662941][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.670096][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 663.686395][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 663.702266][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 663.719010][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 663.730299][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 663.756505][T18650] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 01:47:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:37 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc0189436, &(0x7f0000000000)) 01:47:37 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 01:47:37 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x300}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 663.758009][T18664] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 663.810846][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 663.820007][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.830081][T18650] Call Trace: [ 663.833386][T18650] dump_stack+0x172/0x1f0 [ 663.837734][T18650] dump_header+0x177/0x1152 [ 663.842258][T18650] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 663.848074][T18650] ? ___ratelimit+0x2c8/0x595 [ 663.852761][T18650] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 663.858583][T18650] ? lockdep_hardirqs_on+0x418/0x5d0 [ 663.864064][T18650] ? trace_hardirqs_on+0x67/0x240 [ 663.869128][T18650] ? pagefault_out_of_memory+0x11c/0x11c [ 663.874818][T18650] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 663.880645][T18650] ? ___ratelimit+0x60/0x595 [ 663.885240][T18650] ? do_raw_spin_unlock+0x57/0x270 [ 663.890359][T18650] oom_kill_process.cold+0x10/0x15 [ 663.895480][T18650] out_of_memory+0x334/0x1340 [ 663.900164][T18650] ? lock_downgrade+0x920/0x920 [ 663.905113][T18650] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 663.910924][T18650] ? oom_killer_disable+0x280/0x280 [ 663.916140][T18650] mem_cgroup_out_of_memory+0x1d8/0x240 [ 663.921706][T18650] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 663.925415][T18664] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 663.927350][T18650] ? do_raw_spin_unlock+0x57/0x270 [ 663.927371][T18650] ? _raw_spin_unlock+0x2d/0x50 [ 663.948268][T18650] try_charge+0xf4b/0x1440 [ 663.952727][T18650] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 663.958280][T18650] ? percpu_ref_tryget_live+0x111/0x290 [ 663.963290][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 663.963842][T18650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.963859][T18650] ? __kasan_check_read+0x11/0x20 [ 663.963882][T18650] ? get_mem_cgroup_from_mm+0x156/0x320 [ 663.963900][T18650] mem_cgroup_try_charge+0x136/0x590 [ 663.963914][T18650] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 663.963941][T18650] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 663.963968][T18650] wp_page_copy+0x41e/0x1600 [ 663.981670][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 663.982894][T18650] ? find_held_lock+0x35/0x130 [ 663.982921][T18650] ? follow_pfn+0x2a0/0x2a0 [ 664.009304][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 664.010242][T18650] ? lock_downgrade+0x920/0x920 [ 664.010262][T18650] ? swp_swapcount+0x540/0x540 [ 664.041852][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 664.044749][T18650] ? __kasan_check_read+0x11/0x20 [ 664.044766][T18650] ? do_raw_spin_unlock+0x57/0x270 [ 664.044784][T18650] do_wp_page+0x499/0x14d0 [ 664.044809][T18650] ? finish_mkwrite_fault+0x570/0x570 [ 664.044831][T18650] __handle_mm_fault+0x22f1/0x3f20 [ 664.044854][T18650] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 664.044880][T18650] ? __kasan_check_read+0x11/0x20 [ 664.044900][T18650] handle_mm_fault+0x1b5/0x6c0 [ 664.044919][T18650] __do_page_fault+0x536/0xdd0 [ 664.064468][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 664.067258][T18650] do_page_fault+0x38/0x590 [ 664.089990][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 664.093155][T18650] page_fault+0x39/0x40 [ 664.093175][T18650] RIP: 0033:0x430956 [ 664.121249][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 664.122064][T18650] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 664.122072][T18650] RSP: 002b:00007fffdf654300 EFLAGS: 00010206 [ 664.140394][T18680] bridge_slave_0: FDB only supports static addresses [ 664.153869][T18650] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 664.153881][T18650] RDX: 0000555556c00930 RSI: 0000555556c08970 RDI: 0000000000000003 [ 664.153888][T18650] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556bff940 [ 664.153896][T18650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 664.153903][T18650] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 664.212003][T18650] memory: usage 808kB, limit 0kB, failcnt 143 [ 664.225132][T18650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.232143][T18650] Memory cgroup stats for /syz5: [ 664.232260][T18650] anon 40960 [ 664.232260][T18650] file 0 [ 664.232260][T18650] kernel_stack 65536 [ 664.232260][T18650] slab 860160 [ 664.232260][T18650] sock 16384 [ 664.232260][T18650] shmem 28672 [ 664.232260][T18650] file_mapped 0 [ 664.232260][T18650] file_dirty 0 [ 664.232260][T18650] file_writeback 0 [ 664.232260][T18650] anon_thp 0 [ 664.232260][T18650] inactive_anon 0 [ 664.232260][T18650] active_anon 40960 [ 664.232260][T18650] inactive_file 61440 [ 664.232260][T18650] active_file 0 [ 664.232260][T18650] unevictable 176128 [ 664.232260][T18650] slab_reclaimable 405504 [ 664.232260][T18650] slab_unreclaimable 454656 [ 664.232260][T18650] pgfault 24420 [ 664.232260][T18650] pgmajfault 0 [ 664.232260][T18650] workingset_refault 0 [ 664.232260][T18650] workingset_activate 0 01:47:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:37 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc018aa3f, &(0x7f0000000000)) [ 664.232260][T18650] workingset_nodereclaim 0 [ 664.232260][T18650] pgrefill 0 [ 664.232260][T18650] pgscan 0 [ 664.232260][T18650] pgsteal 0 [ 664.232260][T18650] pgactivate 0 [ 664.328930][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 01:47:37 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc020660b, &(0x7f0000000000)) 01:47:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 664.386096][T18664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 664.462009][T18650] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18650,uid=0 01:47:38 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x406}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 664.511220][T18650] Memory cgroup out of memory: Killed process 18650 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:0 [ 664.589257][ T1065] oom_reaper: reaped process 18650 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:47:38 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc020aa00, &(0x7f0000000000)) [ 664.666892][T18698] bridge_slave_0: FDB only supports static addresses [ 665.039896][T18705] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 665.083850][T18705] CPU: 0 PID: 18705 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 665.093009][T18705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.103073][T18705] Call Trace: [ 665.106377][T18705] dump_stack+0x172/0x1f0 [ 665.110718][T18705] dump_header+0x177/0x1152 [ 665.115224][T18705] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 665.121030][T18705] ? ___ratelimit+0x2c8/0x595 [ 665.125705][T18705] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 665.131514][T18705] ? lockdep_hardirqs_on+0x418/0x5d0 [ 665.136805][T18705] ? trace_hardirqs_on+0x67/0x240 [ 665.141837][T18705] ? pagefault_out_of_memory+0x11c/0x11c [ 665.147486][T18705] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 665.153292][T18705] ? ___ratelimit+0x60/0x595 [ 665.157881][T18705] ? do_raw_spin_unlock+0x57/0x270 [ 665.163001][T18705] oom_kill_process.cold+0x10/0x15 [ 665.168116][T18705] out_of_memory+0x334/0x1340 [ 665.172811][T18705] ? __sched_text_start+0x8/0x8 [ 665.177853][T18705] ? oom_killer_disable+0x280/0x280 [ 665.183062][T18705] mem_cgroup_out_of_memory+0x1d8/0x240 [ 665.188610][T18705] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 665.194251][T18705] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 665.200072][T18705] ? cgroup_file_notify+0x140/0x1b0 [ 665.205281][T18705] memory_max_write+0x262/0x3a0 [ 665.210146][T18705] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 665.216935][T18705] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 665.222425][T18705] cgroup_file_write+0x241/0x790 [ 665.227461][T18705] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 665.234228][T18705] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 665.239872][T18705] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 665.245855][T18705] kernfs_fop_write+0x2b8/0x480 [ 665.250715][T18705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.257063][T18705] __vfs_write+0x8a/0x110 [ 665.261420][T18705] ? kernfs_fop_open+0xd80/0xd80 [ 665.266544][T18705] vfs_write+0x268/0x5d0 [ 665.270792][T18705] ksys_write+0x14f/0x290 [ 665.275131][T18705] ? __ia32_sys_read+0xb0/0xb0 [ 665.279907][T18705] __x64_sys_write+0x73/0xb0 [ 665.284507][T18705] do_syscall_64+0xfa/0x760 [ 665.289116][T18705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.295014][T18705] RIP: 0033:0x459879 [ 665.298910][T18705] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 665.318508][T18705] RSP: 002b:00007efca3a38c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 665.326920][T18705] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 665.334974][T18705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 665.342947][T18705] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 665.350922][T18705] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efca3a396d4 [ 665.358895][T18705] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 665.396379][T18705] memory: usage 3548kB, limit 0kB, failcnt 148 [ 665.402912][T18705] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.438231][T18705] Memory cgroup stats for /syz3: [ 665.440128][T18705] anon 2240512 [ 665.440128][T18705] file 192512 [ 665.440128][T18705] kernel_stack 65536 [ 665.440128][T18705] slab 1458176 [ 665.440128][T18705] sock 0 [ 665.440128][T18705] shmem 12288 [ 665.440128][T18705] file_mapped 0 [ 665.440128][T18705] file_dirty 135168 [ 665.440128][T18705] file_writeback 0 [ 665.440128][T18705] anon_thp 2097152 [ 665.440128][T18705] inactive_anon 135168 [ 665.440128][T18705] active_anon 2240512 [ 665.440128][T18705] inactive_file 81920 [ 665.440128][T18705] active_file 0 [ 665.440128][T18705] unevictable 0 [ 665.440128][T18705] slab_reclaimable 540672 [ 665.440128][T18705] slab_unreclaimable 917504 [ 665.440128][T18705] pgfault 25377 [ 665.440128][T18705] pgmajfault 0 [ 665.440128][T18705] workingset_refault 0 [ 665.440128][T18705] workingset_activate 0 [ 665.440128][T18705] workingset_nodereclaim 0 [ 665.440128][T18705] pgrefill 33 [ 665.440128][T18705] pgscan 254 [ 665.440128][T18705] pgsteal 220 [ 665.440128][T18705] pgactivate 0 [ 665.550112][T18705] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18701,uid=0 [ 665.573251][T18705] Memory cgroup out of memory: Killed process 18701 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 01:47:39 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 665.593882][ T1065] oom_reaper: reaped process 18701 (syz-executor.3), now anon-rss:0kB, file-rss:34888kB, shmem-rss:0kB [ 665.629421][T18664] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 665.647174][T18664] CPU: 0 PID: 18664 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 665.656399][T18664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.666447][T18664] Call Trace: [ 665.669740][T18664] dump_stack+0x172/0x1f0 [ 665.674078][T18664] dump_header+0x177/0x1152 [ 665.678668][T18664] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 665.689071][T18664] ? ___ratelimit+0x2c8/0x595 [ 665.693757][T18664] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 665.699569][T18664] ? lockdep_hardirqs_on+0x418/0x5d0 [ 665.704839][T18664] ? trace_hardirqs_on+0x67/0x240 [ 665.709934][T18664] ? pagefault_out_of_memory+0x11c/0x11c [ 665.715563][T18664] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 665.721706][T18664] ? ___ratelimit+0x60/0x595 [ 665.726364][T18664] ? do_raw_spin_unlock+0x57/0x270 [ 665.731461][T18664] oom_kill_process.cold+0x10/0x15 [ 665.736554][T18664] out_of_memory+0x334/0x1340 [ 665.741230][T18664] ? lock_downgrade+0x920/0x920 [ 665.746070][T18664] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 665.751860][T18664] ? oom_killer_disable+0x280/0x280 [ 665.757076][T18664] mem_cgroup_out_of_memory+0x1d8/0x240 [ 665.762609][T18664] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 665.768223][T18664] ? do_raw_spin_unlock+0x57/0x270 [ 665.773314][T18664] ? _raw_spin_unlock+0x2d/0x50 [ 665.778160][T18664] try_charge+0xf4b/0x1440 [ 665.782562][T18664] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 665.788090][T18664] ? percpu_ref_tryget_live+0x111/0x290 [ 665.793627][T18664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.799857][T18664] ? __kasan_check_read+0x11/0x20 [ 665.804885][T18664] ? get_mem_cgroup_from_mm+0x156/0x320 [ 665.810422][T18664] mem_cgroup_try_charge+0x136/0x590 [ 665.815685][T18664] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 665.821911][T18664] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 665.827529][T18664] wp_page_copy+0x41e/0x1600 [ 665.832187][T18664] ? find_held_lock+0x35/0x130 [ 665.836937][T18664] ? follow_pfn+0x2a0/0x2a0 [ 665.841416][T18664] ? lock_downgrade+0x920/0x920 [ 665.846251][T18664] ? swp_swapcount+0x540/0x540 [ 665.850998][T18664] ? __kasan_check_read+0x11/0x20 [ 665.856004][T18664] ? do_raw_spin_unlock+0x57/0x270 [ 665.861097][T18664] do_wp_page+0x499/0x14d0 [ 665.865608][T18664] ? finish_mkwrite_fault+0x570/0x570 [ 665.870966][T18664] __handle_mm_fault+0x22f1/0x3f20 [ 665.876085][T18664] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 665.881629][T18664] ? __kasan_check_read+0x11/0x20 [ 665.886661][T18664] handle_mm_fault+0x1b5/0x6c0 [ 665.891429][T18664] __do_page_fault+0x536/0xdd0 [ 665.896188][T18664] do_page_fault+0x38/0x590 [ 665.900674][T18664] page_fault+0x39/0x40 [ 665.904810][T18664] RIP: 0033:0x430956 [ 665.908688][T18664] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 665.928364][T18664] RSP: 002b:00007ffeaf8a2080 EFLAGS: 00010206 [ 665.934417][T18664] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 665.942411][T18664] RDX: 0000555557036930 RSI: 000055555703e970 RDI: 0000000000000003 [ 665.950469][T18664] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557035940 [ 665.958435][T18664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 665.966386][T18664] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 665.975842][T18664] memory: usage 1216kB, limit 0kB, failcnt 156 [ 665.982018][T18664] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.989686][T18664] Memory cgroup stats for /syz3: [ 665.989785][T18664] anon 0 [ 665.989785][T18664] file 192512 [ 665.989785][T18664] kernel_stack 65536 [ 665.989785][T18664] slab 1458176 [ 665.989785][T18664] sock 0 [ 665.989785][T18664] shmem 12288 [ 665.989785][T18664] file_mapped 0 [ 665.989785][T18664] file_dirty 135168 [ 665.989785][T18664] file_writeback 0 [ 665.989785][T18664] anon_thp 0 [ 665.989785][T18664] inactive_anon 135168 [ 665.989785][T18664] active_anon 0 [ 665.989785][T18664] inactive_file 81920 [ 665.989785][T18664] active_file 0 [ 665.989785][T18664] unevictable 0 [ 665.989785][T18664] slab_reclaimable 540672 [ 665.989785][T18664] slab_unreclaimable 917504 [ 665.989785][T18664] pgfault 25410 [ 665.989785][T18664] pgmajfault 0 [ 665.989785][T18664] workingset_refault 0 [ 665.989785][T18664] workingset_activate 0 [ 665.989785][T18664] workingset_nodereclaim 0 [ 665.989785][T18664] pgrefill 33 [ 665.989785][T18664] pgscan 254 [ 665.989785][T18664] pgsteal 220 01:47:39 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:39 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc040565e, &(0x7f0000000000)) 01:47:39 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 665.989785][T18664] pgactivate 0 [ 666.091484][T18664] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18664,uid=0 [ 666.118039][T18664] Memory cgroup out of memory: Killed process 18664 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 667.170975][T18717] IPVS: ftp: loaded support on port[0] = 21 [ 667.692001][T18717] chnl_net:caif_netlink_parms(): no params data found [ 667.981045][T18717] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.989416][T18717] bridge0: port 1(bridge_slave_0) entered disabled state [ 667.997956][T18717] device bridge_slave_0 entered promiscuous mode [ 668.006806][T18717] bridge0: port 2(bridge_slave_1) entered blocking state [ 668.015261][T18717] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.023951][T18717] device bridge_slave_1 entered promiscuous mode [ 668.050527][T18720] IPVS: ftp: loaded support on port[0] = 21 [ 668.275618][T18717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 668.289430][T18717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 668.541375][T18717] team0: Port device team_slave_0 added [ 668.549210][T18717] team0: Port device team_slave_1 added [ 668.836662][T18717] device hsr_slave_0 entered promiscuous mode [ 668.884190][T18717] device hsr_slave_1 entered promiscuous mode [ 668.943807][T18717] debugfs: Directory 'hsr0' with parent '/' already present! [ 669.440403][T18720] chnl_net:caif_netlink_parms(): no params data found [ 669.468916][ T21] device bridge_slave_1 left promiscuous mode [ 669.476436][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.555839][ T21] device bridge_slave_0 left promiscuous mode [ 669.562072][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.615928][ T21] device bridge_slave_1 left promiscuous mode [ 669.622184][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.679530][ T21] device bridge_slave_0 left promiscuous mode [ 669.686515][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.755843][ T21] device bridge_slave_1 left promiscuous mode [ 669.762074][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.824542][ T21] device bridge_slave_0 left promiscuous mode [ 669.830728][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.874342][ T21] device hsr_slave_0 left promiscuous mode [ 675.913878][ T21] device hsr_slave_1 left promiscuous mode [ 675.961715][ T21] team0 (unregistering): Port device team_slave_1 removed [ 675.975227][ T21] team0 (unregistering): Port device team_slave_0 removed [ 675.988747][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 676.028644][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 676.129775][ T21] bond0 (unregistering): Released all slaves [ 676.304485][ T21] device hsr_slave_0 left promiscuous mode [ 676.343754][ T21] device hsr_slave_1 left promiscuous mode [ 676.411677][ T21] team0 (unregistering): Port device team_slave_1 removed [ 676.425265][ T21] team0 (unregistering): Port device team_slave_0 removed [ 676.437216][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 676.502248][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 676.595484][ T21] bond0 (unregistering): Released all slaves [ 676.764382][ T21] device hsr_slave_0 left promiscuous mode [ 676.823849][ T21] device hsr_slave_1 left promiscuous mode [ 676.871754][ T21] team0 (unregistering): Port device team_slave_1 removed [ 676.885687][ T21] team0 (unregistering): Port device team_slave_0 removed [ 676.898631][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 676.937961][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.015566][ T21] bond0 (unregistering): Released all slaves [ 677.140261][T18720] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.149051][T18720] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.157017][T18720] device bridge_slave_0 entered promiscuous mode [ 677.171366][T18720] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.179447][T18720] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.187715][T18720] device bridge_slave_1 entered promiscuous mode [ 677.213523][T18720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.232884][T18720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 677.264648][T18720] team0: Port device team_slave_0 added [ 677.271861][T18720] team0: Port device team_slave_1 added [ 677.282409][T18717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.302007][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 677.312473][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 677.329258][T18717] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.345134][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 677.354346][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 677.362652][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.369754][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 677.378355][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 677.435720][T18720] device hsr_slave_0 entered promiscuous mode [ 677.484240][T18720] device hsr_slave_1 entered promiscuous mode [ 677.533716][T18720] debugfs: Directory 'hsr0' with parent '/' already present! [ 677.562460][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 677.571432][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 677.580571][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.587678][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 677.595479][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 677.604436][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 677.613013][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 677.621875][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 677.641462][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 677.660766][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 677.669902][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 677.679090][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 677.687893][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 677.696491][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 677.705134][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 677.874852][T18717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 677.920176][T18717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 677.937187][T18720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.952278][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 677.961806][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 677.970194][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 677.982837][T18720] 8021q: adding VLAN 0 to HW filter on device team0 [ 678.006617][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 678.020721][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.027887][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 678.062559][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 678.072124][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 678.088266][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.095400][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.135740][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 678.151575][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 678.161079][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 678.204583][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 678.226575][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 678.236914][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 678.266722][T18720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 01:47:51 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 01:47:51 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x416}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:51 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc050561a, &(0x7f0000000000)) 01:47:51 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:51 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 678.316604][T18720] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.390441][T18732] bridge_slave_0: FDB only supports static addresses 01:47:51 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:52 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0xc1205531, &(0x7f0000000000)) 01:47:52 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x500}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:52 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 678.764692][T18753] bridge_slave_0: FDB only supports static addresses [ 679.084350][T18760] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 679.129361][T18760] CPU: 1 PID: 18760 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 679.138513][T18760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.148585][T18760] Call Trace: [ 679.151888][T18760] dump_stack+0x172/0x1f0 [ 679.156260][T18760] dump_header+0x177/0x1152 [ 679.160790][T18760] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 679.166609][T18760] ? ___ratelimit+0x2c8/0x595 [ 679.171299][T18760] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 679.177122][T18760] ? lockdep_hardirqs_on+0x418/0x5d0 [ 679.182415][T18760] ? trace_hardirqs_on+0x67/0x240 [ 679.187459][T18760] ? pagefault_out_of_memory+0x11c/0x11c [ 679.193094][T18760] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 679.198912][T18760] ? ___ratelimit+0x60/0x595 [ 679.203509][T18760] oom_kill_process.cold+0x10/0x15 [ 679.208630][T18760] out_of_memory+0x334/0x1340 [ 679.213406][T18760] ? retint_kernel+0x2b/0x2b [ 679.218013][T18760] ? oom_killer_disable+0x280/0x280 [ 679.223223][T18760] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 679.228957][T18760] mem_cgroup_out_of_memory+0x1d8/0x240 [ 679.234597][T18760] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 679.240243][T18760] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 679.246067][T18760] ? cgroup_file_notify+0x140/0x1b0 [ 679.251273][T18760] memory_max_write+0x262/0x3a0 [ 679.256138][T18760] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 679.262906][T18760] ? lock_acquire+0x190/0x410 [ 679.267593][T18760] ? kernfs_fop_write+0x227/0x480 [ 679.272635][T18760] cgroup_file_write+0x241/0x790 [ 679.277759][T18760] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 679.284531][T18760] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 679.290180][T18760] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 679.295824][T18760] kernfs_fop_write+0x2b8/0x480 [ 679.300687][T18760] __vfs_write+0x8a/0x110 [ 679.305020][T18760] ? kernfs_fop_open+0xd80/0xd80 [ 679.309960][T18760] vfs_write+0x268/0x5d0 [ 679.314220][T18760] ksys_write+0x14f/0x290 [ 679.318554][T18760] ? __ia32_sys_read+0xb0/0xb0 [ 679.323319][T18760] ? do_syscall_64+0x26/0x760 [ 679.327997][T18760] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.334066][T18760] ? do_syscall_64+0x26/0x760 [ 679.338758][T18760] __x64_sys_write+0x73/0xb0 [ 679.343353][T18760] do_syscall_64+0xfa/0x760 [ 679.347894][T18760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.353787][T18760] RIP: 0033:0x459879 [ 679.357704][T18760] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 679.377311][T18760] RSP: 002b:00007fb7cf77cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 679.385731][T18760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 679.393711][T18760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 679.402651][T18760] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 679.410638][T18760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb7cf77d6d4 [ 679.418617][T18760] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 679.456197][T18760] memory: usage 3196kB, limit 0kB, failcnt 144 [ 679.462632][T18760] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.471233][T18760] Memory cgroup stats for /syz5: [ 679.472524][T18760] anon 2220032 [ 679.472524][T18760] file 0 [ 679.472524][T18760] kernel_stack 65536 [ 679.472524][T18760] slab 860160 [ 679.472524][T18760] sock 16384 [ 679.472524][T18760] shmem 28672 [ 679.472524][T18760] file_mapped 0 [ 679.472524][T18760] file_dirty 0 [ 679.472524][T18760] file_writeback 0 [ 679.472524][T18760] anon_thp 2097152 [ 679.472524][T18760] inactive_anon 0 [ 679.472524][T18760] active_anon 2220032 [ 679.472524][T18760] inactive_file 61440 [ 679.472524][T18760] active_file 0 [ 679.472524][T18760] unevictable 176128 [ 679.472524][T18760] slab_reclaimable 405504 [ 679.472524][T18760] slab_unreclaimable 454656 [ 679.472524][T18760] pgfault 24486 [ 679.472524][T18760] pgmajfault 0 [ 679.472524][T18760] workingset_refault 0 [ 679.472524][T18760] workingset_activate 0 [ 679.472524][T18760] workingset_nodereclaim 0 [ 679.472524][T18760] pgrefill 0 [ 679.472524][T18760] pgscan 0 [ 679.472524][T18760] pgsteal 0 [ 679.472524][T18760] pgactivate 0 [ 679.574126][T18760] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18754,uid=0 [ 679.590874][T18760] Memory cgroup out of memory: Killed process 18754 (syz-executor.5) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 679.613461][ T1065] oom_reaper: reaped process 18754 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:47:53 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f00000000c0)={r0}) 01:47:53 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:53 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x600}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:47:53 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) [ 679.970245][T18720] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 679.998052][T18720] CPU: 1 PID: 18720 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 680.004153][T18775] bridge_slave_0: FDB only supports static addresses [ 680.007203][T18720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 680.007210][T18720] Call Trace: [ 680.007232][T18720] dump_stack+0x172/0x1f0 [ 680.007257][T18720] dump_header+0x177/0x1152 [ 680.037268][T18720] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 680.043082][T18720] ? ___ratelimit+0x2c8/0x595 [ 680.047771][T18720] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 680.053588][T18720] ? lockdep_hardirqs_on+0x418/0x5d0 [ 680.058883][T18720] ? trace_hardirqs_on+0x67/0x240 [ 680.063923][T18720] ? pagefault_out_of_memory+0x11c/0x11c [ 680.069558][T18720] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 680.075379][T18720] ? ___ratelimit+0x60/0x595 [ 680.079971][T18720] ? do_raw_spin_unlock+0x57/0x270 [ 680.085107][T18720] oom_kill_process.cold+0x10/0x15 [ 680.090232][T18720] out_of_memory+0x334/0x1340 [ 680.094916][T18720] ? lock_downgrade+0x920/0x920 [ 680.099776][T18720] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 680.105588][T18720] ? oom_killer_disable+0x280/0x280 [ 680.110807][T18720] mem_cgroup_out_of_memory+0x1d8/0x240 [ 680.116372][T18720] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 680.122012][T18720] ? do_raw_spin_unlock+0x57/0x270 [ 680.127120][T18720] ? _raw_spin_unlock+0x2d/0x50 [ 680.131959][T18720] try_charge+0xf4b/0x1440 [ 680.136387][T18720] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 680.141914][T18720] ? percpu_ref_tryget_live+0x111/0x290 [ 680.147444][T18720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.153750][T18720] ? __kasan_check_read+0x11/0x20 [ 680.158762][T18720] ? get_mem_cgroup_from_mm+0x156/0x320 [ 680.164291][T18720] mem_cgroup_try_charge+0x136/0x590 [ 680.169559][T18720] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 680.175786][T18720] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 680.181403][T18720] wp_page_copy+0x41e/0x1600 [ 680.185973][T18720] ? find_held_lock+0x35/0x130 [ 680.190723][T18720] ? follow_pfn+0x2a0/0x2a0 [ 680.195208][T18720] ? lock_downgrade+0x920/0x920 [ 680.200040][T18720] ? swp_swapcount+0x540/0x540 [ 680.204799][T18720] ? __kasan_check_read+0x11/0x20 [ 680.209800][T18720] ? do_raw_spin_unlock+0x57/0x270 [ 680.214892][T18720] do_wp_page+0x499/0x14d0 [ 680.219291][T18720] ? finish_mkwrite_fault+0x570/0x570 [ 680.224649][T18720] __handle_mm_fault+0x22f1/0x3f20 [ 680.229744][T18720] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 680.235283][T18720] ? __kasan_check_read+0x11/0x20 [ 680.240293][T18720] handle_mm_fault+0x1b5/0x6c0 [ 680.245044][T18720] __do_page_fault+0x536/0xdd0 [ 680.249792][T18720] do_page_fault+0x38/0x590 [ 680.254276][T18720] page_fault+0x39/0x40 [ 680.258412][T18720] RIP: 0033:0x430956 [ 680.262286][T18720] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 680.282052][T18720] RSP: 002b:00007ffec949d870 EFLAGS: 00010206 [ 680.288098][T18720] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 680.296061][T18720] RDX: 0000555557451930 RSI: 0000555557459970 RDI: 0000000000000003 [ 680.304016][T18720] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557450940 [ 680.311967][T18720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 01:47:53 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 01:47:53 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 680.319921][T18720] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 680.409606][T18720] memory: usage 820kB, limit 0kB, failcnt 152 [ 680.432715][T18720] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.454580][T18720] Memory cgroup stats for /syz5: [ 680.454686][T18720] anon 110592 [ 680.454686][T18720] file 0 [ 680.454686][T18720] kernel_stack 0 [ 680.454686][T18720] slab 860160 [ 680.454686][T18720] sock 16384 [ 680.454686][T18720] shmem 28672 [ 680.454686][T18720] file_mapped 0 [ 680.454686][T18720] file_dirty 0 [ 680.454686][T18720] file_writeback 0 [ 680.454686][T18720] anon_thp 0 [ 680.454686][T18720] inactive_anon 0 [ 680.454686][T18720] active_anon 110592 [ 680.454686][T18720] inactive_file 61440 [ 680.454686][T18720] active_file 0 [ 680.454686][T18720] unevictable 176128 [ 680.454686][T18720] slab_reclaimable 405504 [ 680.454686][T18720] slab_unreclaimable 454656 [ 680.454686][T18720] pgfault 24486 [ 680.454686][T18720] pgmajfault 0 [ 680.454686][T18720] workingset_refault 0 [ 680.454686][T18720] workingset_activate 0 [ 680.454686][T18720] workingset_nodereclaim 0 [ 680.454686][T18720] pgrefill 0 [ 680.454686][T18720] pgscan 0 [ 680.454686][T18720] pgsteal 0 [ 680.454686][T18720] pgactivate 0 [ 680.554195][T18720] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18720,uid=0 [ 680.579060][T18720] Memory cgroup out of memory: Killed process 18720 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 680.604627][ T1065] oom_reaper: reaped process 18720 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 680.662429][T18773] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 680.686702][T18773] CPU: 1 PID: 18773 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 680.695855][T18773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 680.706451][T18773] Call Trace: [ 680.709750][T18773] dump_stack+0x172/0x1f0 [ 680.714090][T18773] dump_header+0x177/0x1152 [ 680.718613][T18773] ? __this_cpu_preempt_check+0x3a/0x210 [ 680.724261][T18773] ? retint_kernel+0x2b/0x2b [ 680.728858][T18773] ? pagefault_out_of_memory+0x11c/0x11c [ 680.734500][T18773] oom_kill_process.cold+0x10/0x15 [ 680.739616][T18773] out_of_memory+0x334/0x1340 [ 680.744306][T18773] ? retint_kernel+0x2b/0x2b [ 680.748908][T18773] ? oom_killer_disable+0x280/0x280 [ 680.754122][T18773] mem_cgroup_out_of_memory+0x1d8/0x240 [ 680.759679][T18773] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 680.767390][T18773] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 680.773200][T18773] ? cgroup_file_notify+0x140/0x1b0 [ 680.778403][T18773] memory_max_write+0x262/0x3a0 [ 680.783253][T18773] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 680.790010][T18773] ? lock_acquire+0x190/0x410 [ 680.794690][T18773] ? kernfs_fop_write+0x227/0x480 [ 680.799716][T18773] cgroup_file_write+0x241/0x790 [ 680.804670][T18773] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 680.811444][T18773] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 680.817080][T18773] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 680.817097][T18773] kernfs_fop_write+0x2b8/0x480 [ 680.817112][T18773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.817130][T18773] __vfs_write+0x8a/0x110 [ 680.827578][T18773] ? kernfs_fop_open+0xd80/0xd80 [ 680.827594][T18773] vfs_write+0x268/0x5d0 [ 680.827609][T18773] ksys_write+0x14f/0x290 [ 680.827625][T18773] ? __ia32_sys_read+0xb0/0xb0 [ 680.827648][T18773] __x64_sys_write+0x73/0xb0 [ 680.838186][T18773] do_syscall_64+0xfa/0x760 [ 680.846075][T18785] IPVS: ftp: loaded support on port[0] = 21 [ 680.847333][T18773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 680.856379][T18773] RIP: 0033:0x459879 [ 680.865433][T18773] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 680.865440][T18773] RSP: 002b:00007fd21be6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 680.865453][T18773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 680.865460][T18773] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 680.865467][T18773] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 680.865474][T18773] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd21be6e6d4 [ 680.865482][T18773] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 680.910534][T18773] memory: usage 3336kB, limit 0kB, failcnt 153 [ 680.942030][T18773] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.959090][T18773] Memory cgroup stats for /syz2: [ 680.959203][T18773] anon 2265088 [ 680.959203][T18773] file 102400 [ 680.959203][T18773] kernel_stack 65536 [ 680.959203][T18773] slab 856064 [ 680.959203][T18773] sock 0 [ 680.959203][T18773] shmem 45056 [ 680.959203][T18773] file_mapped 0 [ 680.959203][T18773] file_dirty 0 [ 680.959203][T18773] file_writeback 0 [ 680.959203][T18773] anon_thp 2097152 [ 680.959203][T18773] inactive_anon 131072 [ 680.959203][T18773] active_anon 2195456 [ 680.959203][T18773] inactive_file 0 [ 680.959203][T18773] active_file 0 [ 680.959203][T18773] unevictable 0 [ 680.959203][T18773] slab_reclaimable 270336 [ 680.959203][T18773] slab_unreclaimable 585728 [ 680.959203][T18773] pgfault 31317 [ 680.959203][T18773] pgmajfault 0 [ 680.959203][T18773] workingset_refault 0 [ 680.959203][T18773] workingset_activate 0 [ 680.959203][T18773] workingset_nodereclaim 0 [ 680.959203][T18773] pgrefill 33 [ 680.959203][T18773] pgscan 0 [ 680.959203][T18773] pgsteal 0 [ 680.959203][T18773] pgactivate 0 [ 680.970859][T18773] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18771,uid=0 [ 681.069022][T18773] Memory cgroup out of memory: Killed process 18771 (syz-executor.2) total-vm:72576kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 681.104976][ T1065] oom_reaper: reaped process 18771 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 681.431962][T18717] syz-executor.2 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 681.477351][T18717] CPU: 1 PID: 18717 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 681.486581][T18717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.496694][T18717] Call Trace: [ 681.500479][T18717] dump_stack+0x172/0x1f0 [ 681.504812][T18717] dump_header+0x177/0x1152 [ 681.509413][T18717] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 681.515234][T18717] ? ___ratelimit+0x2c8/0x595 [ 681.519890][T18717] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 681.525680][T18717] ? lockdep_hardirqs_on+0x418/0x5d0 [ 681.530950][T18717] ? trace_hardirqs_on+0x67/0x240 [ 681.535958][T18717] ? pagefault_out_of_memory+0x11c/0x11c [ 681.541578][T18717] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 681.547368][T18717] ? ___ratelimit+0x60/0x595 [ 681.551936][T18717] ? do_raw_spin_unlock+0x57/0x270 [ 681.557033][T18717] oom_kill_process.cold+0x10/0x15 [ 681.562127][T18717] out_of_memory+0x334/0x1340 [ 681.566791][T18717] ? lock_downgrade+0x920/0x920 [ 681.571628][T18717] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 681.577423][T18717] ? oom_killer_disable+0x280/0x280 [ 681.582613][T18717] mem_cgroup_out_of_memory+0x1d8/0x240 [ 681.588143][T18717] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 681.593760][T18717] ? do_raw_spin_unlock+0x57/0x270 [ 681.598855][T18717] ? _raw_spin_unlock+0x2d/0x50 [ 681.603690][T18717] try_charge+0xf4b/0x1440 [ 681.608097][T18717] ? __lock_acquire+0x880/0x4a00 [ 681.613018][T18717] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 681.618549][T18717] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 681.624512][T18717] ? cache_grow_begin+0x122/0xd20 [ 681.629516][T18717] ? find_held_lock+0x35/0x130 [ 681.634699][T18717] ? cache_grow_begin+0x122/0xd20 [ 681.639711][T18717] __memcg_kmem_charge_memcg+0x71/0xf0 [ 681.645151][T18717] ? memcg_kmem_put_cache+0x50/0x50 [ 681.650415][T18717] ? __kasan_check_read+0x11/0x20 [ 681.655426][T18717] cache_grow_begin+0x629/0xd20 [ 681.660260][T18717] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 681.665967][T18717] ? mempolicy_slab_node+0x139/0x390 [ 681.671234][T18717] fallback_alloc+0x1fd/0x2d0 [ 681.675899][T18717] ____cache_alloc_node+0x1bc/0x1d0 [ 681.681253][T18717] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.687481][T18717] kmem_cache_alloc+0x1ef/0x710 [ 681.692311][T18717] ? lock_downgrade+0x920/0x920 [ 681.697139][T18717] ? rwlock_bug.part.0+0x90/0x90 [ 681.702068][T18717] ? ratelimit_state_init+0xb0/0xb0 [ 681.707245][T18717] ext4_alloc_inode+0x1f/0x640 [ 681.711993][T18717] ? ratelimit_state_init+0xb0/0xb0 [ 681.717171][T18717] alloc_inode+0x68/0x1e0 [ 681.721482][T18717] iget_locked+0x1a6/0x4b0 [ 681.725893][T18717] __ext4_iget+0x265/0x3bb0 [ 681.730469][T18717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.736695][T18717] ? ext4_get_projid+0x190/0x190 [ 681.741620][T18717] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 681.747147][T18717] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 681.753107][T18717] ? d_alloc_parallel+0xa78/0x1c30 [ 681.758311][T18717] ext4_lookup+0x3b1/0x7a0 [ 681.762712][T18717] ? ext4_cross_rename+0x1430/0x1430 [ 681.767984][T18717] ? __lock_acquire+0x16f2/0x4a00 [ 681.773002][T18717] ? __kasan_check_read+0x11/0x20 [ 681.778026][T18717] ? lockdep_init_map+0x1be/0x6d0 [ 681.783040][T18717] __lookup_slow+0x279/0x500 [ 681.787617][T18717] ? vfs_unlink+0x620/0x620 [ 681.792123][T18717] lookup_slow+0x58/0x80 [ 681.796349][T18717] path_mountpoint+0x5d2/0x1e60 [ 681.801284][T18717] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 681.806810][T18717] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 681.812773][T18717] ? path_openat+0x46d0/0x46d0 [ 681.817528][T18717] filename_mountpoint+0x190/0x3c0 [ 681.822631][T18717] ? filename_parentat.isra.0+0x410/0x410 [ 681.828333][T18717] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 681.834738][T18717] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.840957][T18717] ? __phys_addr_symbol+0x30/0x70 [ 681.845965][T18717] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 681.851673][T18717] ? __check_object_size+0x3d/0x437 [ 681.856867][T18717] ? strncpy_from_user+0x2b4/0x400 [ 681.861970][T18717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.868190][T18717] ? getname_flags+0x277/0x5b0 [ 681.872947][T18717] user_path_mountpoint_at+0x3a/0x50 [ 681.878328][T18717] ksys_umount+0x167/0xf00 [ 681.882724][T18717] ? down_read_non_owner+0x490/0x490 [ 681.888000][T18717] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 681.894219][T18717] ? __detach_mounts+0x2a0/0x2a0 [ 681.899141][T18717] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 681.904758][T18717] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 681.910202][T18717] ? do_syscall_64+0x26/0x760 [ 681.914871][T18717] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.921318][T18717] ? do_syscall_64+0x26/0x760 [ 681.925981][T18717] ? lockdep_hardirqs_on+0x418/0x5d0 [ 681.931248][T18717] __x64_sys_umount+0x54/0x80 [ 681.935910][T18717] do_syscall_64+0xfa/0x760 [ 681.940396][T18717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.946268][T18717] RIP: 0033:0x45c2a7 [ 681.950144][T18717] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 681.969730][T18717] RSP: 002b:00007ffe5e35b3d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 681.978129][T18717] RAX: ffffffffffffffda RBX: 00000000000a63b6 RCX: 000000000045c2a7 [ 681.986080][T18717] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffe5e35b480 [ 681.994029][T18717] RBP: 0000000000000008 R08: 0000000000000000 R09: 000000000000000e [ 682.001983][T18717] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffe5e35c510 [ 682.009949][T18717] R13: 000055555725e940 R14: 0000000000000000 R15: 00007ffe5e35c510 [ 682.039772][T18717] memory: usage 992kB, limit 0kB, failcnt 165 [ 682.052381][T18717] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 682.059759][T18717] Memory cgroup stats for /syz2: [ 682.059999][T18717] anon 167936 [ 682.059999][T18717] file 102400 [ 682.059999][T18717] kernel_stack 65536 [ 682.059999][T18717] slab 856064 [ 682.059999][T18717] sock 0 [ 682.059999][T18717] shmem 45056 [ 682.059999][T18717] file_mapped 0 [ 682.059999][T18717] file_dirty 0 [ 682.059999][T18717] file_writeback 0 [ 682.059999][T18717] anon_thp 0 [ 682.059999][T18717] inactive_anon 131072 [ 682.059999][T18717] active_anon 98304 [ 682.059999][T18717] inactive_file 0 [ 682.059999][T18717] active_file 0 [ 682.059999][T18717] unevictable 0 [ 682.059999][T18717] slab_reclaimable 270336 [ 682.059999][T18717] slab_unreclaimable 585728 [ 682.059999][T18717] pgfault 31317 [ 682.059999][T18717] pgmajfault 0 [ 682.059999][T18717] workingset_refault 0 [ 682.059999][T18717] workingset_activate 0 [ 682.059999][T18717] workingset_nodereclaim 0 [ 682.059999][T18717] pgrefill 33 [ 682.059999][T18717] pgscan 0 [ 682.059999][T18717] pgsteal 0 [ 682.059999][T18717] pgactivate 0 [ 682.071206][T18717] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18717,uid=0 [ 682.207778][T18785] chnl_net:caif_netlink_parms(): no params data found [ 682.215479][T18717] Memory cgroup out of memory: Killed process 18717 (syz-executor.2) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 682.253103][ T1065] oom_reaper: reaped process 18717 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 682.274823][T18785] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.282243][T18785] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.301174][T18785] device bridge_slave_0 entered promiscuous mode [ 682.309705][T18785] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.316911][T18785] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.325119][T18785] device bridge_slave_1 entered promiscuous mode [ 682.618959][T18785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.629882][T18785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 682.653417][T18785] team0: Port device team_slave_0 added [ 682.664835][T18785] team0: Port device team_slave_1 added [ 682.727113][T18785] device hsr_slave_0 entered promiscuous mode [ 682.764174][T18785] device hsr_slave_1 entered promiscuous mode [ 682.803837][T18785] debugfs: Directory 'hsr0' with parent '/' already present! [ 682.899910][T18785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 682.911452][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 682.921895][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 682.931257][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 682.941540][T18785] 8021q: adding VLAN 0 to HW filter on device team0 [ 682.992646][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 683.003312][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 683.012215][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.019328][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.028437][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 683.037135][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 683.045763][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.052983][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 683.061372][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 683.070402][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 683.089322][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 683.098591][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 683.108020][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 683.124205][T18785] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 683.134812][T18785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 683.148405][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 683.156645][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 683.165483][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 683.598423][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 683.623433][T18785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 684.042901][T18798] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 684.053947][T18798] CPU: 0 PID: 18798 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 684.063153][T18798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.073220][T18798] Call Trace: [ 684.076727][T18798] dump_stack+0x172/0x1f0 [ 684.081070][T18798] dump_header+0x177/0x1152 [ 684.085582][T18798] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 684.091393][T18798] ? ___ratelimit+0x2c8/0x595 [ 684.096095][T18798] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 684.101913][T18798] ? lockdep_hardirqs_on+0x418/0x5d0 [ 684.107489][T18798] ? trace_hardirqs_on+0x67/0x240 [ 684.112625][T18798] ? pagefault_out_of_memory+0x11c/0x11c [ 684.118263][T18798] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 684.124077][T18798] ? ___ratelimit+0x60/0x595 [ 684.128663][T18798] ? do_raw_spin_unlock+0x57/0x270 [ 684.133783][T18798] oom_kill_process.cold+0x10/0x15 [ 684.138910][T18798] out_of_memory+0x334/0x1340 [ 684.143676][T18798] ? __sched_text_start+0x8/0x8 [ 684.148533][T18798] ? oom_killer_disable+0x280/0x280 [ 684.153765][T18798] mem_cgroup_out_of_memory+0x1d8/0x240 [ 684.159312][T18798] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 684.164958][T18798] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 684.170768][T18798] ? cgroup_file_notify+0x140/0x1b0 [ 684.175986][T18798] memory_max_write+0x262/0x3a0 [ 684.180844][T18798] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 684.187616][T18798] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 684.193259][T18798] cgroup_file_write+0x241/0x790 [ 684.198237][T18798] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 684.205023][T18798] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 684.210846][T18798] ? kernfs_ops+0xf/0x120 [ 684.215443][T18798] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 684.221105][T18798] kernfs_fop_write+0x2b8/0x480 [ 684.225978][T18798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.232223][T18798] __vfs_write+0x8a/0x110 [ 684.236562][T18798] ? kernfs_fop_open+0xd80/0xd80 [ 684.241573][T18798] vfs_write+0x268/0x5d0 [ 684.245825][T18798] ksys_write+0x14f/0x290 [ 684.250247][T18798] ? __ia32_sys_read+0xb0/0xb0 [ 684.255025][T18798] ? do_syscall_64+0x26/0x760 [ 684.259705][T18798] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.265779][T18798] ? do_syscall_64+0x26/0x760 [ 684.270536][T18798] __x64_sys_write+0x73/0xb0 [ 684.275142][T18798] do_syscall_64+0xfa/0x760 [ 684.279654][T18798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.285722][T18798] RIP: 0033:0x459879 [ 684.289658][T18798] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 684.309262][T18798] RSP: 002b:00007f5b16dd2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 684.317852][T18798] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 684.325824][T18798] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 684.333886][T18798] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 684.341892][T18798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b16dd36d4 [ 684.349867][T18798] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 684.374236][T18798] memory: usage 3488kB, limit 0kB, failcnt 157 [ 684.380770][T18798] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 684.388238][T18798] Memory cgroup stats for /syz3: [ 684.389987][T18798] anon 2138112 [ 684.389987][T18798] file 192512 [ 684.389987][T18798] kernel_stack 65536 [ 684.389987][T18798] slab 1323008 [ 684.389987][T18798] sock 0 [ 684.389987][T18798] shmem 12288 [ 684.389987][T18798] file_mapped 0 [ 684.389987][T18798] file_dirty 135168 [ 684.389987][T18798] file_writeback 0 [ 684.389987][T18798] anon_thp 2097152 [ 684.389987][T18798] inactive_anon 135168 [ 684.389987][T18798] active_anon 2138112 [ 684.389987][T18798] inactive_file 81920 [ 684.389987][T18798] active_file 0 [ 684.389987][T18798] unevictable 0 [ 684.389987][T18798] slab_reclaimable 540672 [ 684.389987][T18798] slab_unreclaimable 782336 [ 684.389987][T18798] pgfault 25476 [ 684.389987][T18798] pgmajfault 0 [ 684.389987][T18798] workingset_refault 0 [ 684.389987][T18798] workingset_activate 0 [ 684.389987][T18798] workingset_nodereclaim 0 [ 684.389987][T18798] pgrefill 33 [ 684.389987][T18798] pgscan 254 [ 684.389987][T18798] pgsteal 220 [ 684.389987][T18798] pgactivate 0 [ 684.396952][T18798] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18797,uid=0 [ 684.510280][T18798] Memory cgroup out of memory: Killed process 18797 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 684.541758][ T1065] oom_reaper: reaped process 18797 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB 01:47:58 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000018c0)='clear_refs\x00\xb0Ix\xe6\fK\xa3/\xd7\xb9IqK\xcb\xe8\fW\xafYt|a\xa3\x16\x19\xcb\xaf\xea\x03O[k\xb1S2\x86\v\x9f\x14\xc6T\xd1\x01$\x84\xf5\xc9\xd8\xed\xca\xd2\xf0s\xe0\xcaPx\xfcd\xd3\x8d\x1e){\x9df\xa7\x14R\xb9,\xaegV\x96!n\b\xf2\x1e\x87\xb8\xb5M\xa0\xd1\xb5\xf3\xb4\xd6\xf8\xca\xf3J\x15\xed+,\x98\xfc\xbfX\x12\x97\xb3\x1b\xea\xfa\xff\xb7gx\xa1\x96\xad\x93\xaa=-z\x06r\b\'\f\x03U\b\xbc\xc8v\x14\xae\x8d3\"\xfc\\\x86\xc8\xe5\xe8\x14&.\xf7\xc1\x1fY\x9d\xa4\xb5\xefF\xe9\xeex\x80\x86$\xadw\xef\xd8o\\O<;%\x14\xdc(YW\xf0,\xd8\xf2d;\x86NK\\\xa3/Z\xd9)LvEYe\xd9\x97\xb3^\xe5H\x96\xe2p\xc7\xe3\x1d\xd1_\x8f\xf0\xce\x00\x97Sn\x83\xd1\x92\xd4\xa1\xcck\x1d\x93`\xc6e\xa5rw\x9a\xc4\xd6&') r1 = syz_open_procfs(0x0, &(0x7f0000000080)='syscall\x00\a\xa5B') r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x1) 01:47:58 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 01:47:58 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x604}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:58 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:47:58 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:47:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 684.951159][T18785] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 685.023623][T18785] CPU: 0 PID: 18785 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 685.032774][T18785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.042840][T18785] Call Trace: [ 685.046149][T18785] dump_stack+0x172/0x1f0 [ 685.050502][T18785] dump_header+0x177/0x1152 [ 685.055017][T18785] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 685.060829][T18785] ? ___ratelimit+0x2c8/0x595 [ 685.065516][T18785] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 685.071348][T18785] ? lockdep_hardirqs_on+0x418/0x5d0 [ 685.076653][T18785] ? trace_hardirqs_on+0x67/0x240 [ 685.081688][T18785] ? pagefault_out_of_memory+0x11c/0x11c [ 685.087333][T18785] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 685.093152][T18785] ? ___ratelimit+0x60/0x595 [ 685.097744][T18785] ? do_raw_spin_unlock+0x57/0x270 [ 685.102868][T18785] oom_kill_process.cold+0x10/0x15 [ 685.107991][T18785] out_of_memory+0x334/0x1340 [ 685.112674][T18785] ? lock_downgrade+0x920/0x920 [ 685.117540][T18785] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 685.123426][T18785] ? oom_killer_disable+0x280/0x280 [ 685.128650][T18785] mem_cgroup_out_of_memory+0x1d8/0x240 [ 685.134219][T18785] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 685.139862][T18785] ? do_raw_spin_unlock+0x57/0x270 [ 685.144985][T18785] ? _raw_spin_unlock+0x2d/0x50 [ 685.149852][T18785] try_charge+0xf4b/0x1440 [ 685.154286][T18785] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 685.159845][T18785] ? percpu_ref_tryget_live+0x111/0x290 [ 685.165408][T18785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.171664][T18785] ? __kasan_check_read+0x11/0x20 [ 685.176700][T18785] ? get_mem_cgroup_from_mm+0x156/0x320 [ 685.182349][T18785] mem_cgroup_try_charge+0x136/0x590 [ 685.187655][T18785] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 685.193915][T18785] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 685.199560][T18785] wp_page_copy+0x41e/0x1600 [ 685.204163][T18785] ? find_held_lock+0x35/0x130 [ 685.208936][T18785] ? follow_pfn+0x2a0/0x2a0 [ 685.213559][T18785] ? lock_downgrade+0x920/0x920 [ 685.218540][T18785] ? swp_swapcount+0x540/0x540 [ 685.223324][T18785] ? __kasan_check_read+0x11/0x20 [ 685.228351][T18785] ? do_raw_spin_unlock+0x57/0x270 [ 685.233474][T18785] do_wp_page+0x499/0x14d0 [ 685.237915][T18785] ? finish_mkwrite_fault+0x570/0x570 [ 685.243320][T18785] __handle_mm_fault+0x22f1/0x3f20 [ 685.248448][T18785] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 685.254020][T18785] ? __kasan_check_read+0x11/0x20 [ 685.259078][T18785] handle_mm_fault+0x1b5/0x6c0 [ 685.263855][T18785] __do_page_fault+0x536/0xdd0 [ 685.269509][T18785] do_page_fault+0x38/0x590 [ 685.274025][T18785] page_fault+0x39/0x40 [ 685.278182][T18785] RIP: 0033:0x430956 [ 685.282086][T18785] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 685.301697][T18785] RSP: 002b:00007fffe616c640 EFLAGS: 00010206 [ 685.307772][T18785] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 685.315756][T18785] RDX: 0000555557151930 RSI: 0000555557159970 RDI: 0000000000000003 01:47:58 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 685.323738][T18785] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557150940 [ 685.331722][T18785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 685.339702][T18785] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 01:47:59 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 685.839243][T18785] memory: usage 1140kB, limit 0kB, failcnt 165 [ 685.839661][T18805] bridge_slave_0: FDB only supports static addresses [ 685.852270][T18785] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.861080][T18785] Memory cgroup stats for /syz3: [ 685.861183][T18785] anon 36864 [ 685.861183][T18785] file 192512 [ 685.861183][T18785] kernel_stack 65536 [ 685.861183][T18785] slab 1323008 [ 685.861183][T18785] sock 0 [ 685.861183][T18785] shmem 12288 [ 685.861183][T18785] file_mapped 0 [ 685.861183][T18785] file_dirty 135168 [ 685.861183][T18785] file_writeback 0 [ 685.861183][T18785] anon_thp 0 [ 685.861183][T18785] inactive_anon 135168 [ 685.861183][T18785] active_anon 36864 [ 685.861183][T18785] inactive_file 81920 [ 685.861183][T18785] active_file 0 [ 685.861183][T18785] unevictable 0 [ 685.861183][T18785] slab_reclaimable 540672 [ 685.861183][T18785] slab_unreclaimable 782336 [ 685.861183][T18785] pgfault 25476 [ 685.861183][T18785] pgmajfault 0 [ 685.861183][T18785] workingset_refault 0 01:47:59 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 685.861183][T18785] workingset_activate 0 [ 685.861183][T18785] workingset_nodereclaim 0 [ 685.861183][T18785] pgrefill 33 [ 685.861183][T18785] pgscan 254 [ 685.861183][T18785] pgsteal 220 [ 685.861183][T18785] pgactivate 0 01:47:59 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x700}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:47:59 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000080)={0x7, [0x9, 0x4, 0x1ff, 0x3, 0x0, 0x6, 0x3]}, 0x12) [ 686.113697][T18785] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18785,uid=0 [ 686.148316][T18785] Memory cgroup out of memory: Killed process 18785 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 01:47:59 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 686.204801][ T1065] oom_reaper: reaped process 18785 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 686.723990][T18825] bridge_slave_0: FDB only supports static addresses 01:48:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000807fe4)={0xa, 0x4e22}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000ad6fad)='\x00', 0x1, 0x3fffffd, 0x0, 0x0) recvmsg(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/19, 0x9c}], 0x106, 0x0, 0xfffffe59}, 0x22) sendto$inet6(r1, &(0x7f0000000080)="06", 0x1, 0x7d, 0x0, 0x0) 01:48:00 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:48:00 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x1604}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:00 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x8000, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f00000000c0)) [ 687.244785][T18833] IPVS: ftp: loaded support on port[0] = 21 [ 687.588201][T18840] bridge_slave_0: FDB only supports static addresses [ 687.950865][T18846] IPVS: ftp: loaded support on port[0] = 21 [ 688.019142][T18833] chnl_net:caif_netlink_parms(): no params data found [ 688.028715][ T21] device bridge_slave_1 left promiscuous mode [ 688.036390][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.105002][ T21] device bridge_slave_0 left promiscuous mode [ 688.111240][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.145877][ T21] device bridge_slave_1 left promiscuous mode [ 688.152084][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.205063][ T21] device bridge_slave_0 left promiscuous mode [ 688.211261][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.266643][ T21] device bridge_slave_1 left promiscuous mode [ 688.272923][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.314847][ T21] device bridge_slave_0 left promiscuous mode [ 688.321063][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.004074][ T21] device hsr_slave_0 left promiscuous mode [ 694.043782][ T21] device hsr_slave_1 left promiscuous mode [ 694.093523][ T21] team0 (unregistering): Port device team_slave_1 removed [ 694.108526][ T21] team0 (unregistering): Port device team_slave_0 removed [ 694.121129][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 694.158758][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 694.232281][ T21] bond0 (unregistering): Released all slaves [ 694.404271][ T21] device hsr_slave_0 left promiscuous mode [ 694.453944][ T21] device hsr_slave_1 left promiscuous mode [ 694.525039][ T21] team0 (unregistering): Port device team_slave_1 removed [ 694.540359][ T21] team0 (unregistering): Port device team_slave_0 removed [ 694.552438][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 694.589579][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 694.662782][ T21] bond0 (unregistering): Released all slaves [ 694.834818][ T21] device hsr_slave_0 left promiscuous mode [ 694.883817][ T21] device hsr_slave_1 left promiscuous mode [ 694.934150][ T21] team0 (unregistering): Port device team_slave_1 removed [ 694.948641][ T21] team0 (unregistering): Port device team_slave_0 removed [ 694.960913][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 694.989282][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 695.062612][ T21] bond0 (unregistering): Released all slaves [ 695.243353][T18833] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.255035][T18833] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.263416][T18833] device bridge_slave_0 entered promiscuous mode [ 695.279517][T18833] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.289231][T18833] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.304448][T18833] device bridge_slave_1 entered promiscuous mode [ 695.350042][T18833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.376648][T18833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.400156][T18846] chnl_net:caif_netlink_parms(): no params data found [ 695.417672][T18833] team0: Port device team_slave_0 added [ 695.426350][T18833] team0: Port device team_slave_1 added [ 695.480888][T18846] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.492571][T18846] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.502079][T18846] device bridge_slave_0 entered promiscuous mode [ 695.512510][T18846] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.519912][T18846] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.528579][T18846] device bridge_slave_1 entered promiscuous mode [ 695.589439][T18833] device hsr_slave_0 entered promiscuous mode [ 695.644185][T18833] device hsr_slave_1 entered promiscuous mode [ 695.703723][T18833] debugfs: Directory 'hsr0' with parent '/' already present! [ 695.729561][T18846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.744702][T18846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.776783][T18846] team0: Port device team_slave_0 added [ 695.786782][T18846] team0: Port device team_slave_1 added [ 695.798753][T18833] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.805992][T18833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 695.813297][T18833] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.820397][T18833] bridge0: port 1(bridge_slave_0) entered forwarding state [ 695.877800][T18846] device hsr_slave_0 entered promiscuous mode [ 695.934252][T18846] device hsr_slave_1 entered promiscuous mode [ 695.973709][T18846] debugfs: Directory 'hsr0' with parent '/' already present! [ 696.132600][T18846] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.139758][T18846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 696.147156][T18846] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.154298][T18846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.176829][T18833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.205911][T18833] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.213104][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 696.224015][T13410] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.231872][T13410] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.242103][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 696.254503][T13410] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.262788][T13410] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.299513][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 696.315284][T13410] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.322359][T13410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.337739][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 696.346572][T13410] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.353695][T13410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 696.380117][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 696.404695][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 696.413492][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 696.424034][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 696.435125][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 696.444291][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 696.460329][T18833] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 696.478014][T18833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 696.492885][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 696.509304][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 696.520436][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 696.536477][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 696.571764][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 696.588835][T18833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 696.607913][T18846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.644122][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 696.652370][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 696.675751][T18846] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.703610][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 696.712828][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 696.729249][T17538] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.736407][T17538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.770233][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 696.779769][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 696.795763][T17538] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.802928][T17538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 696.818270][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 696.830200][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 696.865323][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 696.881171][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 696.890364][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 696.910143][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 696.950668][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 696.978152][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 696.994852][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 697.010853][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 697.022190][T18846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 697.040556][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 697.079995][T18846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 697.115485][T18855] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 697.144198][T18855] CPU: 1 PID: 18855 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 697.153348][T18855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.163416][T18855] Call Trace: [ 697.166718][T18855] dump_stack+0x172/0x1f0 [ 697.171059][T18855] dump_header+0x177/0x1152 [ 697.175580][T18855] ? pagefault_out_of_memory+0x11c/0x11c [ 697.181216][T18855] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 697.187026][T18855] ? ___ratelimit+0x60/0x595 [ 697.191611][T18855] ? do_raw_spin_unlock+0x57/0x270 [ 697.196738][T18855] oom_kill_process.cold+0x10/0x15 [ 697.201862][T18855] out_of_memory+0x334/0x1340 [ 697.206542][T18855] ? __sched_text_start+0x8/0x8 [ 697.211397][T18855] ? oom_killer_disable+0x280/0x280 [ 697.216612][T18855] mem_cgroup_out_of_memory+0x1d8/0x240 [ 697.222187][T18855] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 697.227809][T18855] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 697.233606][T18855] ? cgroup_file_notify+0x140/0x1b0 [ 697.238876][T18855] memory_max_write+0x262/0x3a0 [ 697.243727][T18855] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 697.250476][T18855] ? cgroup_file_write+0x86/0x790 [ 697.255494][T18855] cgroup_file_write+0x241/0x790 [ 697.260421][T18855] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 697.267163][T18855] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 697.272792][T18855] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 697.278434][T18855] kernfs_fop_write+0x2b8/0x480 [ 697.283268][T18855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.289489][T18855] __vfs_write+0x8a/0x110 [ 697.293809][T18855] ? kernfs_fop_open+0xd80/0xd80 [ 697.298744][T18855] vfs_write+0x268/0x5d0 [ 697.303061][T18855] ksys_write+0x14f/0x290 [ 697.307378][T18855] ? __ia32_sys_read+0xb0/0xb0 [ 697.312124][T18855] ? do_syscall_64+0x26/0x760 [ 697.316788][T18855] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.322850][T18855] ? do_syscall_64+0x26/0x760 [ 697.327511][T18855] __x64_sys_write+0x73/0xb0 [ 697.332083][T18855] do_syscall_64+0xfa/0x760 [ 697.336658][T18855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.342531][T18855] RIP: 0033:0x459879 [ 697.346411][T18855] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.365997][T18855] RSP: 002b:00007fc81827ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 697.374389][T18855] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 697.382348][T18855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 697.390315][T18855] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 697.398277][T18855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc81827f6d4 [ 697.406236][T18855] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 697.433256][T18855] memory: usage 3152kB, limit 0kB, failcnt 153 [ 697.440100][T18855] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 697.450063][T18855] Memory cgroup stats for /syz5: [ 697.451477][T18855] anon 2166784 [ 697.451477][T18855] file 0 [ 697.451477][T18855] kernel_stack 65536 [ 697.451477][T18855] slab 995328 [ 697.451477][T18855] sock 16384 [ 697.451477][T18855] shmem 28672 [ 697.451477][T18855] file_mapped 0 [ 697.451477][T18855] file_dirty 0 [ 697.451477][T18855] file_writeback 0 [ 697.451477][T18855] anon_thp 2097152 [ 697.451477][T18855] inactive_anon 0 [ 697.451477][T18855] active_anon 2166784 [ 697.451477][T18855] inactive_file 61440 [ 697.451477][T18855] active_file 0 [ 697.451477][T18855] unevictable 176128 [ 697.451477][T18855] slab_reclaimable 405504 [ 697.451477][T18855] slab_unreclaimable 589824 [ 697.451477][T18855] pgfault 24519 [ 697.451477][T18855] pgmajfault 0 [ 697.451477][T18855] workingset_refault 0 [ 697.451477][T18855] workingset_activate 0 [ 697.451477][T18855] workingset_nodereclaim 0 [ 697.451477][T18855] pgrefill 0 [ 697.451477][T18855] pgscan 0 [ 697.451477][T18855] pgsteal 0 [ 697.451477][T18855] pgactivate 0 [ 697.559854][T18855] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18854,uid=0 [ 697.663987][T18855] Memory cgroup out of memory: Killed process 18854 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 697.687767][T18861] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 697.688597][ T1065] oom_reaper: reaped process 18854 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 697.710762][T18861] CPU: 1 PID: 18861 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 697.719893][T18861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.729951][T18861] Call Trace: [ 697.733257][T18861] dump_stack+0x172/0x1f0 [ 697.737634][T18861] dump_header+0x177/0x1152 [ 697.742317][T18861] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 697.748134][T18861] ? ___ratelimit+0x2c8/0x595 [ 697.752830][T18861] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 697.758639][T18861] ? lockdep_hardirqs_on+0x418/0x5d0 [ 697.763934][T18861] ? trace_hardirqs_on+0x67/0x240 [ 697.769052][T18861] ? pagefault_out_of_memory+0x11c/0x11c [ 697.774698][T18861] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 697.780513][T18861] ? ___ratelimit+0x60/0x595 [ 697.785105][T18861] ? do_raw_spin_unlock+0x57/0x270 [ 697.790224][T18861] oom_kill_process.cold+0x10/0x15 [ 697.795362][T18861] out_of_memory+0x334/0x1340 [ 697.800050][T18861] ? oom_killer_disable+0x280/0x280 [ 697.805293][T18861] mem_cgroup_out_of_memory+0x1d8/0x240 [ 697.810844][T18861] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 697.816587][T18861] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 697.822395][T18861] ? cgroup_file_notify+0x140/0x1b0 [ 697.827599][T18861] memory_max_write+0x262/0x3a0 [ 697.832462][T18861] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 697.839242][T18861] ? lock_acquire+0x190/0x410 [ 697.843925][T18861] ? kernfs_fop_write+0x227/0x480 [ 697.848960][T18861] cgroup_file_write+0x241/0x790 [ 697.853909][T18861] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 697.860677][T18861] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 697.866407][T18861] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 697.872303][T18861] kernfs_fop_write+0x2b8/0x480 [ 697.877157][T18861] __vfs_write+0x8a/0x110 [ 697.881502][T18861] ? kernfs_fop_open+0xd80/0xd80 [ 697.886445][T18861] vfs_write+0x268/0x5d0 [ 697.890692][T18861] ksys_write+0x14f/0x290 [ 697.895029][T18861] ? __ia32_sys_read+0xb0/0xb0 [ 697.900067][T18861] ? do_syscall_64+0x26/0x760 [ 697.904835][T18861] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.910900][T18861] ? do_syscall_64+0x26/0x760 [ 697.915583][T18861] __x64_sys_write+0x73/0xb0 [ 697.920194][T18861] do_syscall_64+0xfa/0x760 [ 697.924708][T18861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.930874][T18861] RIP: 0033:0x459879 [ 697.934774][T18861] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.954391][T18861] RSP: 002b:00007f10d8d63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 697.962816][T18861] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 697.970791][T18861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 697.978762][T18861] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 697.986742][T18861] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10d8d646d4 [ 697.994714][T18861] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 698.017830][T18861] memory: usage 3328kB, limit 0kB, failcnt 166 [ 698.027078][T18861] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.035467][T18861] Memory cgroup stats for /syz2: [ 698.036907][T18861] anon 2203648 [ 698.036907][T18861] file 102400 [ 698.036907][T18861] kernel_stack 65536 [ 698.036907][T18861] slab 856064 [ 698.036907][T18861] sock 0 [ 698.036907][T18861] shmem 45056 [ 698.036907][T18861] file_mapped 0 [ 698.036907][T18861] file_dirty 0 [ 698.036907][T18861] file_writeback 0 [ 698.036907][T18861] anon_thp 2097152 [ 698.036907][T18861] inactive_anon 131072 [ 698.036907][T18861] active_anon 2203648 [ 698.036907][T18861] inactive_file 0 [ 698.036907][T18861] active_file 0 [ 698.036907][T18861] unevictable 0 [ 698.036907][T18861] slab_reclaimable 270336 [ 698.036907][T18861] slab_unreclaimable 585728 [ 698.036907][T18861] pgfault 31383 [ 698.036907][T18861] pgmajfault 0 [ 698.036907][T18861] workingset_refault 0 [ 698.036907][T18861] workingset_activate 0 [ 698.036907][T18861] workingset_nodereclaim 0 [ 698.036907][T18861] pgrefill 33 [ 698.036907][T18861] pgscan 0 [ 698.036907][T18861] pgsteal 0 [ 698.036907][T18861] pgactivate 0 [ 698.140683][T18861] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18860,uid=0 [ 698.180614][T18861] Memory cgroup out of memory: Killed process 18860 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 698.268457][ T1065] oom_reaper: reaped process 18860 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 698.310241][T18833] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 698.354700][T18833] CPU: 0 PID: 18833 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 698.363935][T18833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.373992][T18833] Call Trace: [ 698.377294][T18833] dump_stack+0x172/0x1f0 [ 698.381639][T18833] dump_header+0x177/0x1152 [ 698.386141][T18833] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 698.391974][T18833] ? ___ratelimit+0x2c8/0x595 [ 698.396665][T18833] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 698.402487][T18833] ? lockdep_hardirqs_on+0x418/0x5d0 [ 698.407768][T18833] ? trace_hardirqs_on+0x67/0x240 [ 698.412793][T18833] ? pagefault_out_of_memory+0x11c/0x11c [ 698.418512][T18833] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 698.424326][T18833] ? ___ratelimit+0x60/0x595 [ 698.428909][T18833] ? do_raw_spin_unlock+0x57/0x270 [ 698.434040][T18833] oom_kill_process.cold+0x10/0x15 [ 698.439154][T18833] out_of_memory+0x334/0x1340 [ 698.443849][T18833] ? lock_downgrade+0x920/0x920 [ 698.448704][T18833] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 698.454509][T18833] ? oom_killer_disable+0x280/0x280 [ 698.459724][T18833] mem_cgroup_out_of_memory+0x1d8/0x240 [ 698.465271][T18833] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 698.470911][T18833] ? do_raw_spin_unlock+0x57/0x270 [ 698.476030][T18833] ? _raw_spin_unlock+0x2d/0x50 [ 698.480883][T18833] try_charge+0xf4b/0x1440 [ 698.485301][T18833] ? __lock_acquire+0x880/0x4a00 [ 698.490252][T18833] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 698.495798][T18833] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 698.501789][T18833] ? cache_grow_begin+0x122/0xd20 [ 698.506819][T18833] ? find_held_lock+0x35/0x130 [ 698.511579][T18833] ? cache_grow_begin+0x122/0xd20 [ 698.516609][T18833] __memcg_kmem_charge_memcg+0x71/0xf0 [ 698.522068][T18833] ? memcg_kmem_put_cache+0x50/0x50 [ 698.527266][T18833] ? __kasan_check_read+0x11/0x20 [ 698.532293][T18833] cache_grow_begin+0x629/0xd20 [ 698.537162][T18833] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 698.542875][T18833] ? mempolicy_slab_node+0x139/0x390 [ 698.548167][T18833] fallback_alloc+0x1fd/0x2d0 [ 698.552851][T18833] ____cache_alloc_node+0x1bc/0x1d0 [ 698.558047][T18833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.564285][T18833] kmem_cache_alloc+0x1ef/0x710 [ 698.569133][T18833] ? stack_trace_save+0xac/0xe0 [ 698.573987][T18833] __alloc_file+0x27/0x340 [ 698.578417][T18833] alloc_empty_file+0x72/0x170 [ 698.583176][T18833] path_openat+0xef/0x46d0 [ 698.587590][T18833] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 698.593407][T18833] ? kasan_slab_alloc+0xf/0x20 [ 698.598255][T18833] ? kmem_cache_alloc+0x121/0x710 [ 698.603277][T18833] ? getname_flags+0xd6/0x5b0 [ 698.607945][T18833] ? getname+0x1a/0x20 [ 698.612009][T18833] ? do_sys_open+0x2c9/0x5d0 [ 698.616602][T18833] ? __x64_sys_open+0x7e/0xc0 [ 698.621288][T18833] ? __kasan_check_read+0x11/0x20 [ 698.626325][T18833] ? mark_lock+0xc2/0x1220 [ 698.630746][T18833] ? __kasan_check_read+0x11/0x20 [ 698.635778][T18833] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 698.641332][T18833] ? __alloc_fd+0x487/0x620 [ 698.645836][T18833] do_filp_open+0x1a1/0x280 [ 698.650337][T18833] ? may_open_dev+0x100/0x100 [ 698.655012][T18833] ? lock_downgrade+0x920/0x920 [ 698.659863][T18833] ? rwlock_bug.part.0+0x90/0x90 [ 698.664818][T18833] ? __kasan_check_read+0x11/0x20 [ 698.669843][T18833] ? do_raw_spin_unlock+0x57/0x270 [ 698.674961][T18833] ? _raw_spin_unlock+0x2d/0x50 [ 698.679808][T18833] ? __alloc_fd+0x487/0x620 [ 698.684333][T18833] do_sys_open+0x3fe/0x5d0 [ 698.688768][T18833] ? filp_open+0x80/0x80 [ 698.693009][T18833] ? __detach_mounts+0x2a0/0x2a0 [ 698.698035][T18833] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 698.703501][T18833] ? do_syscall_64+0x26/0x760 [ 698.708174][T18833] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.714246][T18833] ? do_syscall_64+0x26/0x760 [ 698.718935][T18833] __x64_sys_open+0x7e/0xc0 [ 698.723445][T18833] do_syscall_64+0xfa/0x760 [ 698.727955][T18833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.733847][T18833] RIP: 0033:0x4577f0 [ 698.737741][T18833] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 698.758393][T18833] RSP: 002b:00007ffe4dc5b520 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 698.767731][T18833] RAX: ffffffffffffffda RBX: 00000000000aa2c8 RCX: 00000000004577f0 [ 698.775706][T18833] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe4dc5c700 [ 698.783680][T18833] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555580b940 [ 698.791642][T18833] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe4dc5c700 [ 698.799610][T18833] R13: 00007ffe4dc5c6f0 R14: 0000000000000000 R15: 00007ffe4dc5c700 [ 698.812560][T18833] memory: usage 816kB, limit 0kB, failcnt 165 [ 698.830520][T18833] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.837550][T18833] Memory cgroup stats for /syz5: [ 698.837645][T18833] anon 65536 [ 698.837645][T18833] file 0 [ 698.837645][T18833] kernel_stack 0 [ 698.837645][T18833] slab 995328 [ 698.837645][T18833] sock 16384 [ 698.837645][T18833] shmem 28672 [ 698.837645][T18833] file_mapped 0 [ 698.837645][T18833] file_dirty 0 [ 698.837645][T18833] file_writeback 0 [ 698.837645][T18833] anon_thp 0 [ 698.837645][T18833] inactive_anon 0 [ 698.837645][T18833] active_anon 65536 [ 698.837645][T18833] inactive_file 61440 [ 698.837645][T18833] active_file 0 [ 698.837645][T18833] unevictable 176128 [ 698.837645][T18833] slab_reclaimable 405504 [ 698.837645][T18833] slab_unreclaimable 589824 [ 698.837645][T18833] pgfault 24519 [ 698.837645][T18833] pgmajfault 0 [ 698.837645][T18833] workingset_refault 0 [ 698.837645][T18833] workingset_activate 0 [ 698.837645][T18833] workingset_nodereclaim 0 [ 698.837645][T18833] pgrefill 0 [ 698.837645][T18833] pgscan 0 [ 698.837645][T18833] pgsteal 0 [ 698.837645][T18833] pgactivate 0 [ 698.935036][T18833] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18833,uid=0 01:48:12 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:48:12 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:48:12 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x4, 0x6d, 0x2, 0x0, 0x0}, 0x14) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000100), &(0x7f0000000540), 0x2}, 0x20) 01:48:12 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x2000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:12 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e20, 0xff, @rand_addr="1893393bc499b7b65e4332e56e138f18", 0x40}}, 0x6, 0x8, 0x5, 0x5, 0x8}, &(0x7f0000000180)=0x98) pidfd_send_signal(r1, 0x20, &(0x7f00000006c0)={0x1, 0xfffffffffffffffb, 0x3}, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000001c0)={r2, 0xfffffffffffffffb, 0x7, 0x20000004, 0x10001, 0x20000000000007f}, &(0x7f00000002c0)=0x14) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000680), 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={0x0, r1, 0x7, 0x6b655bbf9856c0b7}, 0xfffffffffffffed8) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'tunl0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="523f000000000000ff7f0000502c4b3d6e24e463"]}) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000500)={{0x2, 0x4e24, @loopback}, {0x306}, 0x18, {0x2, 0x4e20, @multicast1}, 'yam0\x00'}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000080)={r0}) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x121000, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000580)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000300)=0xe8) ioctl$SIOCAX25ADDUID(r4, 0x89e1, &(0x7f00000003c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, r5}) setsockopt$ax25_int(r1, 0x101, 0x2, &(0x7f0000000040)=0x600000000, 0x4) write$nbd(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="6744669800000000040004000400000005cff7e4eaf6881924c8364bcb966f4fff67af29783e1f7f3885c4d622f6e3890122067e92d7d6658bc6c1e3e75b23bed61d2327eafb5bd2e245867106f549b1e2eb4c39c990581203c65752a0544075777b827b263eea595f729520213f251ffd536407ee4c7324311cd76274a025ebac375fdb149c9dd063a0034c6cac1298f5250cc91008dd3967990a8d307135c74f21eb54e3c946ec50bdf8b273aef9495e6be317ab30baa3b7c531fb0a365b43f766bb2e008b9438599f76356d961fc0a59136fc66517198d63247e63bba17ce70f60a485ff037407d245fc96cf175badc940976a4d59fffb8ea56662e"], 0x9e) write$char_usb(r1, &(0x7f0000000380)="e203717c29361932ca15", 0xa) 01:48:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 698.952391][T18833] Memory cgroup out of memory: Killed process 18833 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 698.972469][ T1065] oom_reaper: reaped process 18833 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 699.000685][T18846] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 699.022292][T18846] CPU: 0 PID: 18846 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 699.031464][T18846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.041523][T18846] Call Trace: [ 699.044828][T18846] dump_stack+0x172/0x1f0 [ 699.049193][T18846] dump_header+0x177/0x1152 [ 699.053708][T18846] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 699.059521][T18846] ? ___ratelimit+0x2c8/0x595 [ 699.064208][T18846] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 699.070023][T18846] ? lockdep_hardirqs_on+0x418/0x5d0 [ 699.075303][T18871] bridge_slave_0: FDB only supports static addresses [ 699.082001][T18846] ? trace_hardirqs_on+0x67/0x240 [ 699.087038][T18846] ? pagefault_out_of_memory+0x11c/0x11c [ 699.092682][T18846] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 699.098505][T18846] ? ___ratelimit+0x60/0x595 [ 699.103102][T18846] ? do_raw_spin_unlock+0x57/0x270 [ 699.108233][T18846] oom_kill_process.cold+0x10/0x15 [ 699.113360][T18846] out_of_memory+0x334/0x1340 [ 699.118045][T18846] ? lock_downgrade+0x920/0x920 [ 699.122909][T18846] ? oom_killer_disable+0x280/0x280 [ 699.128142][T18846] mem_cgroup_out_of_memory+0x1d8/0x240 [ 699.133708][T18846] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 699.139355][T18846] ? do_raw_spin_unlock+0x57/0x270 [ 699.144481][T18846] ? _raw_spin_unlock+0x2d/0x50 [ 699.149356][T18846] try_charge+0xf4b/0x1440 [ 699.153791][T18846] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 699.159342][T18846] ? percpu_ref_tryget_live+0x111/0x290 [ 699.164898][T18846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.171147][T18846] ? __kasan_check_read+0x11/0x20 [ 699.176191][T18846] ? get_mem_cgroup_from_mm+0x156/0x320 [ 699.181748][T18846] mem_cgroup_try_charge+0x136/0x590 [ 699.187047][T18846] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 699.193300][T18846] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 699.198944][T18846] wp_page_copy+0x41e/0x1600 [ 699.203547][T18846] ? find_held_lock+0x35/0x130 [ 699.208336][T18846] ? follow_pfn+0x2a0/0x2a0 [ 699.212858][T18846] ? lock_downgrade+0x920/0x920 [ 699.217728][T18846] ? swp_swapcount+0x540/0x540 [ 699.222506][T18846] ? __kasan_check_read+0x11/0x20 [ 699.227555][T18846] ? do_raw_spin_unlock+0x57/0x270 [ 699.232676][T18846] do_wp_page+0x499/0x14d0 [ 699.237111][T18846] ? finish_mkwrite_fault+0x570/0x570 [ 699.242517][T18846] __handle_mm_fault+0x22f1/0x3f20 [ 699.247653][T18846] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 699.253478][T18846] ? __kasan_check_read+0x11/0x20 [ 699.258528][T18846] handle_mm_fault+0x1b5/0x6c0 [ 699.263316][T18846] __do_page_fault+0x536/0xdd0 [ 699.268102][T18846] do_page_fault+0x38/0x590 [ 699.272616][T18846] page_fault+0x39/0x40 [ 699.276776][T18846] RIP: 0033:0x430956 [ 699.280669][T18846] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 699.300274][T18846] RSP: 002b:00007ffc5282c530 EFLAGS: 00010206 [ 699.306351][T18846] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 699.314368][T18846] RDX: 0000555555609930 RSI: 0000555555611970 RDI: 0000000000000003 [ 699.322369][T18846] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555608940 [ 699.330350][T18846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 699.338334][T18846] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 01:48:12 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x101, 0x800, 0x9, 0x80000000, 0xce94, 0x3, 0x3, 0x4, 0x34a, 0x40, 0x2b6, 0x9, 0x800, 0x38, 0x2, 0x7ff, 0x4, 0xfffffffffffffffd}, [{0x3, 0x1ba6341e, 0x40, 0x4, 0xfffffffffffffffe, 0x2d, 0x7, 0xffff}], "d4a1447a29be97b3d41ace7dfe5eec8e59350d22a54a2df801cbf0db1d4493f05b2f6ca90db1b65c70e654a609f6e2826dc1bef3eaf5ecffffd22b3ecd1269901a2a84ef0b79497e208308291af4bd1de49f1c0861159ebbbbedc5cb75dfccd671931bc3588e6b1f73a894adf786d25cc4162d8326a86a64df4b063e1aa9eb28c1e6ea20c4d9", [[], []]}, 0x2fe) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 699.354464][T18846] memory: usage 992kB, limit 0kB, failcnt 174 [ 699.360572][T18846] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 699.397601][T18846] Memory cgroup stats for /syz2: [ 699.397708][T18846] anon 0 [ 699.397708][T18846] file 102400 [ 699.397708][T18846] kernel_stack 0 [ 699.397708][T18846] slab 856064 [ 699.397708][T18846] sock 0 [ 699.397708][T18846] shmem 45056 [ 699.397708][T18846] file_mapped 0 [ 699.397708][T18846] file_dirty 0 [ 699.397708][T18846] file_writeback 0 [ 699.397708][T18846] anon_thp 0 [ 699.397708][T18846] inactive_anon 131072 [ 699.397708][T18846] active_anon 0 [ 699.397708][T18846] inactive_file 0 [ 699.397708][T18846] active_file 0 [ 699.397708][T18846] unevictable 0 [ 699.397708][T18846] slab_reclaimable 270336 01:48:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x3f00}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:13 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 699.397708][T18846] slab_unreclaimable 585728 [ 699.397708][T18846] pgfault 31383 [ 699.397708][T18846] pgmajfault 0 [ 699.397708][T18846] workingset_refault 0 [ 699.397708][T18846] workingset_activate 0 [ 699.397708][T18846] workingset_nodereclaim 0 [ 699.397708][T18846] pgrefill 33 [ 699.397708][T18846] pgscan 0 [ 699.397708][T18846] pgsteal 0 [ 699.397708][T18846] pgactivate 0 01:48:13 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 699.833687][T18846] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18846,uid=0 01:48:13 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 699.870778][T18846] Memory cgroup out of memory: Killed process 18846 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 699.926357][ T1065] oom_reaper: reaped process 18846 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:48:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 700.116583][T18880] bridge_slave_0: FDB only supports static addresses 01:48:14 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:48:14 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 700.467292][T18890] bridge_slave_0: FDB only supports static addresses [ 700.480703][T18889] bridge_slave_0: FDB only supports static addresses [ 701.006331][T18893] IPVS: ftp: loaded support on port[0] = 21 [ 701.088979][T18893] chnl_net:caif_netlink_parms(): no params data found [ 701.528919][T18893] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.536213][T18893] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.544133][T18893] device bridge_slave_0 entered promiscuous mode [ 701.552406][T18893] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.559609][T18893] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.567742][T18893] device bridge_slave_1 entered promiscuous mode [ 701.792838][T18893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.804049][T18893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 702.084701][T18893] team0: Port device team_slave_0 added [ 702.092171][T18893] team0: Port device team_slave_1 added [ 702.116558][T18896] IPVS: ftp: loaded support on port[0] = 21 [ 702.145540][T18893] device hsr_slave_0 entered promiscuous mode [ 702.184098][T18893] device hsr_slave_1 entered promiscuous mode [ 702.243684][T18893] debugfs: Directory 'hsr0' with parent '/' already present! [ 702.984751][T18896] chnl_net:caif_netlink_parms(): no params data found [ 703.242260][T18896] bridge0: port 1(bridge_slave_0) entered blocking state [ 703.250633][T18896] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.259238][T18896] device bridge_slave_0 entered promiscuous mode [ 703.270344][T18893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 703.492025][T18896] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.499538][T18896] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.509362][T18896] device bridge_slave_1 entered promiscuous mode [ 703.521311][T18893] 8021q: adding VLAN 0 to HW filter on device team0 [ 703.528872][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 703.537383][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 703.782062][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 703.791662][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 703.800851][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 703.807954][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 703.817668][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 703.826391][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 703.835383][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.842423][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 703.850515][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 703.864996][T18896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 703.878289][T18896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 703.888461][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 703.896639][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 703.906458][ T21] device bridge_slave_1 left promiscuous mode [ 703.912630][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.984799][ T21] device bridge_slave_0 left promiscuous mode [ 703.990978][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.045675][ T21] device bridge_slave_1 left promiscuous mode [ 704.051975][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.084853][ T21] device bridge_slave_0 left promiscuous mode [ 704.091084][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.145907][ T21] device bridge_slave_1 left promiscuous mode [ 704.152147][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.224853][ T21] device bridge_slave_0 left promiscuous mode [ 704.231042][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.094309][ T21] device hsr_slave_0 left promiscuous mode [ 710.134757][ T21] device hsr_slave_1 left promiscuous mode [ 710.182504][ T21] team0 (unregistering): Port device team_slave_1 removed [ 710.201408][ T21] team0 (unregistering): Port device team_slave_0 removed [ 710.214187][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 710.263055][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 710.352899][ T21] bond0 (unregistering): Released all slaves [ 710.544560][ T21] device hsr_slave_0 left promiscuous mode [ 710.583918][ T21] device hsr_slave_1 left promiscuous mode [ 710.638786][ T21] team0 (unregistering): Port device team_slave_1 removed [ 710.652204][ T21] team0 (unregistering): Port device team_slave_0 removed [ 710.664594][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 710.698165][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 710.790472][ T21] bond0 (unregistering): Released all slaves [ 710.934516][ T21] device hsr_slave_0 left promiscuous mode [ 710.973909][ T21] device hsr_slave_1 left promiscuous mode [ 711.046389][ T21] team0 (unregistering): Port device team_slave_1 removed [ 711.059618][ T21] team0 (unregistering): Port device team_slave_0 removed [ 711.071814][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.117888][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 711.192245][ T21] bond0 (unregistering): Released all slaves [ 711.331895][T18893] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 711.342862][T18893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 711.356507][T18896] team0: Port device team_slave_0 added [ 711.362904][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 711.372062][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 711.380751][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 711.389584][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 711.398372][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 711.407034][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 711.417292][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 711.425764][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 711.441905][T18896] team0: Port device team_slave_1 added [ 711.458380][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 711.466752][T17988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 711.526217][T18896] device hsr_slave_0 entered promiscuous mode [ 711.574431][T18896] device hsr_slave_1 entered promiscuous mode [ 711.643736][T18896] debugfs: Directory 'hsr0' with parent '/' already present! [ 711.662373][T18893] 8021q: adding VLAN 0 to HW filter on device batadv0 01:48:25 executing program 3: openat$ptmx(0xffffffffffffff9c, &(0x7f0000001940)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000100)={0xff, @empty, 0x0, 0x0, 'sh\x00'}, 0x2c) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000440)={0x0, 0x0, @ioapic={0x4000}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0xd000) ioctl$KVM_RUN(r2, 0xae80, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x1, 0xa0) write$P9_RLOCK(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x35, 0x1}, 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000300)={{}, {}, {0x0, 0x0, 0x0, 0x8b, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x100a0}) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:48:25 executing program 0: r0 = socket$kcm(0xa, 0x7, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000080)={r0}) 01:48:25 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:48:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4800}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 711.981379][T18896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 712.056252][T18908] bridge_slave_0: FDB only supports static addresses [ 712.104997][T18896] 8021q: adding VLAN 0 to HW filter on device team0 [ 712.138263][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 01:48:25 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 712.161184][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 712.197898][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 712.269004][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 01:48:25 executing program 0: r0 = socket$kcm(0xa, 0x22, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 01:48:25 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4c00}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 712.310679][ T3713] bridge0: port 1(bridge_slave_0) entered blocking state [ 712.317976][ T3713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 712.345653][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 01:48:25 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 712.367852][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 712.397051][ T3713] bridge0: port 2(bridge_slave_1) entered blocking state [ 712.404254][ T3713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 712.471677][T18929] bridge_slave_0: FDB only supports static addresses 01:48:26 executing program 0: socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) r0 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x4000000000ffff, 0x0) io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0) socketpair(0x4, 0x0, 0x1, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f00000000c0)={0x400, 0x8, 0x37b, 0xfff}, 0x10) 01:48:26 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 712.577359][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 712.598094][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 712.654638][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 712.703333][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 712.743163][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 712.761540][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 712.779776][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 712.808321][T18896] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 712.833121][T18896] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 712.891344][T18943] bridge_slave_0: FDB only supports static addresses [ 712.913686][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 712.937201][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 712.967544][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 713.008803][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 713.028016][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 713.078620][ T3713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 713.118681][T18896] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 713.460278][T18955] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 713.477719][T18955] CPU: 0 PID: 18955 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 713.487132][T18955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.497200][T18955] Call Trace: [ 713.500498][T18955] dump_stack+0x172/0x1f0 [ 713.504863][T18955] dump_header+0x177/0x1152 [ 713.509491][T18955] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 713.515305][T18955] ? ___ratelimit+0x2c8/0x595 [ 713.519989][T18955] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 713.525800][T18955] ? lockdep_hardirqs_on+0x418/0x5d0 [ 713.531087][T18955] ? trace_hardirqs_on+0x67/0x240 [ 713.536118][T18955] ? pagefault_out_of_memory+0x11c/0x11c [ 713.541758][T18955] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 713.547567][T18955] ? ___ratelimit+0x60/0x595 [ 713.552254][T18955] oom_kill_process.cold+0x10/0x15 [ 713.557461][T18955] out_of_memory+0x334/0x1340 [ 713.562137][T18955] ? __this_cpu_preempt_check+0x3a/0x210 [ 713.567777][T18955] ? retint_kernel+0x2b/0x2b [ 713.572378][T18955] ? oom_killer_disable+0x280/0x280 [ 713.577589][T18955] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 713.583315][T18955] mem_cgroup_out_of_memory+0x1d8/0x240 [ 713.588957][T18955] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 713.594649][T18955] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 713.600454][T18955] ? cgroup_file_notify+0x140/0x1b0 [ 713.606006][T18955] memory_max_write+0x262/0x3a0 [ 713.610875][T18955] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 713.617642][T18955] ? __this_cpu_preempt_check+0x3a/0x210 [ 713.623281][T18955] ? retint_kernel+0x2b/0x2b [ 713.627887][T18955] cgroup_file_write+0x241/0x790 [ 713.632847][T18955] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 713.639621][T18955] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 713.645305][T18955] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 713.651027][T18955] kernfs_fop_write+0x2b8/0x480 [ 713.655888][T18955] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 713.662154][T18955] __vfs_write+0x8a/0x110 [ 713.666484][T18955] ? kernfs_fop_open+0xd80/0xd80 [ 713.671423][T18955] vfs_write+0x268/0x5d0 [ 713.675670][T18955] ksys_write+0x14f/0x290 [ 713.680006][T18955] ? __ia32_sys_read+0xb0/0xb0 [ 713.684865][T18955] ? do_syscall_64+0x26/0x760 [ 713.689567][T18955] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.695639][T18955] ? do_syscall_64+0x26/0x760 [ 713.700334][T18955] __x64_sys_write+0x73/0xb0 [ 713.705013][T18955] do_syscall_64+0xfa/0x760 [ 713.709531][T18955] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.715524][T18955] RIP: 0033:0x459879 [ 713.719432][T18955] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 713.739399][T18955] RSP: 002b:00007f475f0edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 713.748075][T18955] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 713.756045][T18955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 713.764029][T18955] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 713.772008][T18955] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f475f0ee6d4 [ 713.779988][T18955] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 713.802282][T18955] memory: usage 3176kB, limit 0kB, failcnt 166 [ 713.810064][T18955] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 713.821390][T18955] Memory cgroup stats for /syz5: [ 713.823116][T18955] anon 2117632 [ 713.823116][T18955] file 0 [ 713.823116][T18955] kernel_stack 0 [ 713.823116][T18955] slab 995328 [ 713.823116][T18955] sock 16384 [ 713.823116][T18955] shmem 28672 [ 713.823116][T18955] file_mapped 0 [ 713.823116][T18955] file_dirty 0 [ 713.823116][T18955] file_writeback 0 [ 713.823116][T18955] anon_thp 2097152 [ 713.823116][T18955] inactive_anon 0 [ 713.823116][T18955] active_anon 2117632 [ 713.823116][T18955] inactive_file 61440 [ 713.823116][T18955] active_file 0 [ 713.823116][T18955] unevictable 176128 [ 713.823116][T18955] slab_reclaimable 405504 [ 713.823116][T18955] slab_unreclaimable 589824 [ 713.823116][T18955] pgfault 24618 [ 713.823116][T18955] pgmajfault 0 [ 713.823116][T18955] workingset_refault 0 [ 713.823116][T18955] workingset_activate 0 [ 713.823116][T18955] workingset_nodereclaim 0 [ 713.823116][T18955] pgrefill 0 [ 713.823116][T18955] pgscan 0 [ 713.823116][T18955] pgsteal 0 [ 713.823116][T18955] pgactivate 0 [ 713.919407][T18955] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18954,uid=0 [ 713.937022][T18955] Memory cgroup out of memory: Killed process 18954 (syz-executor.5) total-vm:72580kB, anon-rss:2180kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 713.958741][ T1065] oom_reaper: reaped process 18954 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:48:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000000)) 01:48:27 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:48:27 executing program 0: r0 = openat$usbmon(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon0\x00', 0x208000, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x280000, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x490082, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000600)='/dev/uinput\x00', 0x802, 0x0) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000640)='syz1\x00', 0x200002, 0x0) r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000680)='ns/uts\x00') r6 = openat$vcs(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/vcs\x00', 0x0, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000700)='/dev/input/event#\x00', 0xffffffffffffff79, 0x80000) r8 = socket$inet6_dccp(0xa, 0x6, 0x0) ppoll(&(0x7f0000000740)=[{r0, 0x2}, {r1, 0x40}, {r2, 0x40}, {r3, 0x1010}, {r4, 0x4400}, {r5, 0x2050}, {r6, 0x80}, {r7, 0x1000}, {r8, 0x200}], 0x9, &(0x7f00000007c0), &(0x7f0000000800)={0x2}, 0x8) r9 = socket$kcm(0xa, 0x2, 0x0) r10 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x102, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={0x0, r10, 0x4, 0x5}, 0x250) ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x890b, &(0x7f00000000c0)={r9}) r11 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x1babea8e, 0x20000) ioctl$KVM_SET_XSAVE(r10, 0x5000aea5, &(0x7f0000000200)={"a90c466df74138bce510da1feb0249576a407577026909b9c8ba5b7d1e38b3dec7f565aa416ae1732d9264778a0b4233554e17b2bebcaf72a1243c26858003e2dae12f6607807a3375d74b4fa43ca2ea8c8fc0f529c0f419b069050ad4acf7a83c2cd3ce25ab91668801adafaefc2b81eb78e8964c4211963f769344ffc95972b7ebd2a7c2846b198091233941cfee6fcaea612331723bd3c31282432d47877d18a9a02a5b09e3bb77cdb1535aa5255ef8144894ca764502705bf49b27a10c258b4ed228dd9161d877d3d0f41e0709a05e342f88e32f3d591b612f97c1a1669bb3ba13e923d9a7fc0aff27bed8b465332c214b83322a3dfc4b8940ed5a5e1e1038a9fc70fc38de54984a1f909cfcc3eac7d45c82be51f060bd33a14fdc6722a96e70d562ab2de9d67860661a370a555e2249c80547c3ba55032401a3281d0d2a5bb9ff75b7da7631405ce02dda1389cbad1e1ad9ebef4abc8f9563600ba171d53e5e47fc06e2bebd991043aacd57438064d9bc885228f3cf24f795d66f748fbba5b341b845bf110a9498eaaab8c779b5b2117a09a3d4763a3ab541a2be47bc61275eff835b8f35df0e5707626464f0988d8d40e09b4de950bb2ff4db21177b71c368b82141806ab5579bb0d2cbd8720ed86e37ae12e828c8433faaf09ba65e7759a4f9607bda11d9b7608c4b54529e4e7b3530b7d74026a6abea68d2ebe07061e6d636da7c27848301e591234c91df7670b1f03fe1dae046caa5cfaa4d22e937e9a935eedf145c529bbb1995bfa66c22eedc3f16a89da9f23d45e7b9107265406d136f190cc60ba381e4559b6e0555107aaf3ccd75f052cb4c98f7490f147533d8f38b121a24ab30cd6ab44f6355f9dc16b3d54a66109b8677f58d62e381360a75c984fef2339c2161886f20e2b1a7e509bc66ff74f432b22fd0bf6f2abca95396e17782891d08eb118505e5df603249f1e75429444fa8e6491462db0e5c0d2dc4615c658c2db3725268dea3d84d9967e9acfe05635216aa2bebe0af9c244a29faaa15f9327e01a8596678ecbf8a162962bbc72ad3b6aed4eb39a4ba93dbd0b6f71b608cc0bafc9d735c3dc278113e68762f6b0051c229f5dff581b9c559b76ac443daced143b3581a9a99edb256c2486c1831181e1d6d77b3cb53da36254120dd01c562ef509ab4f26503bf6e75a59162b896a24349c3562dc1d1b0f98d158dba762039055445ea156b289345d2ff3d07347649640b8468636fb991b685ff674dec16807750e613e7dd0fc56c38df58543dcecbc1ac899f45632b973defdb029e09321ddaeb26730f0ffe9983b4875772b1ba6371d4da978175e61187513670a838e45a0b020d41f68cbf2f3352dc710781e9ae8d7ffcd86ae73e4d1768093e1b2b6544c5755daa431595987716d9fc3b74b3b8cea9b83c5d9b0836337ceb3d"}) ioctl$VIDIOC_STREAMOFF(r11, 0x40045613, &(0x7f0000000080)=0x5) ioctl$SG_GET_TIMEOUT(r6, 0x2202, 0x0) 01:48:27 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:48:27 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6800}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 714.071527][T18896] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 714.078320][T18961] bridge_slave_0: FDB only supports static addresses [ 714.096785][T18896] CPU: 1 PID: 18896 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 714.105933][T18896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.115992][T18896] Call Trace: [ 714.119306][T18896] dump_stack+0x172/0x1f0 [ 714.123657][T18896] dump_header+0x177/0x1152 [ 714.128186][T18896] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 714.134008][T18896] ? ___ratelimit+0x2c8/0x595 [ 714.138701][T18896] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 714.144511][T18896] ? lockdep_hardirqs_on+0x418/0x5d0 [ 714.149879][T18896] ? trace_hardirqs_on+0x67/0x240 [ 714.154908][T18896] ? pagefault_out_of_memory+0x11c/0x11c [ 714.160542][T18896] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 714.166349][T18896] ? ___ratelimit+0x60/0x595 [ 714.170946][T18896] ? do_raw_spin_unlock+0x57/0x270 [ 714.176077][T18896] oom_kill_process.cold+0x10/0x15 [ 714.181194][T18896] out_of_memory+0x334/0x1340 [ 714.185885][T18896] ? lock_downgrade+0x920/0x920 [ 714.190730][T18896] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 714.196644][T18896] ? oom_killer_disable+0x280/0x280 [ 714.201850][T18896] mem_cgroup_out_of_memory+0x1d8/0x240 [ 714.207408][T18896] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 714.213037][T18896] ? do_raw_spin_unlock+0x57/0x270 [ 714.218228][T18896] ? _raw_spin_unlock+0x2d/0x50 [ 714.223071][T18896] try_charge+0xf4b/0x1440 [ 714.227487][T18896] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 714.233196][T18896] ? percpu_ref_tryget_live+0x111/0x290 [ 714.238734][T18896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.245026][T18896] ? __kasan_check_read+0x11/0x20 [ 714.250073][T18896] ? get_mem_cgroup_from_mm+0x156/0x320 [ 714.255717][T18896] mem_cgroup_try_charge+0x136/0x590 [ 714.261011][T18896] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 714.267269][T18896] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 714.272897][T18896] __handle_mm_fault+0x1e34/0x3f20 [ 714.278098][T18896] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 714.283732][T18896] ? __kasan_check_read+0x11/0x20 [ 714.288744][T18896] handle_mm_fault+0x1b5/0x6c0 [ 714.293518][T18896] __do_page_fault+0x536/0xdd0 [ 714.298303][T18896] do_page_fault+0x38/0x590 [ 714.302831][T18896] page_fault+0x39/0x40 [ 714.306970][T18896] RIP: 0033:0x4034f2 [ 714.310848][T18896] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 a9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 c9 42 05 00 48 [ 714.330440][T18896] RSP: 002b:00007ffe6f089e30 EFLAGS: 00010246 [ 714.336503][T18896] RAX: 0000000000000000 RBX: 00000000000ae2bd RCX: 0000000000413480 [ 714.344474][T18896] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe6f08af60 [ 714.352434][T18896] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ed7940 [ 714.360412][T18896] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6f08af60 [ 714.368375][T18896] R13: 00007ffe6f08af50 R14: 0000000000000000 R15: 00007ffe6f08af60 [ 714.387247][T18896] memory: usage 844kB, limit 0kB, failcnt 174 [ 714.393370][T18896] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.418476][T18896] Memory cgroup stats for /syz5: [ 714.418579][T18896] anon 0 [ 714.418579][T18896] file 0 [ 714.418579][T18896] kernel_stack 0 [ 714.418579][T18896] slab 995328 [ 714.418579][T18896] sock 16384 [ 714.418579][T18896] shmem 28672 [ 714.418579][T18896] file_mapped 0 [ 714.418579][T18896] file_dirty 0 [ 714.418579][T18896] file_writeback 0 [ 714.418579][T18896] anon_thp 0 [ 714.418579][T18896] inactive_anon 0 [ 714.418579][T18896] active_anon 0 [ 714.418579][T18896] inactive_file 61440 [ 714.418579][T18896] active_file 0 [ 714.418579][T18896] unevictable 176128 [ 714.418579][T18896] slab_reclaimable 405504 [ 714.418579][T18896] slab_unreclaimable 589824 [ 714.418579][T18896] pgfault 24618 [ 714.418579][T18896] pgmajfault 0 [ 714.418579][T18896] workingset_refault 0 [ 714.418579][T18896] workingset_activate 0 [ 714.418579][T18896] workingset_nodereclaim 0 [ 714.418579][T18896] pgrefill 0 [ 714.418579][T18896] pgscan 0 [ 714.418579][T18896] pgsteal 0 [ 714.418579][T18896] pgactivate 0 [ 714.616651][T18896] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18896,uid=0 [ 714.671305][T18969] IPVS: ftp: loaded support on port[0] = 21 [ 714.675726][T18896] Memory cgroup out of memory: Killed process 18896 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 714.714958][ T1065] oom_reaper: reaped process 18896 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 715.070382][T18969] chnl_net:caif_netlink_parms(): no params data found [ 715.155487][T18969] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.162673][T18969] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.180809][T18969] device bridge_slave_0 entered promiscuous mode [ 715.189341][T18969] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.196701][T18969] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.204893][T18969] device bridge_slave_1 entered promiscuous mode [ 715.229332][T18969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 715.240746][T18969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.269900][T18969] team0: Port device team_slave_0 added [ 715.285974][T18969] team0: Port device team_slave_1 added [ 715.346023][T18969] device hsr_slave_0 entered promiscuous mode [ 715.384186][T18969] device hsr_slave_1 entered promiscuous mode [ 715.423906][T18969] debugfs: Directory 'hsr0' with parent '/' already present! [ 715.440303][T18969] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.447632][T18969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.455338][T18969] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.462478][T18969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 715.502287][T18969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 715.520235][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 715.528944][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.537343][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.555209][T18969] 8021q: adding VLAN 0 to HW filter on device team0 [ 715.568808][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 715.577909][T18791] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.585044][T18791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 715.612289][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 715.622639][ T9019] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.629762][ T9019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.654349][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 715.662999][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 715.672465][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 715.683197][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 715.699796][T18969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 715.713475][T18969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 715.722354][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 715.744853][T18969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 715.941952][T18981] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 715.952564][T18981] CPU: 0 PID: 18981 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 715.961713][T18981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.971878][T18981] Call Trace: [ 715.975184][T18981] dump_stack+0x172/0x1f0 [ 715.979521][T18981] dump_header+0x177/0x1152 [ 715.984042][T18981] ? pagefault_out_of_memory+0x11c/0x11c [ 715.989702][T18981] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 715.995606][T18981] ? ___ratelimit+0x60/0x595 [ 716.000202][T18981] ? do_raw_spin_unlock+0x57/0x270 [ 716.005345][T18981] oom_kill_process.cold+0x10/0x15 [ 716.010463][T18981] out_of_memory+0x334/0x1340 [ 716.015142][T18981] ? __sched_text_start+0x8/0x8 [ 716.019999][T18981] ? oom_killer_disable+0x280/0x280 [ 716.025219][T18981] mem_cgroup_out_of_memory+0x1d8/0x240 [ 716.030771][T18981] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 716.036440][T18981] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 716.042264][T18981] ? cgroup_file_notify+0x140/0x1b0 [ 716.047475][T18981] memory_max_write+0x262/0x3a0 [ 716.052346][T18981] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 716.059308][T18981] ? cgroup_file_write+0x86/0x790 [ 716.064342][T18981] cgroup_file_write+0x241/0x790 [ 716.069462][T18981] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 716.076232][T18981] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 716.081877][T18981] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 716.087516][T18981] kernfs_fop_write+0x2b8/0x480 [ 716.092377][T18981] __vfs_write+0x8a/0x110 [ 716.096717][T18981] ? kernfs_fop_open+0xd80/0xd80 [ 716.101669][T18981] vfs_write+0x268/0x5d0 [ 716.106005][T18981] ksys_write+0x14f/0x290 [ 716.110345][T18981] ? __ia32_sys_read+0xb0/0xb0 [ 716.115113][T18981] ? do_syscall_64+0x26/0x760 [ 716.119792][T18981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.125955][T18981] ? do_syscall_64+0x26/0x760 [ 716.130635][T18981] __x64_sys_write+0x73/0xb0 [ 716.135246][T18981] do_syscall_64+0xfa/0x760 [ 716.139757][T18981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.145656][T18981] RIP: 0033:0x459879 [ 716.149569][T18981] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 716.169177][T18981] RSP: 002b:00007f5223014c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 716.177593][T18981] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 716.185565][T18981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 716.195472][T18981] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 716.203733][T18981] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52230156d4 [ 716.211803][T18981] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 716.230147][T18981] memory: usage 3308kB, limit 0kB, failcnt 175 [ 716.236591][T18981] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 716.244817][T18981] Memory cgroup stats for /syz2: [ 716.245800][T18981] anon 2138112 [ 716.245800][T18981] file 102400 [ 716.245800][T18981] kernel_stack 65536 [ 716.245800][T18981] slab 856064 [ 716.245800][T18981] sock 0 [ 716.245800][T18981] shmem 45056 [ 716.245800][T18981] file_mapped 0 [ 716.245800][T18981] file_dirty 0 [ 716.245800][T18981] file_writeback 0 [ 716.245800][T18981] anon_thp 2097152 [ 716.245800][T18981] inactive_anon 131072 [ 716.245800][T18981] active_anon 2138112 [ 716.245800][T18981] inactive_file 0 [ 716.245800][T18981] active_file 0 [ 716.245800][T18981] unevictable 0 [ 716.245800][T18981] slab_reclaimable 270336 [ 716.245800][T18981] slab_unreclaimable 585728 [ 716.245800][T18981] pgfault 31416 [ 716.245800][T18981] pgmajfault 0 [ 716.245800][T18981] workingset_refault 0 [ 716.245800][T18981] workingset_activate 0 [ 716.245800][T18981] workingset_nodereclaim 0 [ 716.245800][T18981] pgrefill 33 [ 716.245800][T18981] pgscan 0 [ 716.245800][T18981] pgsteal 0 [ 716.245800][T18981] pgactivate 0 [ 716.250959][T18981] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18980,uid=0 [ 716.370508][T18981] Memory cgroup out of memory: Killed process 18980 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 716.392312][ T1065] oom_reaper: reaped process 18980 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:48:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:48:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6c00}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:29 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) 01:48:29 executing program 0: r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @bcast}, [@null, @rose, @remote, @remote, @netrom, @default, @default, @default]}, &(0x7f0000000100)=0x48) fcntl$getflags(r0, 0x3) r1 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x60000, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=0x3f, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x7, 0x2}, 0x0, 0x0, &(0x7f0000000200)={0x4, 0x3, 0x4, 0x5}, &(0x7f0000000240)=0xeec, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=0x7}}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) 01:48:29 executing program 3: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x4000, 0x0) write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00) sendfile(r0, r1, 0x0, 0x12000) write(0xffffffffffffffff, 0x0, 0x0) 01:48:29 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 716.465906][T18969] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 716.518641][T18969] CPU: 1 PID: 18969 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 716.527858][T18969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.537921][T18969] Call Trace: [ 716.541223][T18969] dump_stack+0x172/0x1f0 [ 716.546195][T18969] dump_header+0x177/0x1152 [ 716.550800][T18969] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 716.556619][T18969] ? ___ratelimit+0x2c8/0x595 [ 716.561310][T18969] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 716.567133][T18969] ? lockdep_hardirqs_on+0x418/0x5d0 [ 716.572434][T18969] ? trace_hardirqs_on+0x67/0x240 [ 716.577548][T18969] ? pagefault_out_of_memory+0x11c/0x11c [ 716.583189][T18969] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 716.589083][T18969] ? ___ratelimit+0x60/0x595 [ 716.593682][T18969] ? do_raw_spin_unlock+0x57/0x270 [ 716.598900][T18969] oom_kill_process.cold+0x10/0x15 [ 716.604020][T18969] out_of_memory+0x334/0x1340 [ 716.608704][T18969] ? lock_downgrade+0x920/0x920 01:48:30 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 716.613760][T18969] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 716.619567][T18969] ? oom_killer_disable+0x280/0x280 [ 716.624873][T18969] mem_cgroup_out_of_memory+0x1d8/0x240 [ 716.630434][T18969] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 716.636090][T18969] ? do_raw_spin_unlock+0x57/0x270 [ 716.641213][T18969] ? _raw_spin_unlock+0x2d/0x50 [ 716.646077][T18969] try_charge+0xf4b/0x1440 [ 716.650527][T18969] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 716.656175][T18969] ? percpu_ref_tryget_live+0x111/0x290 [ 716.661742][T18969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.668048][T18969] ? __kasan_check_read+0x11/0x20 [ 716.673104][T18969] ? get_mem_cgroup_from_mm+0x156/0x320 [ 716.678689][T18969] mem_cgroup_try_charge+0x136/0x590 [ 716.683998][T18969] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 716.690369][T18969] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 716.696373][T18969] wp_page_copy+0x41e/0x1600 [ 716.703240][T18969] ? find_held_lock+0x35/0x130 [ 716.708202][T18969] ? follow_pfn+0x2a0/0x2a0 [ 716.712723][T18969] ? lock_downgrade+0x920/0x920 [ 716.717601][T18969] ? swp_swapcount+0x540/0x540 [ 716.722384][T18969] ? __kasan_check_read+0x11/0x20 [ 716.727420][T18969] ? do_raw_spin_unlock+0x57/0x270 [ 716.732547][T18969] do_wp_page+0x499/0x14d0 [ 716.737074][T18969] ? finish_mkwrite_fault+0x570/0x570 [ 716.742490][T18969] __handle_mm_fault+0x22f1/0x3f20 [ 716.747631][T18969] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 716.753400][T18969] ? __kasan_check_read+0x11/0x20 [ 716.760909][T18969] handle_mm_fault+0x1b5/0x6c0 [ 716.765876][T18969] __do_page_fault+0x536/0xdd0 [ 716.770675][T18969] do_page_fault+0x38/0x590 [ 716.775201][T18969] page_fault+0x39/0x40 [ 716.779365][T18969] RIP: 0033:0x430956 [ 716.783268][T18969] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 716.802880][T18969] RSP: 002b:00007ffe67cbf820 EFLAGS: 00010206 [ 716.808959][T18969] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 716.816946][T18969] RDX: 00005555569a9930 RSI: 00005555569b1970 RDI: 0000000000000003 [ 716.824926][T18969] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555569a8940 [ 716.832911][T18969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 716.840894][T18969] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 716.850037][ T26] audit: type=1800 audit(1567129710.031:138): pid=18987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16529 res=0 [ 716.871287][T18969] memory: usage 964kB, limit 0kB, failcnt 183 [ 716.877637][T18969] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 716.884620][T18969] Memory cgroup stats for /syz2: [ 716.884788][T18969] anon 0 [ 716.884788][T18969] file 102400 [ 716.884788][T18969] kernel_stack 65536 [ 716.884788][T18969] slab 856064 [ 716.884788][T18969] sock 0 [ 716.884788][T18969] shmem 45056 [ 716.884788][T18969] file_mapped 0 [ 716.884788][T18969] file_dirty 0 [ 716.884788][T18969] file_writeback 0 [ 716.884788][T18969] anon_thp 0 [ 716.884788][T18969] inactive_anon 131072 [ 716.884788][T18969] active_anon 0 [ 716.884788][T18969] inactive_file 0 [ 716.884788][T18969] active_file 0 [ 716.884788][T18969] unevictable 0 [ 716.884788][T18969] slab_reclaimable 270336 [ 716.884788][T18969] slab_unreclaimable 585728 [ 716.884788][T18969] pgfault 31449 [ 716.884788][T18969] pgmajfault 0 [ 716.884788][T18969] workingset_refault 0 [ 716.884788][T18969] workingset_activate 0 [ 716.884788][T18969] workingset_nodereclaim 0 [ 716.884788][T18969] pgrefill 33 [ 716.884788][T18969] pgscan 0 [ 716.884788][T18969] pgsteal 0 [ 716.884788][T18969] pgactivate 0 [ 717.020935][T18969] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18969,uid=0 [ 717.041203][ T26] audit: type=1804 audit(1567129710.551:139): pid=18987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir829748038/syzkaller.2nMT4g/3/file0" dev="sda1" ino=16529 res=1 01:48:30 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='\x11evpts\x00', 0x0, 0x0) [ 717.074143][T18990] bridge_slave_0: FDB only supports static addresses [ 717.099809][T18969] Memory cgroup out of memory: Killed process 18969 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 717.184691][ T1065] oom_reaper: reaped process 18969 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:48:30 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0xfffffffffffffff7, 0x20102) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x2, 0x4, 0x3f, 0xfffffffffffffff9}]}) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)={0x0, r1, 0x4, 0x3}, 0x14) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000040), &(0x7f0000000140)=0x8) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 717.238668][ T26] audit: type=1800 audit(1567129710.591:140): pid=18987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16529 res=0 01:48:30 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x7400}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:30 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) [ 717.354061][ T26] audit: type=1800 audit(1567129710.751:141): pid=18987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16529 res=0 01:48:31 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='\\evpts\x00', 0x0, 0x0) [ 717.765419][T19008] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 717.784057][T19008] CPU: 1 PID: 19008 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 717.793291][T19008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 717.803362][T19008] Call Trace: [ 717.806670][T19008] dump_stack+0x172/0x1f0 [ 717.811032][T19008] dump_header+0x177/0x1152 [ 717.815553][T19008] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 717.821458][T19008] ? ___ratelimit+0x2c8/0x595 [ 717.826147][T19008] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 717.832053][T19008] ? lockdep_hardirqs_on+0x418/0x5d0 [ 717.837345][T19008] ? trace_hardirqs_on+0x67/0x240 [ 717.842372][T19008] ? pagefault_out_of_memory+0x11c/0x11c [ 717.842391][T19008] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 717.842407][T19008] ? ___ratelimit+0x60/0x595 [ 717.842426][T19008] oom_kill_process.cold+0x10/0x15 [ 717.863628][T19008] out_of_memory+0x334/0x1340 [ 717.868327][T19008] ? __sched_text_start+0x8/0x8 [ 717.873370][T19008] ? oom_killer_disable+0x280/0x280 [ 717.878595][T19008] mem_cgroup_out_of_memory+0x1d8/0x240 [ 717.884164][T19008] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 717.889820][T19008] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 717.895740][T19008] ? cgroup_file_notify+0x140/0x1b0 [ 717.900955][T19008] memory_max_write+0x262/0x3a0 [ 717.905836][T19008] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 717.912621][T19008] ? cgroup_file_write+0x86/0x790 [ 717.917671][T19008] cgroup_file_write+0x241/0x790 [ 717.922648][T19008] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 717.929439][T19008] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 717.935096][T19008] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 717.940746][T19008] kernfs_fop_write+0x2b8/0x480 [ 717.945611][T19008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 717.951871][T19008] __vfs_write+0x8a/0x110 [ 717.956211][T19008] ? kernfs_fop_open+0xd80/0xd80 [ 717.961168][T19008] vfs_write+0x268/0x5d0 [ 717.965435][T19008] ksys_write+0x14f/0x290 [ 717.970040][T19008] ? __ia32_sys_read+0xb0/0xb0 [ 717.974819][T19008] ? do_syscall_64+0x26/0x760 [ 717.979507][T19008] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 717.985592][T19008] ? do_syscall_64+0x26/0x760 [ 717.990295][T19008] __x64_sys_write+0x73/0xb0 [ 717.994895][T19008] do_syscall_64+0xfa/0x760 [ 717.999419][T19008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 718.005313][T19008] RIP: 0033:0x459879 [ 718.009304][T19008] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 718.028923][T19008] RSP: 002b:00007f43aa866c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 718.037356][T19008] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 718.045340][T19008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 718.053325][T19008] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 718.061577][T19008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43aa8676d4 [ 718.069584][T19008] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 718.090588][T19008] memory: usage 4048kB, limit 0kB, failcnt 166 [ 718.099526][T19008] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 718.108428][T19008] Memory cgroup stats for /syz3: [ 718.110417][T19008] anon 2285568 [ 718.110417][T19008] file 192512 [ 718.110417][T19008] kernel_stack 65536 [ 718.110417][T19008] slab 1703936 [ 718.110417][T19008] sock 0 [ 718.110417][T19008] shmem 12288 [ 718.110417][T19008] file_mapped 0 [ 718.110417][T19008] file_dirty 135168 [ 718.110417][T19008] file_writeback 0 [ 718.110417][T19008] anon_thp 2097152 [ 718.110417][T19008] inactive_anon 135168 [ 718.110417][T19008] active_anon 2211840 [ 718.110417][T19008] inactive_file 81920 [ 718.110417][T19008] active_file 0 [ 718.110417][T19008] unevictable 0 [ 718.110417][T19008] slab_reclaimable 540672 [ 718.110417][T19008] slab_unreclaimable 1163264 [ 718.110417][T19008] pgfault 25806 [ 718.110417][T19008] pgmajfault 0 [ 718.110417][T19008] workingset_refault 0 [ 718.110417][T19008] workingset_activate 0 [ 718.110417][T19008] workingset_nodereclaim 0 [ 718.110417][T19008] pgrefill 33 [ 718.110417][T19008] pgscan 254 [ 718.110417][T19008] pgsteal 220 [ 718.110417][T19008] pgactivate 0 [ 718.233853][T19008] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=19006,uid=0 [ 718.251300][T19008] Memory cgroup out of memory: Killed process 19006 (syz-executor.3) total-vm:72576kB, anon-rss:2192kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 718.279102][ T1065] oom_reaper: reaped process 19006 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 718.338020][T19007] bridge_slave_0: FDB only supports static addresses 01:48:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:48:31 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) flistxattr(r0, &(0x7f0000000080)=""/119, 0x77) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 01:48:31 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='d%vpts\x00', 0x0, 0x0) 01:48:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x7a00}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:31 executing program 3: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 718.486842][T18893] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 718.536230][T18893] CPU: 1 PID: 18893 Comm: syz-executor.3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 718.545385][T18893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 718.555449][T18893] Call Trace: [ 718.558764][T18893] dump_stack+0x172/0x1f0 [ 718.563201][T18893] dump_header+0x177/0x1152 [ 718.567734][T18893] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 718.573565][T18893] ? ___ratelimit+0x2c8/0x595 [ 718.578289][T18893] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 718.584285][T18893] ? lockdep_hardirqs_on+0x418/0x5d0 [ 718.589592][T18893] ? trace_hardirqs_on+0x67/0x240 [ 718.594892][T18893] ? pagefault_out_of_memory+0x11c/0x11c [ 718.600560][T18893] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 718.606476][T18893] ? ___ratelimit+0x60/0x595 [ 718.611079][T18893] ? do_raw_spin_unlock+0x57/0x270 [ 718.616200][T18893] oom_kill_process.cold+0x10/0x15 [ 718.621400][T18893] out_of_memory+0x334/0x1340 [ 718.626172][T18893] ? lock_downgrade+0x920/0x920 [ 718.631032][T18893] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 718.636843][T18893] ? oom_killer_disable+0x280/0x280 [ 718.642060][T18893] mem_cgroup_out_of_memory+0x1d8/0x240 [ 718.647678][T18893] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 718.653317][T18893] ? do_raw_spin_unlock+0x57/0x270 [ 718.658547][T18893] ? _raw_spin_unlock+0x2d/0x50 [ 718.663429][T18893] try_charge+0xf4b/0x1440 [ 718.667936][T18893] ? __lock_acquire+0x880/0x4a00 [ 718.672984][T18893] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 718.678703][T18893] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 718.684850][T18893] ? cache_grow_begin+0x122/0xd20 [ 718.689863][T18893] ? find_held_lock+0x35/0x130 [ 718.694769][T18893] ? cache_grow_begin+0x122/0xd20 [ 718.707031][T18893] __memcg_kmem_charge_memcg+0x71/0xf0 [ 718.712549][T18893] ? memcg_kmem_put_cache+0x50/0x50 [ 718.717752][T18893] ? __kasan_check_read+0x11/0x20 [ 718.722763][T18893] cache_grow_begin+0x629/0xd20 [ 718.727616][T18893] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 718.733338][T18893] ? mempolicy_slab_node+0x139/0x390 [ 718.738634][T18893] fallback_alloc+0x1fd/0x2d0 [ 718.744274][T18893] ____cache_alloc_node+0x1bc/0x1d0 [ 718.749576][T18893] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 718.755833][T18893] kmem_cache_alloc_node+0xe3/0x740 [ 718.763252][T18893] ? lockdep_hardirqs_on+0x418/0x5d0 [ 718.769875][T18893] ? trace_hardirqs_on+0x67/0x240 [ 718.775087][T18893] copy_process+0x44c4/0x6830 [ 718.779780][T18893] ? __kasan_check_read+0x11/0x20 [ 718.784799][T18893] ? __kasan_check_read+0x11/0x20 [ 718.789820][T18893] ? __lock_acquire+0x16f2/0x4a00 [ 718.794873][T18893] ? __cleanup_sighand+0x60/0x60 [ 718.799803][T18893] ? __might_fault+0x12b/0x1e0 [ 718.804563][T18893] ? __might_fault+0x12b/0x1e0 [ 718.809331][T18893] _do_fork+0x146/0xfa0 [ 718.813494][T18893] ? copy_init_mm+0x20/0x20 [ 718.817995][T18893] ? __kasan_check_read+0x11/0x20 [ 718.823013][T18893] ? _copy_to_user+0x118/0x160 [ 718.827784][T18893] __x64_sys_clone+0x1ab/0x270 [ 718.832545][T18893] ? __ia32_sys_vfork+0xd0/0xd0 [ 718.837390][T18893] ? do_syscall_64+0x26/0x760 [ 718.842077][T18893] ? lockdep_hardirqs_on+0x418/0x5d0 [ 718.847474][T18893] ? trace_hardirqs_on+0x67/0x240 [ 718.852512][T18893] do_syscall_64+0xfa/0x760 [ 718.857220][T18893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 718.863120][T18893] RIP: 0033:0x457e4a [ 718.867113][T18893] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 718.886801][T18893] RSP: 002b:00007ffe222a01b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 718.895212][T18893] RAX: ffffffffffffffda RBX: 00007ffe222a01b0 RCX: 0000000000457e4a [ 718.903186][T18893] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 718.911153][T18893] RBP: 00007ffe222a01f0 R08: 0000000000000001 R09: 000055555584a940 [ 718.919144][T18893] R10: 000055555584ac10 R11: 0000000000000246 R12: 0000000000000001 [ 718.927279][T18893] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe222a0240 [ 718.945378][T18893] memory: usage 1700kB, limit 0kB, failcnt 182 [ 718.951584][T18893] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 718.959098][T18893] Memory cgroup stats for /syz3: [ 718.959209][T18893] anon 16384 [ 718.959209][T18893] file 192512 [ 718.959209][T18893] kernel_stack 0 [ 718.959209][T18893] slab 1703936 [ 718.959209][T18893] sock 0 [ 718.959209][T18893] shmem 12288 [ 718.959209][T18893] file_mapped 0 [ 718.959209][T18893] file_dirty 135168 [ 718.959209][T18893] file_writeback 0 [ 718.959209][T18893] anon_thp 0 [ 718.959209][T18893] inactive_anon 135168 [ 718.959209][T18893] active_anon 16384 [ 718.959209][T18893] inactive_file 81920 [ 718.959209][T18893] active_file 0 [ 718.959209][T18893] unevictable 0 [ 718.959209][T18893] slab_reclaimable 540672 [ 718.959209][T18893] slab_unreclaimable 1163264 [ 718.959209][T18893] pgfault 25839 [ 718.959209][T18893] pgmajfault 0 [ 718.959209][T18893] workingset_refault 0 [ 718.959209][T18893] workingset_activate 0 [ 718.959209][T18893] workingset_nodereclaim 0 [ 718.959209][T18893] pgrefill 33 [ 718.959209][T18893] pgscan 254 [ 718.959209][T18893] pgsteal 220 [ 718.959209][T18893] pgactivate 0 [ 719.068871][T18893] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18893,uid=0 [ 719.085045][T18893] Memory cgroup out of memory: Killed process 18893 (syz-executor.3) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 719.110479][T19029] bridge_slave_0: FDB only supports static addresses [ 719.111365][ T1065] oom_reaper: reaped process 18893 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 719.537875][T19034] IPVS: ftp: loaded support on port[0] = 21 [ 719.767620][T19034] chnl_net:caif_netlink_parms(): no params data found [ 719.803002][T19034] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.810242][T19034] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.819265][T19034] device bridge_slave_0 entered promiscuous mode [ 719.827802][T19034] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.835388][T19034] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.843092][T19034] device bridge_slave_1 entered promiscuous mode [ 719.850559][ T21] device bridge_slave_1 left promiscuous mode [ 719.861123][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.914974][ T21] device bridge_slave_0 left promiscuous mode [ 719.921279][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.884233][ T21] device hsr_slave_0 left promiscuous mode [ 721.953766][ T21] device hsr_slave_1 left promiscuous mode [ 722.035970][ T21] team0 (unregistering): Port device team_slave_1 removed [ 722.050353][ T21] team0 (unregistering): Port device team_slave_0 removed [ 722.062925][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 722.100912][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 722.199143][ T21] bond0 (unregistering): Released all slaves [ 722.319707][T19034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.331443][T19034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.351980][T19034] team0: Port device team_slave_0 added [ 722.361018][T19034] team0: Port device team_slave_1 added [ 722.437056][T19034] device hsr_slave_0 entered promiscuous mode [ 722.474138][T19034] device hsr_slave_1 entered promiscuous mode [ 722.513718][T19034] debugfs: Directory 'hsr0' with parent '/' already present! [ 722.644837][T19034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 722.661258][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 722.673394][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 722.682009][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 722.693927][T19034] 8021q: adding VLAN 0 to HW filter on device team0 [ 722.706522][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 722.716087][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 722.725952][T13410] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.733118][T13410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 722.757182][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 722.767822][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 722.777275][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 722.787773][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.794895][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 722.805241][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 722.815217][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 722.839173][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 722.847933][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 722.861925][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 722.875431][T13410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 722.899019][T19034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 722.942098][T19034] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.198735][T19042] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 723.209444][T19042] CPU: 1 PID: 19042 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 723.218554][T19042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.228615][T19042] Call Trace: [ 723.231915][T19042] dump_stack+0x172/0x1f0 [ 723.236344][T19042] dump_header+0x177/0x1152 [ 723.240855][T19042] ? pagefault_out_of_memory+0x11c/0x11c [ 723.246489][T19042] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 723.252298][T19042] ? ___ratelimit+0x60/0x595 [ 723.256881][T19042] ? do_raw_spin_unlock+0x57/0x270 [ 723.261995][T19042] oom_kill_process.cold+0x10/0x15 [ 723.267107][T19042] out_of_memory+0x334/0x1340 [ 723.271787][T19042] ? retint_kernel+0x2b/0x2b [ 723.276384][T19042] ? oom_killer_disable+0x280/0x280 [ 723.281588][T19042] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 723.287308][T19042] mem_cgroup_out_of_memory+0x1d8/0x240 [ 723.292855][T19042] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 723.298494][T19042] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 723.304303][T19042] ? cgroup_file_notify+0x140/0x1b0 [ 723.309511][T19042] memory_max_write+0x262/0x3a0 [ 723.314364][T19042] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 723.321121][T19042] ? lock_acquire+0x20b/0x410 [ 723.325795][T19042] ? kernfs_get_active+0x187/0x240 [ 723.330910][T19042] cgroup_file_write+0x241/0x790 [ 723.335849][T19042] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 723.342609][T19042] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 723.348248][T19042] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 723.353880][T19042] kernfs_fop_write+0x2b8/0x480 [ 723.358729][T19042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.364969][T19042] __vfs_write+0x8a/0x110 [ 723.369302][T19042] ? kernfs_fop_open+0xd80/0xd80 [ 723.374239][T19042] vfs_write+0x268/0x5d0 [ 723.378481][T19042] ksys_write+0x14f/0x290 [ 723.382815][T19042] ? __ia32_sys_read+0xb0/0xb0 [ 723.387584][T19042] __x64_sys_write+0x73/0xb0 [ 723.392178][T19042] do_syscall_64+0xfa/0x760 [ 723.396685][T19042] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.402590][T19042] RIP: 0033:0x459879 [ 723.406484][T19042] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 723.426177][T19042] RSP: 002b:00007f6b50d7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 723.434585][T19042] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 723.442556][T19042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 723.450519][T19042] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 723.458658][T19042] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b50d7e6d4 [ 723.466624][T19042] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 723.481735][T19042] memory: usage 3152kB, limit 0kB, failcnt 175 [ 723.488655][T19042] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 723.496287][T19042] Memory cgroup stats for /syz5: [ 723.497713][T19042] anon 2195456 [ 723.497713][T19042] file 0 [ 723.497713][T19042] kernel_stack 65536 [ 723.497713][T19042] slab 995328 [ 723.497713][T19042] sock 16384 [ 723.497713][T19042] shmem 28672 [ 723.497713][T19042] file_mapped 0 [ 723.497713][T19042] file_dirty 0 [ 723.497713][T19042] file_writeback 0 [ 723.497713][T19042] anon_thp 2097152 [ 723.497713][T19042] inactive_anon 0 [ 723.497713][T19042] active_anon 2060288 [ 723.497713][T19042] inactive_file 61440 [ 723.497713][T19042] active_file 0 [ 723.497713][T19042] unevictable 176128 [ 723.497713][T19042] slab_reclaimable 405504 [ 723.497713][T19042] slab_unreclaimable 589824 [ 723.497713][T19042] pgfault 24684 [ 723.497713][T19042] pgmajfault 0 [ 723.497713][T19042] workingset_refault 0 [ 723.497713][T19042] workingset_activate 0 [ 723.497713][T19042] workingset_nodereclaim 0 [ 723.497713][T19042] pgrefill 0 [ 723.497713][T19042] pgscan 0 [ 723.497713][T19042] pgsteal 0 [ 723.497713][T19042] pgactivate 0 [ 723.594287][T19042] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19041,uid=0 [ 723.611451][T19042] Memory cgroup out of memory: Killed process 19041 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 723.634805][ T1065] oom_reaper: reaped process 19041 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:48:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:48:37 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:48:37 executing program 0: r0 = socket$kcm(0xa, 0x7, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={0x0, r1, 0x9, 0x1}, 0xfffffffffffffeb9) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000c80)={r0}) write$binfmt_aout(r2, &(0x7f0000000cc0)=ANY=[@ANYBLOB="08011f014f030000370000000000008010010000010000000000000000000000ba706146495bdb90c3b190095740896bc9e6c18d714610dac1ec1c2e9e05c55f6b379b799c0974dc77dc2198166711b16e173fa8740739ced56f150a37968680a4e66b8fbe02fd419db9baa94f2a08266686000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c29863a6b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100"/2679], 0xa72) r3 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x4, 0x420102) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000100)=r4, 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000bc0)={0x4000, 0x100000}) 01:48:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='d\\vpts\x00', 0x0, 0x0) 01:48:37 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0xf000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:37 executing program 3: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x0, 0x0) [ 723.898783][T19034] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 723.952415][T19034] CPU: 0 PID: 19034 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 723.961563][T19034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.971632][T19034] Call Trace: [ 723.974942][T19034] dump_stack+0x172/0x1f0 [ 723.979300][T19034] dump_header+0x177/0x1152 [ 723.983829][T19034] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 723.989679][T19034] ? ___ratelimit+0x2c8/0x595 [ 723.994384][T19034] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 724.000294][T19034] ? lockdep_hardirqs_on+0x418/0x5d0 [ 724.005606][T19034] ? trace_hardirqs_on+0x67/0x240 [ 724.010647][T19034] ? pagefault_out_of_memory+0x11c/0x11c [ 724.016301][T19034] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 724.022133][T19034] ? ___ratelimit+0x60/0x595 [ 724.026746][T19034] ? do_raw_spin_unlock+0x57/0x270 [ 724.031876][T19034] oom_kill_process.cold+0x10/0x15 [ 724.037008][T19034] out_of_memory+0x334/0x1340 [ 724.041716][T19034] ? lock_downgrade+0x920/0x920 [ 724.046589][T19034] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 724.052424][T19034] ? oom_killer_disable+0x280/0x280 [ 724.057640][T19034] mem_cgroup_out_of_memory+0x1d8/0x240 [ 724.063198][T19034] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 724.065363][T19049] bridge_slave_0: FDB only supports static addresses [ 724.068842][T19034] ? do_raw_spin_unlock+0x57/0x270 [ 724.068866][T19034] ? _raw_spin_unlock+0x2d/0x50 [ 724.081591][T19046] Unknown ioctl 1074835047 [ 724.085579][T19034] try_charge+0xf4b/0x1440 [ 724.085606][T19034] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 724.085618][T19034] ? percpu_ref_tryget_live+0x111/0x290 [ 724.085636][T19034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.085651][T19034] ? __kasan_check_read+0x11/0x20 [ 724.085668][T19034] ? get_mem_cgroup_from_mm+0x156/0x320 [ 724.085688][T19034] mem_cgroup_try_charge+0x136/0x590 [ 724.127586][T19034] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 724.133878][T19034] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 724.139523][T19034] __handle_mm_fault+0x1e34/0x3f20 [ 724.144658][T19034] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 724.150225][T19034] ? __kasan_check_read+0x11/0x20 [ 724.155273][T19034] handle_mm_fault+0x1b5/0x6c0 [ 724.160064][T19034] __do_page_fault+0x536/0xdd0 [ 724.164847][T19034] do_page_fault+0x38/0x590 [ 724.169366][T19034] page_fault+0x39/0x40 [ 724.173522][T19034] RIP: 0033:0x42fdcc [ 724.177417][T19034] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d 9a 51 64 00 77 70 89 ef [ 724.197113][T19034] RSP: 002b:00007ffef299bf90 EFLAGS: 00010202 01:48:37 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x34000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 724.203191][T19034] RAX: 0000000000000020 RBX: 0000000000715640 RCX: 0000000000458be4 [ 724.211264][T19034] RDX: 00007ffef299c080 RSI: 0000000000008030 RDI: 0000000000715640 [ 724.219339][T19034] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000555556027940 [ 724.227329][T19034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffef299d260 [ 724.235311][T19034] R13: 00007ffef299d250 R14: 0000000000000000 R15: 00007ffef299d260 [ 724.246025][T19055] Unknown ioctl 1074835047 01:48:37 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/fscreate\x00') ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f0000000180)={0xd8, "2beb754c4f8d4dada2829c7e104f2d22fe32bd6f9f4fad704e0b2cb9259e0f7e", 0x1, 0x1}) r2 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x100, 0x8000) fsetxattr$security_evm(r2, &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02be75c946973882fa"], 0xa, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x400000, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={0x0, r3, 0x10, 0x5}, 0x14) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000040)={0x2, r2}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) r4 = shmget(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) shmctl$IPC_RMID(r4, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000240)='/dev/snd/pcmC#D#p\x00', 0x101, 0x36080) [ 724.273834][T19034] memory: usage 816kB, limit 0kB, failcnt 183 [ 724.279934][T19034] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 724.343746][T19034] Memory cgroup stats for /syz5: [ 724.343890][T19034] anon 94208 [ 724.343890][T19034] file 0 [ 724.343890][T19034] kernel_stack 65536 [ 724.343890][T19034] slab 995328 [ 724.343890][T19034] sock 16384 [ 724.343890][T19034] shmem 28672 [ 724.343890][T19034] file_mapped 0 [ 724.343890][T19034] file_dirty 0 [ 724.343890][T19034] file_writeback 0 [ 724.343890][T19034] anon_thp 0 [ 724.343890][T19034] inactive_anon 0 [ 724.343890][T19034] active_anon 94208 [ 724.343890][T19034] inactive_file 61440 [ 724.343890][T19034] active_file 0 [ 724.343890][T19034] unevictable 176128 [ 724.343890][T19034] slab_reclaimable 405504 [ 724.343890][T19034] slab_unreclaimable 589824 [ 724.343890][T19034] pgfault 24684 [ 724.343890][T19034] pgmajfault 0 [ 724.343890][T19034] workingset_refault 0 [ 724.343890][T19034] workingset_activate 0 [ 724.343890][T19034] workingset_nodereclaim 0 [ 724.343890][T19034] pgrefill 0 [ 724.343890][T19034] pgscan 0 [ 724.343890][T19034] pgsteal 0 [ 724.343890][T19034] pgactivate 0 01:48:37 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='de\\pts\x00', 0x0, 0x0) [ 724.350588][T19059] bridge_slave_0: FDB only supports static addresses 01:48:38 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='dev\\ts\x00', 0x0, 0x0) 01:48:38 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x8001, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000100)={0x9c0000, 0x0, 0x8, [], &(0x7f00000000c0)={0x9a090c, 0x7, [], @value64=0x4}}) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000180)={0x7, 0x7f, 0x0, 0x4000, r0}) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000200)={0x0, 0x401}) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, r2, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0x12, 0x1, @l2={'eth', 0x3a, 'team0\x00'}}}}, ["", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) 01:48:38 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x400300}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 724.978273][T19081] bridge_slave_0: FDB only supports static addresses [ 725.034238][T19034] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19034,uid=0 [ 725.057666][T19034] Memory cgroup out of memory: Killed process 19034 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 01:48:39 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 726.211980][T19085] IPVS: ftp: loaded support on port[0] = 21 [ 726.551390][T19085] chnl_net:caif_netlink_parms(): no params data found [ 726.776162][T19085] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.783231][T19085] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.794788][T19085] device bridge_slave_0 entered promiscuous mode [ 726.803153][T19085] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.811294][T19085] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.819552][T19085] device bridge_slave_1 entered promiscuous mode [ 726.978445][T19088] IPVS: ftp: loaded support on port[0] = 21 [ 726.989502][T19085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.000791][T19085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.174369][T19085] team0: Port device team_slave_0 added [ 727.321420][T19085] team0: Port device team_slave_1 added [ 727.376806][T19085] device hsr_slave_0 entered promiscuous mode [ 727.414077][T19085] device hsr_slave_1 entered promiscuous mode [ 727.453845][T19085] debugfs: Directory 'hsr0' with parent '/' already present! [ 727.467793][ T21] device bridge_slave_1 left promiscuous mode [ 727.474557][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.514932][ T21] device bridge_slave_0 left promiscuous mode [ 727.521236][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.585957][ T21] device bridge_slave_1 left promiscuous mode [ 727.592177][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.625325][ T21] device bridge_slave_0 left promiscuous mode [ 727.631506][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.384394][ T21] device hsr_slave_0 left promiscuous mode [ 731.453806][ T21] device hsr_slave_1 left promiscuous mode [ 731.516168][ T21] team0 (unregistering): Port device team_slave_1 removed [ 731.529355][ T21] team0 (unregistering): Port device team_slave_0 removed [ 731.540767][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 731.591461][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 731.681537][ T21] bond0 (unregistering): Released all slaves [ 731.856358][ T21] device hsr_slave_0 left promiscuous mode [ 731.923721][ T21] device hsr_slave_1 left promiscuous mode [ 732.004811][ T21] team0 (unregistering): Port device team_slave_1 removed [ 732.017775][ T21] team0 (unregistering): Port device team_slave_0 removed [ 732.029629][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 732.081287][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 732.151778][ T21] bond0 (unregistering): Released all slaves [ 732.322341][T19088] chnl_net:caif_netlink_parms(): no params data found [ 732.358871][T19088] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.366252][T19088] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.374362][T19088] device bridge_slave_0 entered promiscuous mode [ 732.382346][T19088] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.389734][T19088] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.397952][T19088] device bridge_slave_1 entered promiscuous mode [ 732.421920][T19088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 732.434368][T19088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.463490][T19088] team0: Port device team_slave_0 added [ 732.474580][T19088] team0: Port device team_slave_1 added [ 732.547242][T19088] device hsr_slave_0 entered promiscuous mode [ 732.584063][T19088] device hsr_slave_1 entered promiscuous mode [ 732.633750][T19088] debugfs: Directory 'hsr0' with parent '/' already present! [ 732.649314][T19085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 732.673951][T19088] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.681005][T19088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.688377][T19088] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.695562][T19088] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.713540][T18791] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.721683][T18791] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.733118][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 732.741019][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 732.751176][T19085] 8021q: adding VLAN 0 to HW filter on device team0 [ 732.875202][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 732.894001][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 732.902383][T17538] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.909509][T17538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.924735][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 732.944405][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 732.953173][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 732.961727][T17987] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.968833][T17987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.977817][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 733.000759][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 733.009917][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 733.019320][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 733.037216][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 733.051349][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 733.060977][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 733.083533][T19085] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 733.101106][T19085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 733.120887][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 733.131361][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 733.147424][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 733.159746][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 733.173217][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 733.219297][T19085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 733.236441][T19088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 733.278219][T19088] 8021q: adding VLAN 0 to HW filter on device team0 [ 733.288835][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 733.304596][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 733.328128][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 733.337852][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 733.356915][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.364039][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 733.380325][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 733.390627][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 733.408234][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.415498][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 733.430118][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 733.439061][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 733.466976][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 733.476302][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 733.485388][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 733.495090][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 733.504585][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 733.512979][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 733.522350][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 733.531310][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 733.542672][T19088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 733.571643][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 733.607582][T19088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 733.896405][T19104] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 733.907205][T19104] CPU: 1 PID: 19104 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 733.916319][T19104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.927956][T19104] Call Trace: [ 733.931272][T19104] dump_stack+0x172/0x1f0 [ 733.935605][T19104] dump_header+0x177/0x1152 [ 733.940115][T19104] ? pagefault_out_of_memory+0x11c/0x11c [ 733.945760][T19104] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 733.951575][T19104] ? ___ratelimit+0x60/0x595 [ 733.956162][T19104] ? do_raw_spin_unlock+0x57/0x270 [ 733.961307][T19104] oom_kill_process.cold+0x10/0x15 [ 733.966519][T19104] out_of_memory+0x334/0x1340 [ 733.971198][T19104] ? __sched_text_start+0x8/0x8 [ 733.976047][T19104] ? oom_killer_disable+0x280/0x280 [ 733.981258][T19104] mem_cgroup_out_of_memory+0x1d8/0x240 [ 733.986892][T19104] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 733.992536][T19104] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 733.998347][T19104] ? cgroup_file_notify+0x140/0x1b0 [ 734.003556][T19104] memory_max_write+0x262/0x3a0 [ 734.008410][T19104] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 734.015175][T19104] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 734.020640][T19104] cgroup_file_write+0x241/0x790 [ 734.025588][T19104] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 734.032336][T19104] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 734.038041][T19104] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 734.043654][T19104] kernfs_fop_write+0x2b8/0x480 [ 734.048498][T19104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 734.054729][T19104] __vfs_write+0x8a/0x110 [ 734.059039][T19104] ? kernfs_fop_open+0xd80/0xd80 [ 734.063956][T19104] vfs_write+0x268/0x5d0 [ 734.068195][T19104] ksys_write+0x14f/0x290 [ 734.072509][T19104] ? __ia32_sys_read+0xb0/0xb0 [ 734.077273][T19104] ? do_syscall_64+0x26/0x760 [ 734.081933][T19104] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 734.087978][T19104] ? do_syscall_64+0x26/0x760 [ 734.092640][T19104] __x64_sys_write+0x73/0xb0 [ 734.097221][T19104] do_syscall_64+0xfa/0x760 [ 734.101710][T19104] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 734.107585][T19104] RIP: 0033:0x459879 [ 734.111468][T19104] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 734.131255][T19104] RSP: 002b:00007f1dc5dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 734.139647][T19104] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 734.147605][T19104] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 734.155556][T19104] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 734.163505][T19104] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1dc5dde6d4 [ 734.171464][T19104] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 734.193243][T19104] memory: usage 3288kB, limit 0kB, failcnt 184 [ 734.200078][T19104] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 734.208022][T19104] Memory cgroup stats for /syz2: [ 734.209582][T19104] anon 2056192 [ 734.209582][T19104] file 102400 [ 734.209582][T19104] kernel_stack 65536 [ 734.209582][T19104] slab 856064 [ 734.209582][T19104] sock 0 [ 734.209582][T19104] shmem 45056 [ 734.209582][T19104] file_mapped 0 [ 734.209582][T19104] file_dirty 0 [ 734.209582][T19104] file_writeback 0 [ 734.209582][T19104] anon_thp 2097152 [ 734.209582][T19104] inactive_anon 131072 [ 734.209582][T19104] active_anon 2056192 [ 734.209582][T19104] inactive_file 0 [ 734.209582][T19104] active_file 0 [ 734.209582][T19104] unevictable 0 [ 734.209582][T19104] slab_reclaimable 270336 [ 734.209582][T19104] slab_unreclaimable 585728 [ 734.209582][T19104] pgfault 31515 [ 734.209582][T19104] pgmajfault 0 [ 734.209582][T19104] workingset_refault 0 [ 734.209582][T19104] workingset_activate 0 [ 734.209582][T19104] workingset_nodereclaim 0 [ 734.209582][T19104] pgrefill 33 [ 734.209582][T19104] pgscan 0 [ 734.209582][T19104] pgsteal 0 [ 734.209582][T19104] pgactivate 0 [ 734.313322][T19104] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19103,uid=0 [ 734.331638][T19104] Memory cgroup out of memory: Killed process 19103 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 734.356733][ T1065] oom_reaper: reaped process 19103 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:48:48 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:48:48 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={0xffffffffffffffff}) sendto$x25(r1, &(0x7f00000001c0)="c6f78ed6b2638e60171e39959ae7932e0aadd26b0bc05f8935e162dd5f820bc48588e8136d10087ddf6da1021879d9b243fa2f7ed4c87abf934b9177129dc2bf05b7528878c73053b210eec819eb356e79f132d02d969ff1ec1300bfbddf2649f2c00e87312755551ce22965c86b4d8f499f3cc6b35de9a4280b4a827731e2da2e160f83978536ce0a5ad851087679223d6665fe7865c5f2fdafbd", 0x9b, 0x4000050, &(0x7f0000000280)={0x9, @remote={[], 0x2}}, 0x12) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000000) 01:48:48 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devp%s\x00', 0x0, 0x0) 01:48:48 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0xf0ffff}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:48 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 01:48:48 executing program 3: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) bind$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e21, @empty}}, 0x24) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000380)='asymmetric\x00i\x8dRT\xcc|\rO\xe2\xbe\x95\xe2\x80}5y\xd6\xda1\xbd\x15\xddH_\xed\xe3\xae\x0e\x14\xc1\x87$\xae&\x90cPh\xb1,\x93[D\xd7\x88\x9dI^AD\xf4[3\xe17\xfa\x05\xc7\x16\x1c\x02G\xa8z\xd3\xda\xc1\xd01\x87\xbf\xdf\xe6)\\=\xc2\x15\x7fu\xf1n\xba\xb8\xdc\x80\x0f\xf8m@\xb2\x88\xce+\vXKa\xaeK\xed\x89<\x84_a\x8e\x82\x15\x9d\x9d^\x99\xa6\xbd\xbd\v\xd6\x1d\x80%#}\xaeDZa\xb9\x01\xff\xca\xf5\xc5\\F)F]\xc0\xfe\xd9\xff\xc79\x86\x01\xf9\xf1\x00\x80\x00\x00\x00\x00\x00\x00\x19@\xd7\x1ds\b4\x98U\x17Od\xaa\x98\x1cu\x13\x1c<\x01 \xe5\xf6\x8b\xe6C\x99\xe4\xc5\xf5v\x98{\xce\xc40N\x03\xcb\xffh\xf2h0xffffffffffffffff}) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) sendmsg$rds(r1, &(0x7f0000000800)={&(0x7f0000000140)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000180)=""/13, 0xd}, {&(0x7f00000001c0)=""/123, 0x7b}, {&(0x7f0000000240)=""/144, 0x90}, {&(0x7f0000000300)=""/206, 0xce}, {&(0x7f0000000400)=""/234, 0xea}, {&(0x7f0000000500)=""/134, 0x86}], 0x6, &(0x7f0000000740)=[@rdma_dest={0x18, 0x114, 0x2, {0x5, 0x8}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000640)=""/90, 0x5a}, &(0x7f00000006c0), 0x1316751563381157}}, @cswp={0x58, 0x114, 0x7, {{0x0, 0x101}, &(0x7f0000000700)=0x5, 0x0, 0x7, 0x0, 0x2, 0x3, 0x8, 0x1f}}], 0xa0, 0x10}, 0x4000) bind$ax25(r1, &(0x7f00000000c0)={{0x3, @default, 0x3}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48) [ 734.806091][T19088] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 734.806106][T19088] ? ___ratelimit+0x60/0x595 [ 734.806122][T19088] ? do_raw_spin_unlock+0x57/0x270 [ 734.832232][T19088] oom_kill_process.cold+0x10/0x15 [ 734.832249][T19088] out_of_memory+0x334/0x1340 [ 734.832265][T19088] ? lock_downgrade+0x920/0x920 [ 734.832285][T19088] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 734.852796][T19088] ? oom_killer_disable+0x280/0x280 [ 734.858019][T19088] mem_cgroup_out_of_memory+0x1d8/0x240 [ 734.863583][T19088] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 734.869236][T19088] ? do_raw_spin_unlock+0x57/0x270 [ 734.874358][T19088] ? _raw_spin_unlock+0x2d/0x50 [ 734.879229][T19088] try_charge+0xf4b/0x1440 [ 734.883654][T19088] ? __lock_acquire+0x880/0x4a00 [ 734.888601][T19088] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 734.894147][T19088] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 734.900145][T19088] ? cache_grow_begin+0x122/0xd20 [ 734.905180][T19088] ? find_held_lock+0x35/0x130 [ 734.909954][T19088] ? cache_grow_begin+0x122/0xd20 [ 734.915002][T19088] __memcg_kmem_charge_memcg+0x71/0xf0 [ 734.920480][T19088] ? memcg_kmem_put_cache+0x50/0x50 [ 734.928161][T19088] ? __kasan_check_read+0x11/0x20 [ 734.933380][T19088] cache_grow_begin+0x629/0xd20 [ 734.938252][T19088] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 734.944064][T19088] ? mempolicy_slab_node+0x139/0x390 [ 734.949351][T19088] fallback_alloc+0x1fd/0x2d0 [ 734.954032][T19088] ____cache_alloc_node+0x1bc/0x1d0 [ 734.959238][T19088] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 01:48:48 executing program 0: r0 = socket$kcm(0xa, 0x7, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000180)={0x0, 0x4, 0x0, 0x100}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x40, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000000c0)=0x4020, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 734.965506][T19088] kmem_cache_alloc+0x1ef/0x710 [ 734.970379][T19088] ? stack_trace_save+0xac/0xe0 [ 734.975251][T19088] __alloc_file+0x27/0x340 [ 734.979669][T19088] alloc_empty_file+0x72/0x170 [ 734.984480][T19088] path_openat+0xef/0x46d0 [ 734.988902][T19088] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 734.994714][T19088] ? kasan_slab_alloc+0xf/0x20 [ 734.999482][T19088] ? kmem_cache_alloc+0x121/0x710 [ 735.004509][T19088] ? getname_flags+0xd6/0x5b0 [ 735.009187][T19088] ? getname+0x1a/0x20 [ 735.013261][T19088] ? do_sys_open+0x2c9/0x5d0 [ 735.017858][T19088] ? __x64_sys_open+0x7e/0xc0 [ 735.022544][T19088] ? __kasan_check_read+0x11/0x20 [ 735.027576][T19088] ? mark_lock+0xc2/0x1220 [ 735.031999][T19088] ? __kasan_check_read+0x11/0x20 [ 735.037037][T19088] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 735.042420][T19088] ? __alloc_fd+0x487/0x620 [ 735.046960][T19088] do_filp_open+0x1a1/0x280 [ 735.051484][T19088] ? may_open_dev+0x100/0x100 [ 735.056172][T19088] ? lock_downgrade+0x920/0x920 [ 735.061031][T19088] ? rwlock_bug.part.0+0x90/0x90 [ 735.065985][T19088] ? __kasan_check_read+0x11/0x20 [ 735.071020][T19088] ? do_raw_spin_unlock+0x57/0x270 [ 735.076137][T19088] ? _raw_spin_unlock+0x2d/0x50 [ 735.081077][T19088] ? __alloc_fd+0x487/0x620 [ 735.085595][T19088] do_sys_open+0x3fe/0x5d0 [ 735.090019][T19088] ? filp_open+0x80/0x80 [ 735.094261][T19088] ? __detach_mounts+0x2a0/0x2a0 [ 735.099209][T19088] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 735.104719][T19088] ? do_syscall_64+0x26/0x760 [ 735.109403][T19088] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.115481][T19088] ? do_syscall_64+0x26/0x760 01:48:48 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$rose(r1, 0x104, 0x0, &(0x7f0000000080), &(0x7f00000000c0)=0x4) [ 735.120176][T19088] __x64_sys_open+0x7e/0xc0 [ 735.124691][T19088] do_syscall_64+0xfa/0x760 [ 735.129205][T19088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.135095][T19088] RIP: 0033:0x4577f0 [ 735.138990][T19088] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 735.158598][T19088] RSP: 002b:00007ffd4af113b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 01:48:48 executing program 3: r0 = memfd_create(&(0x7f0000000040)='&lo(#securitylo\x00', 0x8000000004) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x5011, r0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x800, 0x0) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0x12) ftruncate(r0, 0x0) [ 735.167017][T19088] RAX: ffffffffffffffda RBX: 00000000000b329c RCX: 00000000004577f0 [ 735.175001][T19088] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffd4af12590 [ 735.183074][T19088] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557349940 [ 735.191057][T19088] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd4af12590 [ 735.199036][T19088] R13: 00007ffd4af12580 R14: 0000000000000000 R15: 00007ffd4af12590 01:48:48 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x1000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:48 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x200, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x40081271, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x2) [ 735.284671][T19088] memory: usage 952kB, limit 0kB, failcnt 196 [ 735.301383][T19088] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 735.322829][T19088] Memory cgroup stats for /syz2: [ 735.322944][T19088] anon 0 [ 735.322944][T19088] file 102400 [ 735.322944][T19088] kernel_stack 0 [ 735.322944][T19088] slab 856064 [ 735.322944][T19088] sock 0 [ 735.322944][T19088] shmem 45056 [ 735.322944][T19088] file_mapped 0 [ 735.322944][T19088] file_dirty 0 [ 735.322944][T19088] file_writeback 0 [ 735.322944][T19088] anon_thp 0 [ 735.322944][T19088] inactive_anon 131072 [ 735.322944][T19088] active_anon 0 [ 735.322944][T19088] inactive_file 0 [ 735.322944][T19088] active_file 0 [ 735.322944][T19088] unevictable 0 [ 735.322944][T19088] slab_reclaimable 270336 [ 735.322944][T19088] slab_unreclaimable 585728 [ 735.322944][T19088] pgfault 31515 [ 735.322944][T19088] pgmajfault 0 [ 735.322944][T19088] workingset_refault 0 [ 735.322944][T19088] workingset_activate 0 [ 735.322944][T19088] workingset_nodereclaim 0 [ 735.322944][T19088] pgrefill 33 [ 735.322944][T19088] pgscan 0 [ 735.322944][T19088] pgsteal 0 [ 735.322944][T19088] pgactivate 0 [ 735.440977][T19140] bridge_slave_0: FDB only supports static addresses [ 735.591192][T19088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19088,uid=0 [ 735.613487][T19088] Memory cgroup out of memory: Killed process 19088 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 735.639319][ T1065] oom_reaper: reaped process 19088 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:48:49 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:48:49 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devp\\s\x00', 0x0, 0x0) 01:48:49 executing program 0: fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0xffffffffffffffff}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000001c0)={0x0, 0x0, 0x7f}) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000200)={0x0, 0x0, 0x9}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000240)={r2, r3, 0x7}) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000100)='trusted.overlay.origin\x00', &(0x7f0000000140)='y\x00', 0x2, 0x2) 01:48:49 executing program 3: openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r1 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x0, 0x0) write$UHID_INPUT(r0, &(0x7f00000002c0)={0x8, "b13e1c20d1764d052a4289a71186ca09bfa7f39eb694f4602948f6585c2842ac42cb2f94b098e98f2bcd6128dab4a71d544e96e01e3a9a3548ee5f554c06d963346edb9d133e86fdd31c21e9aaffeb52f7cd63297b1fd0db1845e12bda3ce00f0cca0e6ac9c42a61e687c24c0553b408359c86c7bfd7a30944ac327f982b011258e85ee00f050c38e73199d07b72b225a96ab0fb5a9ea944a233e46cd4c25aaa0fe04bd9b3203f61a06c8f094563ffa0078e50248ce1acebc03c75069eb1cb20ebbe30ec063f9ebc45290dc4f8b56ebb08d32e4df04785fd385029f766a0b96db6a1b6615de63393fe97082c076a7170d2b1c06ce0627d6acae850c2b95f38b079a352f27bf6f5460078b8e597c1d3bdb5cf9e73f42eec5aea224ab44b94e18e812864faeaf770ba7471f99b07d41d573d1d4c3833fb4410ea36d710bfa66ccdb14a1927a678f873b023e82c341a43704adb37242a67b2a46d02ab7aee23cf3030a2f3dd58eece667b6e9393ee8d36649e37e83b1c73c0ef65b4df6173c1c25324fbb9afa1361dc4275f152deb03d7138a688eb9dc66e7845ce1be5647bf740b0e1dd038120ef1e3e1cf420cf8b723bef771376e433935e4f9096a10c4a969aceaac4791c41f365b274dab49bddf51b22a24c05ceaedcbf45febc927e98f410d38247d7679cee7b0d3041eaebd7821924ad31e7c5137bf87ce1ec537a981779f0a4c57bbbb5c641cfd02e1e3904f48b0be96fc9851b6bc8c4260168eea9d9d111e2777f78a9021d5eb0166e39410bf279656770263ca2fb7ac0e30d5e168f8cf4bc5665d057da939b770568e41d0fcec5d6aac0bf4ae66fb099b786cdce7f6a9bc00b83d8ed72440a9724d4ef8af71c7efbc31397930cdcb99d30502ecbcc7ddb9161ade16a1badbd7ea3c6c65b387b46234c4660c816506a2f76264bba07ecb685532116bd971464b58e3ea0a29c2fa1d49d9c6308806db01326e9a1b6bbb556f6479b29f48718e211d75f08d0fb477ad8dae5aeaad7e176b2c5ae331ef78212e9dd7e506549dc74ffd940dc91d74aee2fa7f28855919c163f443804e2a072ad8add2be84df87e414afcab0f8e6f67d3ebb1778a6798d50233da09d29b95c0da97304b7a025e50a7c89e614c63bc69477bfe0e5ae2c468332d134f9e22b19eb2f01c8e8d5148b9b980f8b9aa0cab9ba89aafe16d6a8cf9cb5ae659d8fba88e2841f3d6ac0c44dd9f03787d357fe31a4f551e247bfb73b1f2aa1e208c36aa90dcfc4da8877967c05fe951716ec2293d79c6083e79061bbe18150e2af1d889bb4e87c7735b0e7b88a3109a906d1bd4bf9b98c2462420ecc4e9f3a274a6678bc56e9aa7f3d64677141f874f35d00d04a1dc83126ccd69a0221305a3a5418ec24e163b165c1e4533c38f3d213de4012aece68ed11e2f42325d6da5eef78ee985f81a7991e3d1ff69188059c292779579418ef81177fa94b43cdd0fbf92d31f0fb592a864ddc98ddd5b49ece865e7c7a6c873169d0eea46c1a44f645b1cfa40849ffb9f5355ab396dc1a875180f17103be63be4e7d1920949c59ba5d47341c176ac307e165b9733ac5cd9e9691f5ecd76b467881b78f217d50903a06c57270f4104fd26d496dd7e08c27209185761882923f6447c73d53a74e28132e6bf97ee4f2df9d03be88653a9a7251d8df247f1a75f91f95886ce317e3c125aa7686eec86708fa72c9b33a664e76c0ed891ff9d840ac121ae3f96d32330a14fd76df19c7ae0434e2103d6e9175da0b6cc7a007a0a18615271771434959de305636cf7fbfdd16239bff7dbc656a702ebd48f9a2b1937cca80604ec525d292bb7337459235ad047c6933b6c81bd966ea60ec863de568a9e6d8e0378916f441e0f8b2b74df49b9b24094fd643413469428a537aed19b72bf9381ebab4cd57400ecad1cf1b792e9610910d02f9a779b009840e3f1a1395a87f1e590c33018be80a3f34bbaf49e415ba7d3858b40788cd19211b8cad3789870fb252f8991d64bff9558a67a2316ec2402c2f9c52de42e6389fc90bc4379f7b899b1a943035d64f20b7766edf08fdfa185d00493031f0d3f9ad7dce841f725c5adcba896a76857918a2f54c8aa2e50f71eda35b8fea3732a02c146201ad9f4b65b7caa09e2a73f72aee1ce428a35489038d5cc859fbd48be8da5d088ccab897a248fe418b89b409ab5507af725f077d264abec5b53667ca06aed03815dd537535a3360a50ca3d09c025b5057362c7cb5a4b99c58ac64fe813f4d7f2cafbc3048835ec43fa68170ec7310342134c9b5ec417763db145555cdd37f24b27b0911d172710b74d3c754aac02b24030166cbf2eccfaf1e909b629b7919db1351cd0167e8b6bddc5ce4b7e13cbf0c095f636427d440d058e7637eb117947fc6a60942d10bd455030ee38fc447fd3e6232efba65def558dcff60274e6b2ad62464b4f767bcfec22c681c12bdabf1fedc3946f45c9a34a9169f79ea60a9d190dcf1ce14957382af602dd134b610b269247f38c3d4e233f2fda399dc4cf09139cff9e9c731f8bf940df3cbdf9355f604bd0f3d3b20a6cfc39a7d9ff74f734750187b30c1a970a432bf7e9417cc87d8dea00c4e1885845e1a59bc6a5487687c5bca514e9dcf372bcdc0fe4a47f3e4ac456b1a812e69f88b2a8a964d946cc102ba6f3a7c965df24653c6384d810cf157c8581d4b40e874aded8d227a25fab9889f02698bf52980f048408de4a96226949eba5d1b7f41fce61ae1ff9388e096646ddda4c222f7b9bffc1d3e5b645b6e248637698f6a5be1dc03ff7aa9f418153beeef9b9d67ac5b6fc888e5adf0db41a6d5cac2b600af3b428a1294f4fdb4cf64ccc254c1c7ef71b9be3afceb797fc9504bc3f3dde217687d47cd445c44bea2b16eacae76f16d868b77065b189bd7c4678f3a5fc99b4d020d42972d010b7a6b22de46b434f2d8ec4f567af2d531817ec81ffa36cc27d073a66d2152f1be2a8dce08e98a00f473f22e680cf0ebdcf37936cee60f99eec69503a15d8e36f8d599b535021693fb52f9dc93e315d6e849bd4bf9d05fb25f0b09de91b73ca4edfbfa04d9262d449eab2be542ea30f316384609efc52ed641a9e32d48e4a57c65e8bfa5c13e769d5402a0b125c17360800bf0da8592a75abe647f1d9b1072942947da82e701308b60ecdcfd40d7b6cf44b443493ef0466790547c0a8e5914484969e52cba3787c41df965f91ed7074cd62a63db7e1c35b8f9ac30521295ae7b9c81143926f1dd36aefdfbcd7056b0d4209cabe113a18c58ecc062df687666725707029a8be3ef5721484bd429bab33fceb76c6a0f079da8819d0d9565f5e4ed45eb531f9501b85b619b5323169b0297b7cedcf6f288225dd5e6a7f52c1b96cd38dd94b2f6b8cfc6dbd7862901a5295dca5ecbae72344f41c4a222bd6711831d265b910d547501116bcfbf3c9e104b446175c4c8a4e56445ca22f9363f0f54858a8eb4a1c43103bca578c5b0ee372efd705a950510dbbfa4f74c8ddb4bbc1f07dd410ebb39c01f4da8a0bad2d3d35df3a12a9fa2daf44c8163d59aba8a7351ecc9fe4cd25b987dba700e73d7174307161adf70db0e7a802d7c9ec1b912ee58b0a35c2c6f40f112d70ab5aa708071379280c9ffbceaf0a4ec45c89ac0bf3ef40538302b685e24574da8bde8654e99eff66c9ad5e6beafa0e48e1c293c53d955980346cbc052d15e5d1f3baed388dfaa72ca089af06ae757466a704b93a0ff13cb5c722f0b872432a4fd4513ed56825b13ddd4d8c02eb624c8358199f52679421ab0e1792869f6b4aea523a1079b3138f1ef761c6df102096eff43ddb23ee668b9cc5161433feb318903b58387c3dae2833a8c770e7c6e27c31a1fca07377fbb07f11911be6192f7518a8d089b89826e48b28f5c8a00784bef9b2f68c90838eb2c9fcaeda4bb76782510082c977a7ecdd5743e9da8f088a3b67a25cfb25db4a709b6cbf5425e7efa8c2e472464606d9ccd2fc0f73cd1d51a5aa19d9caba10be2147f8e1ad763ba45693f9f078b0716cf588142be847ca67dc132c5782fed12b7d95c55a9bcfdfb85cb48698a45621cc2f1c85559617ece7def71486290b0cf8e987e8788e1a13f17e3f24b93ed2009ebe42e3bea9571f98b39b787c107dcada3a36fa1fe93736e74ec34af80a182cf0adf2846577f1d474c9ff1b4b8a2cfe6a2d445029ca77088b9c84be63655d48cbc5f61b18d7cda0d141f2db6bc3c479aa6ca19638e2c37da38768eb8820e5679345d2abe8033318eb952e297e17dacaaee3df7ef1d6cd554e9b1b453c44e3d4e030e25c5f9ed094100f6d9b1dc5dab371436ab252cc4d7fdf8fe4b7f36ab71f2bbe3878217b151664c3b9ae970e473ae164d77f294ca8ad58634ea446880e8327fc7af2a088e39508443a601eaa00742a7d0ad459dcac24a60edcfa6ac9f72f428c2b8dd30b8278e28f25a1a129d23cacd765de4c4aa52819578951bb8e311e8621f627e3463e2562b6dbc8d1c431c240f1424599438b9c94723f79ffd1fa1bc94104e4598bd43244302f86ddbe47ad8671e25f406aa507ba45bdba09841827a697cece002f79ec7cf14488789d754f84818d180bd04a11cb2115441a402bea2be749ef233bcd26ca27df828ada877a893e54ea3e6ea29e62d6e7693af7cbee59ccdb4045d0e6eeec3d8f59205f324a5f7cf5f871929c83ada04bc5d3990288dca5eb312339933ffb1031e05866e1b2d0aad0ca940795458b7d6c8a3750a76e1e6c8ccd48ca542d6c51164431d70c9d35f0f828cdec404a175a44bc2a9651ec5281c0f3aee9e4375f0eb139f58fa4419fddf9ebe2f8f37121a57397e7e830ac097ed375521a68f7cdc471621b769fef40cd19d8d55a82e27bf5b0cc4182359db7c9066e2ee10df279a89e96fcfea225995f065f7f286b8c8ef9b6c82a34df14dda2f737f557578ce5b15944e3149110102d80465c1b436b6bbb16fdc64a9d130ec7644bc162f0e2c5669a9254970a062561e269d85b72b4748d71d88ca20778287bc3b9613043166862f133f366f6361b9e1d040bbcd9728a70fcf3be7ea8fe0f55980ed03f336ec49f7cb6899813acf47d3b2413e7b637b764fcb9003ece75f8a255b9cdc71f80dbbaa7eaa2111b5551feeb7ea31620a2c88897538915abedcd184d57c79d81505985f561820449c330bc3412bffb68c4c743c5a5a3acafcf00d7561a66f70e5835da530ba62f221211e1fefdc1fbc8c05b1b68b7eb2afac6ebbbc0b961b8ef8b27b555ce7641f6601ac19d5f4adb06b40155a2085ff32de5b2c5edd96a01a14d1bb49b58f1fd718bec428043819b8070e46f0215d2153318320754638d9b40a5214784e7c1f80dde05500cfe8e4dff855504e099634fb3d44829453cf4ac8db7e5a4144f96d4508de90ada04240637fd5b261cfbb80c8d9ccdea6c1d3485a85663cff9749133002c7f9c6ea4de1b50fe90dae397f6b5833e943e6c5f60e10d805e97e6869488b857b44d8c94276f668257c223e2e26dff75222d3f304f8a040ce058e1b7b3bc5f0b69c310beea64212ef0a54bc9fb858c25681cee574c532b64d4f8241e0b855f7f79d0a1ea22fc3d9ad5a1658b5c4d9d417e9eae47c81628341172609a8ef8c72fb6e4e48da6a10207e56b727f65c82d49e2dbb44b492e1265c2b28f98980334ccc3abb0cfd15d73c2f38f4c824022aa7a0ac0b7d35eea934d3455d21e8c710474e54bdf29be107ebc00", 0xa943708f26830065}, 0x1006) r2 = dup3(r1, r0, 0x0) r3 = getpid() sched_setattr(r3, 0x0, 0x0) recvmmsg(r2, &(0x7f0000007940)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/10}, {&(0x7f0000000100)=""/146}, {&(0x7f00000001c0)=""/94}], 0x0, &(0x7f0000000240)=""/78}, 0x5}, {{&(0x7f0000001300)=@generic, 0x0, &(0x7f0000002580)=[{&(0x7f0000001380)=""/205}, {&(0x7f0000001480)=""/33}, {&(0x7f00000014c0)=""/108}, {&(0x7f0000001540)=""/23}, {&(0x7f0000001580)=""/4096}], 0x0, &(0x7f0000002600)=""/103}, 0x9}, {{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000002680)=""/101}, {&(0x7f0000002700)=""/113}, {&(0x7f0000002780)=""/86}, {&(0x7f0000002800)=""/172}, {&(0x7f00000028c0)=""/156}, {&(0x7f0000002980)=""/4096}, {&(0x7f0000003980)=""/11}, {&(0x7f00000039c0)=""/136}, {&(0x7f0000003a80)=""/230}, {&(0x7f0000003b80)=""/14}], 0x0, &(0x7f0000003c80)=""/222}, 0x8001}, {{&(0x7f0000003d80)=@ipx, 0x0, &(0x7f0000003f40)=[{&(0x7f0000003e00)=""/208}, {&(0x7f0000003f00)=""/8}], 0x0, &(0x7f0000003f80)=""/246}}, {{&(0x7f0000004080)=@sco, 0x22d, &(0x7f0000005600)=[{&(0x7f0000004100)=""/115}, {&(0x7f0000004180)=""/137}, {&(0x7f0000004240)=""/255}, {&(0x7f0000004340)=""/248}, {&(0x7f0000004440)=""/68}, {&(0x7f00000044c0)=""/4096}, {&(0x7f00000054c0)=""/228}, {&(0x7f00000055c0)=""/52}], 0x0, &(0x7f0000005680)=""/92}, 0x6}, {{&(0x7f0000005700)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0, &(0x7f0000005900)=[{&(0x7f0000005780)=""/11}, {&(0x7f00000057c0)=""/67}, {&(0x7f0000005840)=""/104}, {&(0x7f00000058c0)=""/15}], 0x0, &(0x7f0000005940)=""/85}, 0x3}, {{&(0x7f00000059c0)=@isdn, 0x0, &(0x7f0000005d80)=[{&(0x7f0000005a40)=""/139}, {&(0x7f0000005b00)=""/114}, {&(0x7f0000005b80)=""/36}, {&(0x7f0000005bc0)=""/145}, {&(0x7f0000005c80)=""/160}, {&(0x7f0000005d40)=""/10}], 0x0, &(0x7f0000005e00)=""/59}, 0x9}, {{&(0x7f0000005e40)=@in={0x2, 0x0, @dev}, 0x0, &(0x7f0000007200)=[{&(0x7f0000005ec0)=""/4096}, {&(0x7f0000006ec0)=""/129}, {&(0x7f0000006f80)=""/126}, {&(0x7f0000007000)=""/226}, {&(0x7f0000007100)=""/1}, {&(0x7f0000007140)=""/190}], 0x0, &(0x7f0000007280)=""/174}, 0x9}, {{0x0, 0x0, &(0x7f0000007440)=[{&(0x7f0000007340)=""/199}]}, 0x77}, {{&(0x7f0000007480)=@x25={0x9, @remote}, 0x0, &(0x7f0000007840)=[{&(0x7f0000007500)=""/141}, {&(0x7f00000075c0)=""/56}, {&(0x7f0000007600)=""/99}, {&(0x7f0000007680)=""/250}, {&(0x7f0000007780)=""/174}], 0x0, &(0x7f00000078c0)=""/99}, 0x3}], 0x3b482cdc3b763b, 0x44000102, 0x0) [ 737.149980][T19160] IPVS: ftp: loaded support on port[0] = 21 [ 737.356890][T19160] chnl_net:caif_netlink_parms(): no params data found [ 737.539822][T19160] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.548380][T19160] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.556391][T19160] device bridge_slave_0 entered promiscuous mode [ 737.564511][T19160] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.571743][T19160] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.580130][T19160] device bridge_slave_1 entered promiscuous mode [ 737.736330][T19160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.747317][T19160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.768693][T19160] team0: Port device team_slave_0 added [ 737.776059][T19160] team0: Port device team_slave_1 added [ 737.835834][T19160] device hsr_slave_0 entered promiscuous mode [ 737.894195][T19160] device hsr_slave_1 entered promiscuous mode [ 737.943784][T19160] debugfs: Directory 'hsr0' with parent '/' already present! [ 738.107281][T19160] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.114532][T19160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.123806][T19160] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.130994][T19160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.294444][T13410] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.302353][T13410] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.331360][T19160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.492889][T19160] 8021q: adding VLAN 0 to HW filter on device team0 [ 738.500960][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 738.508975][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 738.663710][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 738.672358][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 738.681019][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.688098][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.843921][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 738.857498][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 738.866166][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.873217][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.885761][ T21] device bridge_slave_1 left promiscuous mode [ 738.891981][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.945230][ T21] device bridge_slave_0 left promiscuous mode [ 738.951440][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.986937][ T21] device bridge_slave_1 left promiscuous mode [ 738.993186][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.045120][ T21] device bridge_slave_0 left promiscuous mode [ 739.051347][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.894304][ T21] device hsr_slave_0 left promiscuous mode [ 742.953848][ T21] device hsr_slave_1 left promiscuous mode [ 743.022569][ T21] team0 (unregistering): Port device team_slave_1 removed [ 743.036408][ T21] team0 (unregistering): Port device team_slave_0 removed [ 743.047518][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 743.097985][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 743.201797][ T21] bond0 (unregistering): Released all slaves [ 743.404399][ T21] device hsr_slave_0 left promiscuous mode [ 743.463810][ T21] device hsr_slave_1 left promiscuous mode [ 743.526493][ T21] team0 (unregistering): Port device team_slave_1 removed [ 743.541475][ T21] team0 (unregistering): Port device team_slave_0 removed [ 743.553130][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 743.608503][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 743.692136][ T21] bond0 (unregistering): Released all slaves [ 743.818671][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 743.833669][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 743.842247][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 743.853362][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 743.871702][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 743.879758][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 743.888865][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 743.897516][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 743.905967][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 743.914527][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 743.923059][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 743.937729][T19160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 743.957876][T19160] 8021q: adding VLAN 0 to HW filter on device batadv0 01:48:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 01:48:57 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x2000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:57 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$SIOCAX25GETINFO(r1, 0x89ed, &(0x7f0000000100)) 01:48:57 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt#\x00', 0x0, 0x0) 01:48:57 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:48:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x4) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000000c0)={0x400, 0x4, 0x9, 0x0, 0x0, [{r0, 0x0, 0xd1}, {r0, 0x0, 0x80000000}, {r0}, {r0, 0x0, 0x32f12079}, {r0, 0x0, 0x1d1e}, {r0, 0x0, 0x7}, {r0, 0x0, 0xff}, {r0, 0x0, 0x5}, {r0, 0x0, 0xc48b}]}) r1 = dup2(r0, r0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d3, &(0x7f0000000080)={0x4, 0x0}) [ 744.228329][T19175] bridge_slave_0: FDB only supports static addresses 01:48:57 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x4c) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f00000000c0)={0x1, 0x0, [], {0x0, @bt={0xfff, 0xf7d8, 0x1, 0x1, 0x3, 0x7, 0x6, 0x7f, 0x5, 0x7, 0x2, 0x7fffffff, 0x800, 0x800, 0x16, 0x2}}}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 01:48:57 executing program 3: openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x40000, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/llc\x00') mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x0, 0x0) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x3}) chdir(&(0x7f0000000300)='./file0\x00') write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') 01:48:57 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt%\x00', 0x0, 0x0) 01:48:57 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x3000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 744.563949][T19196] bridge_slave_0: FDB only supports static addresses 01:48:58 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 01:48:58 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x400, 0x10000) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, r1, 0x10, 0x1}, 0xfffffffffffffc8b) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 01:48:58 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt*\x00', 0x0, 0x0) 01:48:58 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:48:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 744.985224][T19215] bridge_slave_0: FDB only supports static addresses [ 745.254264][T19220] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 745.273818][T19220] CPU: 1 PID: 19220 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 745.282966][T19220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.293021][T19220] Call Trace: [ 745.296319][T19220] dump_stack+0x172/0x1f0 [ 745.300656][T19220] dump_header+0x177/0x1152 [ 745.305167][T19220] ? pagefault_out_of_memory+0x11c/0x11c [ 745.310806][T19220] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 745.316619][T19220] ? ___ratelimit+0x60/0x595 [ 745.321217][T19220] ? do_raw_spin_unlock+0x57/0x270 [ 745.326338][T19220] oom_kill_process.cold+0x10/0x15 [ 745.331456][T19220] out_of_memory+0x334/0x1340 [ 745.336137][T19220] ? __sched_text_start+0x8/0x8 [ 745.340994][T19220] ? oom_killer_disable+0x280/0x280 [ 745.346201][T19220] mem_cgroup_out_of_memory+0x1d8/0x240 [ 745.351743][T19220] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 745.357380][T19220] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 745.363185][T19220] ? cgroup_file_notify+0x140/0x1b0 [ 745.368389][T19220] memory_max_write+0x262/0x3a0 [ 745.373243][T19220] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 745.380013][T19220] ? lock_acquire+0x190/0x410 [ 745.384691][T19220] ? kernfs_fop_write+0x227/0x480 [ 745.389901][T19220] cgroup_file_write+0x241/0x790 [ 745.394841][T19220] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 745.401603][T19220] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 745.407246][T19220] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 745.412881][T19220] kernfs_fop_write+0x2b8/0x480 [ 745.417734][T19220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 745.423973][T19220] __vfs_write+0x8a/0x110 [ 745.428298][T19220] ? kernfs_fop_open+0xd80/0xd80 [ 745.433235][T19220] vfs_write+0x268/0x5d0 [ 745.437479][T19220] ksys_write+0x14f/0x290 [ 745.441810][T19220] ? __ia32_sys_read+0xb0/0xb0 [ 745.446572][T19220] ? do_syscall_64+0x26/0x760 [ 745.451252][T19220] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 745.457319][T19220] ? do_syscall_64+0x26/0x760 [ 745.462005][T19220] __x64_sys_write+0x73/0xb0 [ 745.466599][T19220] do_syscall_64+0xfa/0x760 [ 745.471113][T19220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 745.476998][T19220] RIP: 0033:0x459879 [ 745.480893][T19220] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 745.500491][T19220] RSP: 002b:00007f1e2efbec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 745.508902][T19220] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 745.516899][T19220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 745.524870][T19220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 745.532865][T19220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e2efbf6d4 [ 745.540835][T19220] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 745.670747][T19220] memory: usage 3320kB, limit 0kB, failcnt 184 [ 745.682290][T19220] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 745.703696][T19220] Memory cgroup stats for /syz5: [ 745.705362][T19220] anon 2260992 [ 745.705362][T19220] file 0 [ 745.705362][T19220] kernel_stack 0 [ 745.705362][T19220] slab 995328 [ 745.705362][T19220] sock 16384 [ 745.705362][T19220] shmem 28672 [ 745.705362][T19220] file_mapped 0 [ 745.705362][T19220] file_dirty 0 [ 745.705362][T19220] file_writeback 0 [ 745.705362][T19220] anon_thp 2097152 [ 745.705362][T19220] inactive_anon 0 [ 745.705362][T19220] active_anon 2191360 [ 745.705362][T19220] inactive_file 61440 [ 745.705362][T19220] active_file 0 [ 745.705362][T19220] unevictable 176128 [ 745.705362][T19220] slab_reclaimable 405504 [ 745.705362][T19220] slab_unreclaimable 589824 [ 745.705362][T19220] pgfault 24915 [ 745.705362][T19220] pgmajfault 0 [ 745.705362][T19220] workingset_refault 0 [ 745.705362][T19220] workingset_activate 0 [ 745.705362][T19220] workingset_nodereclaim 0 [ 745.705362][T19220] pgrefill 0 [ 745.705362][T19220] pgscan 0 [ 745.705362][T19220] pgsteal 0 [ 745.705362][T19220] pgactivate 0 [ 745.801953][T19220] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19219,uid=0 [ 745.819270][T19220] Memory cgroup out of memory: Killed process 19219 (syz-executor.5) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 745.840608][ T1065] oom_reaper: reaped process 19219 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 746.148917][T19160] syz-executor.5 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 746.166568][T19160] CPU: 1 PID: 19160 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 746.175704][T19160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.185745][T19160] Call Trace: [ 746.189026][T19160] dump_stack+0x172/0x1f0 [ 746.193345][T19160] dump_header+0x177/0x1152 [ 746.197830][T19160] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 746.203616][T19160] ? ___ratelimit+0x2c8/0x595 [ 746.208269][T19160] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 746.214073][T19160] ? lockdep_hardirqs_on+0x418/0x5d0 [ 746.219333][T19160] ? trace_hardirqs_on+0x67/0x240 [ 746.224339][T19160] ? pagefault_out_of_memory+0x11c/0x11c [ 746.229962][T19160] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 746.235771][T19160] ? ___ratelimit+0x60/0x595 [ 746.240340][T19160] ? do_raw_spin_unlock+0x57/0x270 [ 746.245434][T19160] oom_kill_process.cold+0x10/0x15 [ 746.250530][T19160] out_of_memory+0x334/0x1340 [ 746.255184][T19160] ? lock_downgrade+0x920/0x920 [ 746.260021][T19160] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 746.265806][T19160] ? oom_killer_disable+0x280/0x280 [ 746.271032][T19160] mem_cgroup_out_of_memory+0x1d8/0x240 [ 746.276555][T19160] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 746.282165][T19160] ? do_raw_spin_unlock+0x57/0x270 [ 746.287251][T19160] ? _raw_spin_unlock+0x2d/0x50 [ 746.292101][T19160] try_charge+0xf4b/0x1440 [ 746.296513][T19160] ? __lock_acquire+0x880/0x4a00 [ 746.301468][T19160] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 746.306996][T19160] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 746.312953][T19160] ? cache_grow_begin+0x122/0xd20 [ 746.317969][T19160] ? find_held_lock+0x35/0x130 [ 746.322712][T19160] ? cache_grow_begin+0x122/0xd20 [ 746.327721][T19160] __memcg_kmem_charge_memcg+0x71/0xf0 [ 746.333155][T19160] ? memcg_kmem_put_cache+0x50/0x50 [ 746.338330][T19160] ? __kasan_check_read+0x11/0x20 [ 746.343334][T19160] cache_grow_begin+0x629/0xd20 [ 746.348165][T19160] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 746.353860][T19160] ? mempolicy_slab_node+0x139/0x390 [ 746.359299][T19160] fallback_alloc+0x1fd/0x2d0 [ 746.363957][T19160] ____cache_alloc_node+0x1bc/0x1d0 [ 746.369135][T19160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 746.375359][T19160] kmem_cache_alloc+0x1ef/0x710 [ 746.380186][T19160] ? lock_downgrade+0x920/0x920 [ 746.385123][T19160] ? rwlock_bug.part.0+0x90/0x90 [ 746.390049][T19160] ? ratelimit_state_init+0xb0/0xb0 [ 746.395228][T19160] ext4_alloc_inode+0x1f/0x640 [ 746.400234][T19160] ? ratelimit_state_init+0xb0/0xb0 [ 746.405422][T19160] alloc_inode+0x68/0x1e0 [ 746.409738][T19160] iget_locked+0x1a6/0x4b0 [ 746.414276][T19160] __ext4_iget+0x265/0x3bb0 [ 746.418763][T19160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.424986][T19160] ? ext4_get_projid+0x190/0x190 [ 746.429911][T19160] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 746.435435][T19160] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 746.441396][T19160] ? d_alloc_parallel+0xa78/0x1c30 [ 746.446491][T19160] ext4_lookup+0x3b1/0x7a0 [ 746.450987][T19160] ? ext4_cross_rename+0x1430/0x1430 [ 746.456262][T19160] ? __lock_acquire+0x16f2/0x4a00 [ 746.461271][T19160] ? __kasan_check_read+0x11/0x20 [ 746.466280][T19160] ? lockdep_init_map+0x1be/0x6d0 [ 746.471309][T19160] __lookup_slow+0x279/0x500 [ 746.475901][T19160] ? vfs_unlink+0x620/0x620 [ 746.480590][T19160] lookup_slow+0x58/0x80 [ 746.484811][T19160] path_mountpoint+0x5d2/0x1e60 [ 746.489640][T19160] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 746.495165][T19160] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 746.501124][T19160] ? path_openat+0x46d0/0x46d0 [ 746.506036][T19160] filename_mountpoint+0x190/0x3c0 [ 746.511130][T19160] ? filename_parentat.isra.0+0x410/0x410 [ 746.516914][T19160] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 746.523058][T19160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 746.529300][T19160] ? __phys_addr_symbol+0x30/0x70 [ 746.534916][T19160] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 746.540628][T19160] ? __check_object_size+0x3d/0x437 [ 746.545842][T19160] ? strncpy_from_user+0x2b4/0x400 [ 746.550934][T19160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.557157][T19160] ? getname_flags+0x277/0x5b0 [ 746.561919][T19160] user_path_mountpoint_at+0x3a/0x50 [ 746.567209][T19160] ksys_umount+0x167/0xf00 [ 746.571606][T19160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.577846][T19160] ? __detach_mounts+0x2a0/0x2a0 [ 746.582768][T19160] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 746.588202][T19160] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 746.593639][T19160] ? do_syscall_64+0x26/0x760 [ 746.598299][T19160] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.604378][T19160] ? do_syscall_64+0x26/0x760 [ 746.609129][T19160] ? lockdep_hardirqs_on+0x418/0x5d0 [ 746.614402][T19160] __x64_sys_umount+0x54/0x80 [ 746.619070][T19160] do_syscall_64+0xfa/0x760 [ 746.623564][T19160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.629466][T19160] RIP: 0033:0x45c2a7 [ 746.633351][T19160] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 746.652945][T19160] RSP: 002b:00007ffc13be8838 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 746.661339][T19160] RAX: ffffffffffffffda RBX: 00000000000b5ed9 RCX: 000000000045c2a7 [ 746.669314][T19160] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffc13be88e0 [ 746.677281][T19160] RBP: 0000000000000008 R08: 0000000000000000 R09: 000000000000000e [ 746.685237][T19160] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffc13be9970 [ 746.693189][T19160] R13: 0000555556716940 R14: 0000000000000000 R15: 00007ffc13be9970 [ 746.703713][T19160] memory: usage 976kB, limit 0kB, failcnt 196 [ 746.709948][T19160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 746.717036][T19160] Memory cgroup stats for /syz5: [ 746.717114][T19160] anon 155648 [ 746.717114][T19160] file 0 [ 746.717114][T19160] kernel_stack 0 [ 746.717114][T19160] slab 995328 [ 746.717114][T19160] sock 16384 [ 746.717114][T19160] shmem 28672 [ 746.717114][T19160] file_mapped 0 [ 746.717114][T19160] file_dirty 0 [ 746.717114][T19160] file_writeback 0 [ 746.717114][T19160] anon_thp 0 [ 746.717114][T19160] inactive_anon 0 [ 746.717114][T19160] active_anon 86016 [ 746.717114][T19160] inactive_file 61440 [ 746.717114][T19160] active_file 0 [ 746.717114][T19160] unevictable 176128 [ 746.717114][T19160] slab_reclaimable 405504 [ 746.717114][T19160] slab_unreclaimable 589824 [ 746.717114][T19160] pgfault 24915 [ 746.717114][T19160] pgmajfault 0 [ 746.717114][T19160] workingset_refault 0 [ 746.717114][T19160] workingset_activate 0 [ 746.717114][T19160] workingset_nodereclaim 0 [ 746.717114][T19160] pgrefill 0 [ 746.717114][T19160] pgscan 0 [ 746.717114][T19160] pgsteal 0 [ 746.717114][T19160] pgactivate 0 [ 746.813772][T19160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19160,uid=0 [ 746.833777][T19160] Memory cgroup out of memory: Killed process 19160 (syz-executor.5) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 746.852078][ T1065] oom_reaper: reaped process 19160 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 747.238224][T19224] IPVS: ftp: loaded support on port[0] = 21 [ 747.338454][T19224] chnl_net:caif_netlink_parms(): no params data found [ 747.383464][T19224] bridge0: port 1(bridge_slave_0) entered blocking state [ 747.391950][T19224] bridge0: port 1(bridge_slave_0) entered disabled state [ 747.406697][T19224] device bridge_slave_0 entered promiscuous mode [ 747.418349][T19224] bridge0: port 2(bridge_slave_1) entered blocking state [ 747.426646][T19224] bridge0: port 2(bridge_slave_1) entered disabled state [ 747.435285][T19224] device bridge_slave_1 entered promiscuous mode [ 747.454257][T19224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 747.465958][T19224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 747.486726][T19224] team0: Port device team_slave_0 added [ 747.494734][T19224] team0: Port device team_slave_1 added [ 747.556945][T19224] device hsr_slave_0 entered promiscuous mode [ 747.594202][T19224] device hsr_slave_1 entered promiscuous mode [ 747.635411][T19224] debugfs: Directory 'hsr0' with parent '/' already present! [ 747.784746][T19224] bridge0: port 2(bridge_slave_1) entered blocking state [ 747.791940][T19224] bridge0: port 2(bridge_slave_1) entered forwarding state [ 747.799337][T19224] bridge0: port 1(bridge_slave_0) entered blocking state [ 747.806443][T19224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 747.913177][T19224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 747.928571][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 747.942454][T18791] bridge0: port 1(bridge_slave_0) entered disabled state [ 747.951385][T18791] bridge0: port 2(bridge_slave_1) entered disabled state [ 748.035700][T19224] 8021q: adding VLAN 0 to HW filter on device team0 [ 748.046535][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 748.055517][T18791] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.062574][T18791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 748.074015][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 748.082400][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.089871][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 748.181647][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 748.190627][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 748.202580][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 748.290106][T19224] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 748.301146][T19224] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 748.313299][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 748.322431][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 748.331677][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 748.340907][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 748.349860][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 748.439005][T19224] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 748.706776][T19232] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 748.717835][T19232] CPU: 0 PID: 19232 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 748.726947][T19232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 748.737001][T19232] Call Trace: [ 748.740307][T19232] dump_stack+0x172/0x1f0 [ 748.744634][T19232] dump_header+0x177/0x1152 [ 748.749140][T19232] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 748.754934][T19232] ? ___ratelimit+0x2c8/0x595 [ 748.760356][T19232] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 748.766163][T19232] ? lockdep_hardirqs_on+0x418/0x5d0 [ 748.771443][T19232] ? trace_hardirqs_on+0x67/0x240 [ 748.776452][T19232] ? pagefault_out_of_memory+0x11c/0x11c [ 748.782072][T19232] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 748.787861][T19232] ? ___ratelimit+0x60/0x595 [ 748.792434][T19232] ? do_raw_spin_unlock+0x57/0x270 [ 748.797531][T19232] oom_kill_process.cold+0x10/0x15 [ 748.802625][T19232] out_of_memory+0x334/0x1340 [ 748.807289][T19232] ? __sched_text_start+0x8/0x8 [ 748.812131][T19232] ? oom_killer_disable+0x280/0x280 [ 748.817333][T19232] mem_cgroup_out_of_memory+0x1d8/0x240 [ 748.822869][T19232] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 748.828495][T19232] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 748.834291][T19232] ? cgroup_file_notify+0x140/0x1b0 [ 748.839479][T19232] memory_max_write+0x262/0x3a0 [ 748.844334][T19232] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 748.851082][T19232] ? lock_acquire+0x190/0x410 [ 748.855746][T19232] ? kernfs_fop_write+0x227/0x480 [ 748.860765][T19232] cgroup_file_write+0x241/0x790 [ 748.865683][T19232] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 748.872424][T19232] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 748.878050][T19232] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 748.883669][T19232] kernfs_fop_write+0x2b8/0x480 [ 748.888527][T19232] __vfs_write+0x8a/0x110 [ 748.892848][T19232] ? kernfs_fop_open+0xd80/0xd80 [ 748.897779][T19232] vfs_write+0x268/0x5d0 [ 748.902025][T19232] ksys_write+0x14f/0x290 [ 748.906345][T19232] ? __ia32_sys_read+0xb0/0xb0 [ 748.911113][T19232] __x64_sys_write+0x73/0xb0 [ 748.915702][T19232] do_syscall_64+0xfa/0x760 [ 748.920204][T19232] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 748.926076][T19232] RIP: 0033:0x459879 [ 748.929957][T19232] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 748.949850][T19232] RSP: 002b:00007f439e7afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 748.958249][T19232] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 748.966203][T19232] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 748.974158][T19232] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 748.982109][T19232] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f439e7b06d4 [ 748.990062][T19232] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 749.012620][T19232] memory: usage 3292kB, limit 0kB, failcnt 197 [ 749.019109][T19232] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 749.027320][T19232] Memory cgroup stats for /syz2: [ 749.028056][T19232] anon 2154496 [ 749.028056][T19232] file 102400 [ 749.028056][T19232] kernel_stack 0 [ 749.028056][T19232] slab 856064 [ 749.028056][T19232] sock 0 [ 749.028056][T19232] shmem 45056 [ 749.028056][T19232] file_mapped 0 [ 749.028056][T19232] file_dirty 0 [ 749.028056][T19232] file_writeback 0 [ 749.028056][T19232] anon_thp 2097152 [ 749.028056][T19232] inactive_anon 131072 [ 749.028056][T19232] active_anon 2154496 [ 749.028056][T19232] inactive_file 0 [ 749.028056][T19232] active_file 0 [ 749.028056][T19232] unevictable 0 [ 749.028056][T19232] slab_reclaimable 270336 [ 749.028056][T19232] slab_unreclaimable 585728 [ 749.028056][T19232] pgfault 31581 [ 749.028056][T19232] pgmajfault 0 [ 749.028056][T19232] workingset_refault 0 [ 749.028056][T19232] workingset_activate 0 [ 749.028056][T19232] workingset_nodereclaim 0 [ 749.028056][T19232] pgrefill 33 [ 749.028056][T19232] pgscan 0 [ 749.028056][T19232] pgsteal 0 [ 749.028056][T19232] pgactivate 0 [ 749.124330][T19232] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19231,uid=0 [ 749.141981][T19232] Memory cgroup out of memory: Killed process 19231 (syz-executor.2) total-vm:72580kB, anon-rss:2184kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 749.163082][ T1065] oom_reaper: reaped process 19231 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:49:02 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:02 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000000c0)={0x0, @pix_mp={0x80000000, 0x1, 0x35303553, 0x6, 0x9, [{0x4, 0x2}, {0x0, 0x81}, {0x100000001, 0xe9d6}, {0x6, 0x4}, {0x200, 0x7fffffff}, {0x100, 0x10001}, {0x80000001, 0x4}, {0xa50, 0xb2c}], 0x80000000, 0x2, 0x5b5854d2c1489ee3, 0x0, 0x6}}) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) r2 = dup(r0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000080)={0x84, 0x5, 0x0, 0x2, 0x0, 0x0, 0x5}) 01:49:02 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt+\x00', 0x0, 0x0) 01:49:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(cast6))\x00'}, 0x58) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = accept$alg(r0, 0x0, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000340)="53000000000000000000000000000000284ac107a6a302a6c00d12a1e32c505011", 0x21}], 0x1) recvmmsg(r2, &(0x7f0000000040)=[{{0x0, 0xffffffffffffffb7, &(0x7f0000000140)=[{&(0x7f0000002780)=""/4096, 0x20001e80}], 0x1}}], 0x213, 0x0, 0x0) 01:49:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x5000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 749.295602][ T21] device bridge_slave_1 left promiscuous mode [ 749.298944][T19224] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 749.301840][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 749.312311][T19224] CPU: 1 PID: 19224 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 749.328064][T19224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 749.338127][T19224] Call Trace: [ 749.341450][T19224] dump_stack+0x172/0x1f0 01:49:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 749.345803][T19224] dump_header+0x177/0x1152 [ 749.350321][T19224] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 749.356144][T19224] ? ___ratelimit+0x2c8/0x595 [ 749.360921][T19224] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 749.366752][T19224] ? lockdep_hardirqs_on+0x418/0x5d0 [ 749.372233][T19224] ? trace_hardirqs_on+0x67/0x240 [ 749.377275][T19224] ? pagefault_out_of_memory+0x11c/0x11c [ 749.382941][T19224] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 749.388762][T19224] ? ___ratelimit+0x60/0x595 [ 749.393355][T19224] ? do_raw_spin_unlock+0x57/0x270 [ 749.398480][T19224] oom_kill_process.cold+0x10/0x15 [ 749.403613][T19224] out_of_memory+0x334/0x1340 [ 749.408294][T19224] ? lock_downgrade+0x920/0x920 [ 749.413153][T19224] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 749.418970][T19224] ? oom_killer_disable+0x280/0x280 [ 749.424208][T19224] mem_cgroup_out_of_memory+0x1d8/0x240 [ 749.429781][T19224] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 749.435436][T19224] ? do_raw_spin_unlock+0x57/0x270 [ 749.440569][T19224] ? _raw_spin_unlock+0x2d/0x50 [ 749.445438][T19224] try_charge+0xf4b/0x1440 [ 749.449872][T19224] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 749.455455][T19224] ? percpu_ref_tryget_live+0x111/0x290 [ 749.461021][T19224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 749.467278][T19224] ? __kasan_check_read+0x11/0x20 [ 749.472314][T19224] ? get_mem_cgroup_from_mm+0x156/0x320 [ 749.477876][T19224] mem_cgroup_try_charge+0x136/0x590 [ 749.483189][T19224] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 749.489458][T19224] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 749.495105][T19224] wp_page_copy+0x41e/0x1600 [ 749.500056][T19224] ? find_held_lock+0x35/0x130 [ 749.504837][T19224] ? follow_pfn+0x2a0/0x2a0 [ 749.509349][T19224] ? lock_downgrade+0x920/0x920 [ 749.514213][T19224] ? swp_swapcount+0x540/0x540 [ 749.518997][T19224] ? __kasan_check_read+0x11/0x20 [ 749.524033][T19224] ? do_raw_spin_unlock+0x57/0x270 [ 749.529162][T19224] do_wp_page+0x499/0x14d0 [ 749.533726][T19224] ? finish_mkwrite_fault+0x570/0x570 [ 749.542599][T19224] __handle_mm_fault+0x22f1/0x3f20 [ 749.548689][T19224] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 749.554260][T19224] ? __kasan_check_read+0x11/0x20 [ 749.559301][T19224] handle_mm_fault+0x1b5/0x6c0 [ 749.564079][T19224] __do_page_fault+0x536/0xdd0 [ 749.568876][T19224] do_page_fault+0x38/0x590 [ 749.573393][T19224] page_fault+0x39/0x40 [ 749.577550][T19224] RIP: 0033:0x430956 [ 749.581451][T19224] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 749.601056][T19224] RSP: 002b:00007fffe69bc6f0 EFLAGS: 00010206 [ 749.607125][T19224] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 749.615109][T19224] RDX: 0000555556a66930 RSI: 0000555556a6e970 RDI: 0000000000000003 [ 749.623175][T19224] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556a65940 [ 749.631167][T19224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 749.639142][T19224] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 749.665490][ T21] device bridge_slave_0 left promiscuous mode [ 749.672038][ T21] bridge0: port 1(bridge_slave_0) entered disabled state 01:49:03 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt-\x00', 0x0, 0x0) [ 749.784651][T19224] memory: usage 912kB, limit 0kB, failcnt 205 [ 749.790784][T19224] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 749.815566][T19224] Memory cgroup stats for /syz2: [ 749.815694][T19224] anon 53248 [ 749.815694][T19224] file 102400 [ 749.815694][T19224] kernel_stack 0 [ 749.815694][T19224] slab 856064 [ 749.815694][T19224] sock 0 [ 749.815694][T19224] shmem 45056 [ 749.815694][T19224] file_mapped 0 [ 749.815694][T19224] file_dirty 0 [ 749.815694][T19224] file_writeback 0 [ 749.815694][T19224] anon_thp 0 [ 749.815694][T19224] inactive_anon 131072 [ 749.815694][T19224] active_anon 53248 [ 749.815694][T19224] inactive_file 0 [ 749.815694][T19224] active_file 0 [ 749.815694][T19224] unevictable 0 [ 749.815694][T19224] slab_reclaimable 270336 [ 749.815694][T19224] slab_unreclaimable 585728 [ 749.815694][T19224] pgfault 31581 [ 749.815694][T19224] pgmajfault 0 [ 749.815694][T19224] workingset_refault 0 [ 749.815694][T19224] workingset_activate 0 [ 749.815694][T19224] workingset_nodereclaim 0 [ 749.815694][T19224] pgrefill 33 [ 749.815694][T19224] pgscan 0 [ 749.815694][T19224] pgsteal 0 [ 749.815694][T19224] pgactivate 0 01:49:03 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt.\x00', 0x0, 0x0) [ 749.969726][T19224] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19224,uid=0 [ 749.992135][T19224] Memory cgroup out of memory: Killed process 19224 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 750.060708][ T1065] oom_reaper: reaped process 19224 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 01:49:03 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt/\x00', 0x0, 0x0) 01:49:03 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt0\x00', 0x0, 0x0) 01:49:04 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptX\x00', 0x0, 0x0) 01:49:04 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpt\\\x00', 0x0, 0x0) [ 752.444190][ T21] device hsr_slave_0 left promiscuous mode [ 752.483705][ T21] device hsr_slave_1 left promiscuous mode [ 752.545983][ T21] team0 (unregistering): Port device team_slave_1 removed [ 752.559885][ T21] team0 (unregistering): Port device team_slave_0 removed [ 752.572388][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 752.600230][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 752.701548][ T21] bond0 (unregistering): Released all slaves [ 752.800584][T19239] bridge_slave_0: FDB only supports static addresses 01:49:06 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:06 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptc\x00', 0x0, 0x0) 01:49:06 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:06 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x45) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, r1, 0x4, 0x2}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) time(&(0x7f0000000140)) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r2, 0x0) r3 = getpgrp(0x0) syz_open_procfs(r3, &(0x7f00000001c0)='net/rfcomm\x00') ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f00000000c0)={0xff, 0x2, 0x8001}) write$FUSE_POLL(r2, &(0x7f0000000180)={0x18, 0xfffffffffffffffe, 0x6, {0xffffffff}}, 0x18) 01:49:06 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x600000, 0x0) sendto$inet6(r0, &(0x7f0000000080)="632799f25b660c10eb2d6af86ee3e93cd1729db69d8ba754a9d8d31edf095ad9bf0abb14652485c889413075421258ca256fcb68d1c8caaf2f91ad80e794a4e86b7dc8304893c703b7f759c20d1b91b14b38a216a98b1b40e7862bcb8b85325175f611a04ff9fbb7d3a41a19f2851ce3777d0ee3efce0856391665d9be4152f0eeca8df1b439da759af157813eaf4b67b9705058646f69c1e423a221d7bc7cb6a593f35bbbc00bbb6e95b8531ac0f4e5f1fdf03b3f0ad96de5d2e9fe867c333e446b827b5462f5754755b19d3ddb85940c189e691c59c98af8784f65f082b485", 0xe0, 0x10, &(0x7f0000000180)={0xa, 0x4e22, 0x1ff, @dev={0xfe, 0x80, [], 0x25}, 0xfff}, 0x1c) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @dev, 0x1}], 0x1c) [ 753.050791][T19278] IPVS: ftp: loaded support on port[0] = 21 [ 753.089109][T19281] bridge_slave_0: FDB only supports static addresses [ 753.196110][T19287] bridge_slave_0: FDB only supports static addresses [ 753.413187][T19278] chnl_net:caif_netlink_parms(): no params data found [ 753.463363][T19278] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.476761][T19278] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.487066][T19278] device bridge_slave_0 entered promiscuous mode [ 753.499677][T19278] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.508959][T19278] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.521396][T19278] device bridge_slave_1 entered promiscuous mode [ 753.558175][T19278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 753.571824][T19278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 753.603416][T19278] team0: Port device team_slave_0 added [ 753.619507][T19278] team0: Port device team_slave_1 added [ 753.686649][T19278] device hsr_slave_0 entered promiscuous mode [ 753.734085][T19278] device hsr_slave_1 entered promiscuous mode [ 753.783701][T19278] debugfs: Directory 'hsr0' with parent '/' already present! [ 753.810027][T19278] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.817156][T19278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 753.824563][T19278] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.831619][T19278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 753.859275][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.874649][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.917995][T19278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 753.931662][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 753.941115][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 753.951982][T19278] 8021q: adding VLAN 0 to HW filter on device team0 [ 753.970476][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 753.986907][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 754.000644][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 754.007758][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 754.032561][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 754.041890][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 754.050980][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.058093][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 754.067346][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 754.077973][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 754.096464][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 754.105860][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 754.114876][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 754.124445][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 754.133116][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 754.142355][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 754.155678][T19278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 754.167438][T19278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 754.177687][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 754.186660][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 754.195813][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 754.222255][T19278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 754.411766][T19306] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 754.422407][T19306] CPU: 1 PID: 19306 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 754.431608][T19306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.441668][T19306] Call Trace: [ 754.444968][T19306] dump_stack+0x172/0x1f0 [ 754.449302][T19306] dump_header+0x177/0x1152 [ 754.453894][T19306] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 754.459713][T19306] ? ___ratelimit+0x2c8/0x595 [ 754.464396][T19306] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 754.470207][T19306] ? lockdep_hardirqs_on+0x418/0x5d0 [ 754.475578][T19306] ? trace_hardirqs_on+0x67/0x240 [ 754.480608][T19306] ? pagefault_out_of_memory+0x11c/0x11c [ 754.486244][T19306] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 754.492050][T19306] ? ___ratelimit+0x60/0x595 [ 754.496648][T19306] ? do_raw_spin_unlock+0x57/0x270 [ 754.503243][T19306] oom_kill_process.cold+0x10/0x15 [ 754.508362][T19306] out_of_memory+0x334/0x1340 [ 754.513041][T19306] ? __sched_text_start+0x8/0x8 [ 754.517896][T19306] ? oom_killer_disable+0x280/0x280 [ 754.523130][T19306] mem_cgroup_out_of_memory+0x1d8/0x240 [ 754.528684][T19306] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 754.534325][T19306] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 754.540130][T19306] ? cgroup_file_notify+0x140/0x1b0 [ 754.545336][T19306] memory_max_write+0x262/0x3a0 [ 754.550190][T19306] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 754.556956][T19306] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 754.563745][T19306] cgroup_file_write+0x241/0x790 [ 754.568680][T19306] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 754.575571][T19306] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 754.581288][T19306] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 754.586911][T19306] kernfs_fop_write+0x2b8/0x480 [ 754.591756][T19306] __vfs_write+0x8a/0x110 [ 754.596206][T19306] ? kernfs_fop_open+0xd80/0xd80 [ 754.601246][T19306] vfs_write+0x268/0x5d0 [ 754.605489][T19306] ksys_write+0x14f/0x290 [ 754.609812][T19306] ? __ia32_sys_read+0xb0/0xb0 [ 754.615094][T19306] ? do_syscall_64+0x26/0x760 [ 754.619768][T19306] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 754.625819][T19306] ? do_syscall_64+0x26/0x760 [ 754.630541][T19306] __x64_sys_write+0x73/0xb0 [ 754.635134][T19306] do_syscall_64+0xfa/0x760 [ 754.639629][T19306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 754.645507][T19306] RIP: 0033:0x459879 [ 754.649397][T19306] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 754.669099][T19306] RSP: 002b:00007f4c8a01ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 754.677510][T19306] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 754.685585][T19306] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 754.695309][T19306] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 754.707020][T19306] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c8a01f6d4 [ 754.715829][T19306] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 754.740587][T19306] memory: usage 3324kB, limit 0kB, failcnt 197 [ 754.747526][T19306] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 754.757322][T19306] Memory cgroup stats for /syz5: [ 754.759219][T19306] anon 2240512 [ 754.759219][T19306] file 0 [ 754.759219][T19306] kernel_stack 0 [ 754.759219][T19306] slab 995328 [ 754.759219][T19306] sock 16384 [ 754.759219][T19306] shmem 28672 [ 754.759219][T19306] file_mapped 0 [ 754.759219][T19306] file_dirty 0 [ 754.759219][T19306] file_writeback 0 [ 754.759219][T19306] anon_thp 2097152 [ 754.759219][T19306] inactive_anon 0 [ 754.759219][T19306] active_anon 2170880 [ 754.759219][T19306] inactive_file 61440 [ 754.759219][T19306] active_file 0 [ 754.759219][T19306] unevictable 176128 [ 754.759219][T19306] slab_reclaimable 405504 [ 754.759219][T19306] slab_unreclaimable 589824 [ 754.759219][T19306] pgfault 24981 [ 754.759219][T19306] pgmajfault 0 [ 754.759219][T19306] workingset_refault 0 [ 754.759219][T19306] workingset_activate 0 [ 754.759219][T19306] workingset_nodereclaim 0 [ 754.759219][T19306] pgrefill 0 [ 754.759219][T19306] pgscan 0 [ 754.759219][T19306] pgsteal 0 [ 754.759219][T19306] pgactivate 0 [ 754.855158][T19306] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19304,uid=0 [ 754.871279][T19306] Memory cgroup out of memory: Killed process 19304 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 754.906336][ T1065] oom_reaper: reaped process 19304 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:49:08 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) fsetxattr$security_ima(r0, &(0x7f0000000000)='security.ima\x00', &(0x7f0000001100)=@sha1={0x1, "8956c138230a1aec66572f216dd2b8dbd7d9a515"}, 0x15, 0x3) syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x8, 0x10000) r1 = msgget$private(0x0, 0x0) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000100)=""/4096) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f00000000c0)={r0}) socket(0x3, 0x5, 0x7) 01:49:08 executing program 3: r0 = socket(0x1b, 0x8000000803, 0x0) write(r0, &(0x7f0000000300)="220000002000070700be00000900070102000000001f000000200000050002807a00ed3b15cb4d02b8057dfa22947ba19086cd8514a8c143fc6c2d172756719b04a7b50b97c2794238689a1b9d8d35e8329dfdcd45122732af96a8a1c99e547a081ba409eab28db77652ba528623db6e00c057a1dfaa57ccfd80e9974bada39d36632eb9010741cd0baede8aba0109aa746667a7c848c830e3d650203e6abf58793ea89ace6787edd3f065e97074e3148e952c8c5ea1b6b7c1f914194f28f899230e1391ffad758740fdafeb46caea8e3b7f2f5585ccd12025c09852be953502a285585039122a5c7adb6707457bff068b9a0fbd5628ca2f32b33d32e15c7ca89e48eaf14e1dc4aa33bdeb0f777449829b5e399a9ffc45850207a0da9407a333b3b706389149bbec562337ea9d2c423d4a45279019b348a080597f9c767fa2fb00000001007248b6507f2d49ebfae9123594cfa62b88bb9fe1a080e6091784c5e94d224ff573762798e825ffe3aabcefb27037b5c072a87507fb8f2d6a7fdf", 0x17f) 01:49:08 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptd\x00', 0x0, 0x0) 01:49:08 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6040000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:08 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:08 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 755.199419][T19278] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 755.226279][T19278] CPU: 0 PID: 19278 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 755.235424][T19278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 755.245495][T19278] Call Trace: [ 755.248814][T19278] dump_stack+0x172/0x1f0 [ 755.253177][T19278] dump_header+0x177/0x1152 [ 755.257692][T19278] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 755.263503][T19278] ? ___ratelimit+0x2c8/0x595 [ 755.268199][T19278] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 755.274096][T19278] ? lockdep_hardirqs_on+0x418/0x5d0 [ 755.279388][T19278] ? trace_hardirqs_on+0x67/0x240 [ 755.284427][T19278] ? pagefault_out_of_memory+0x11c/0x11c [ 755.290073][T19278] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 755.295896][T19278] ? ___ratelimit+0x60/0x595 [ 755.300500][T19278] ? do_raw_spin_unlock+0x57/0x270 [ 755.305632][T19278] oom_kill_process.cold+0x10/0x15 [ 755.310762][T19278] out_of_memory+0x334/0x1340 [ 755.315464][T19278] ? lock_downgrade+0x920/0x920 [ 755.320349][T19278] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 755.326174][T19278] ? oom_killer_disable+0x280/0x280 [ 755.331663][T19278] mem_cgroup_out_of_memory+0x1d8/0x240 [ 755.337231][T19278] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 755.342878][T19278] ? do_raw_spin_unlock+0x57/0x270 [ 755.348014][T19278] ? _raw_spin_unlock+0x2d/0x50 [ 755.352888][T19278] try_charge+0xf4b/0x1440 [ 755.357339][T19278] ? __lock_acquire+0x880/0x4a00 [ 755.362295][T19278] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 755.367872][T19278] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 755.374045][T19278] ? cache_grow_begin+0x122/0xd20 [ 755.379087][T19278] ? find_held_lock+0x35/0x130 [ 755.383970][T19278] ? cache_grow_begin+0x122/0xd20 [ 755.389039][T19278] __memcg_kmem_charge_memcg+0x71/0xf0 [ 755.394607][T19278] ? memcg_kmem_put_cache+0x50/0x50 [ 755.399826][T19278] ? __kasan_check_read+0x11/0x20 [ 755.404955][T19278] cache_grow_begin+0x629/0xd20 [ 755.409812][T19278] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 755.415626][T19278] ? mempolicy_slab_node+0x139/0x390 [ 755.421022][T19278] fallback_alloc+0x1fd/0x2d0 [ 755.425722][T19278] ____cache_alloc_node+0x1bc/0x1d0 [ 755.430936][T19278] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 755.437191][T19278] kmem_cache_alloc+0x1ef/0x710 [ 755.442064][T19278] ? stack_trace_save+0xac/0xe0 [ 755.446933][T19278] __alloc_file+0x27/0x340 [ 755.451383][T19278] alloc_empty_file+0x72/0x170 [ 755.456176][T19278] path_openat+0xef/0x46d0 [ 755.460604][T19278] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 755.466420][T19278] ? kasan_slab_alloc+0xf/0x20 [ 755.471191][T19278] ? kmem_cache_alloc+0x121/0x710 [ 755.476223][T19278] ? getname_flags+0xd6/0x5b0 [ 755.480917][T19278] ? getname+0x1a/0x20 [ 755.484988][T19278] ? do_sys_open+0x2c9/0x5d0 [ 755.489585][T19278] ? __x64_sys_open+0x7e/0xc0 [ 755.494310][T19278] ? __kasan_check_read+0x11/0x20 [ 755.500297][T19278] ? mark_lock+0xc2/0x1220 [ 755.505078][T19278] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 755.510722][T19278] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 755.516110][T19278] ? __alloc_fd+0x487/0x620 [ 755.520772][T19278] do_filp_open+0x1a1/0x280 [ 755.525291][T19278] ? may_open_dev+0x100/0x100 [ 755.529981][T19278] ? lock_downgrade+0x920/0x920 [ 755.534843][T19278] ? rwlock_bug.part.0+0x90/0x90 [ 755.539880][T19278] ? __kasan_check_read+0x11/0x20 [ 755.544941][T19278] ? do_raw_spin_unlock+0x57/0x270 [ 755.550063][T19278] ? _raw_spin_unlock+0x2d/0x50 [ 755.555005][T19278] ? __alloc_fd+0x487/0x620 [ 755.559532][T19278] do_sys_open+0x3fe/0x5d0 [ 755.564053][T19278] ? filp_open+0x80/0x80 [ 755.568343][T19278] ? __detach_mounts+0x2a0/0x2a0 [ 755.573288][T19278] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 755.578758][T19278] ? do_syscall_64+0x26/0x760 [ 755.583576][T19278] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 755.589680][T19278] ? do_syscall_64+0x26/0x760 [ 755.594369][T19278] __x64_sys_open+0x7e/0xc0 [ 755.598876][T19278] do_syscall_64+0xfa/0x760 [ 755.603421][T19278] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 755.609310][T19278] RIP: 0033:0x4577f0 [ 755.613291][T19278] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 755.632899][T19278] RSP: 002b:00007ffe733b6500 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 755.641320][T19278] RAX: ffffffffffffffda RBX: 00000000000b82b1 RCX: 00000000004577f0 [ 755.649301][T19278] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe733b76e0 [ 755.657277][T19278] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555563ce940 [ 755.665286][T19278] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffe733b76e0 [ 755.673285][T19278] R13: 00007ffe733b76d0 R14: 0000000000000000 R15: 00007ffe733b76e0 01:49:09 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x800) [ 755.703618][T19316] bridge_slave_0: FDB only supports static addresses [ 755.704703][T19278] memory: usage 988kB, limit 0kB, failcnt 209 [ 755.752094][T19278] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 755.803474][T19278] Memory cgroup stats for /syz5: [ 755.804094][T19278] anon 139264 [ 755.804094][T19278] file 0 [ 755.804094][T19278] kernel_stack 0 [ 755.804094][T19278] slab 995328 [ 755.804094][T19278] sock 16384 [ 755.804094][T19278] shmem 28672 [ 755.804094][T19278] file_mapped 0 [ 755.804094][T19278] file_dirty 0 [ 755.804094][T19278] file_writeback 0 [ 755.804094][T19278] anon_thp 0 [ 755.804094][T19278] inactive_anon 0 [ 755.804094][T19278] active_anon 69632 [ 755.804094][T19278] inactive_file 61440 01:49:09 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x7000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:09 executing program 3: clone(0x400000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) io_setup(0x8, &(0x7f0000000500)=0x0) io_getevents(r0, 0x3, 0x3, &(0x7f0000000540)=[{}, {}, {}], &(0x7f0000000680)={0x0, 0x1c9c380}) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000180)) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) fcntl$setflags(r2, 0x2, 0x1) 01:49:09 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpti\x00', 0x0, 0x0) 01:49:09 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000000c0)={0x0, 0x9e, 0x0, 0x7, 0x7}, &(0x7f0000000100)=0x18) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080), &(0x7f0000000200)=0x4) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000140)={r2, 0xfffffffffffffff7, 0x0, 0x8, 0xfffffffffffffffa}, &(0x7f0000000180)=0x18) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 755.804094][T19278] active_file 0 [ 755.804094][T19278] unevictable 176128 [ 755.804094][T19278] slab_reclaimable 405504 [ 755.804094][T19278] slab_unreclaimable 589824 [ 755.804094][T19278] pgfault 24981 [ 755.804094][T19278] pgmajfault 0 [ 755.804094][T19278] workingset_refault 0 [ 755.804094][T19278] workingset_activate 0 [ 755.804094][T19278] workingset_nodereclaim 0 [ 755.804094][T19278] pgrefill 0 [ 755.804094][T19278] pgscan 0 [ 755.804094][T19278] pgsteal 0 [ 755.804094][T19278] pgactivate 0 [ 756.018277][T19337] bridge_slave_0: FDB only supports static addresses 01:49:09 executing program 0: r0 = socket$kcm(0xa, 0x26, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x80, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) getsockopt$bt_hci(r0, 0x0, 0xa1c933f745db7d1b, &(0x7f0000000080)=""/83, &(0x7f0000000100)=0x53) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) connect$caif(r1, &(0x7f0000000180)=@dgm={0x25, 0x7, 0x7fc}, 0x18) 01:49:09 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000004740)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000002280)={0xa, 0x4e23, 0x0, @remote}, 0xfeb7, 0x0, 0x0, &(0x7f0000003580)=ANY=[@ANYBLOB="2800000000000000290000003900000004020200000000002f222d23e00362f7956b073ab0db735a"], 0x28}}], 0x40000000000001c, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x178dcb6485b0dbbe, 0x0) r2 = dup2(r0, r0) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000080)={0x1, 0xa, 0x4, 0x4000000, {}, {0x7, 0x1, 0x4, 0x36, 0x100000001, 0x4, "ec0a2979"}, 0x1740, 0x3, @fd=r2, 0x4}) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3f, 0x200000) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 01:49:09 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptl\x00', 0x0, 0x0) 01:49:09 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={r0}) [ 756.308859][T19356] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 756.387192][T19278] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19278,uid=0 [ 756.430123][T19278] Memory cgroup out of memory: Killed process 19278 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 756.501017][ T1065] oom_reaper: reaped process 19278 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:49:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:49:10 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpto\x00', 0x0, 0x0) [ 757.459560][T19372] IPVS: ftp: loaded support on port[0] = 21 [ 757.663374][T19372] chnl_net:caif_netlink_parms(): no params data found [ 757.694261][T19372] bridge0: port 1(bridge_slave_0) entered blocking state [ 757.701422][T19372] bridge0: port 1(bridge_slave_0) entered disabled state [ 757.709661][T19372] device bridge_slave_0 entered promiscuous mode [ 757.789635][T19372] bridge0: port 2(bridge_slave_1) entered blocking state [ 757.796797][T19372] bridge0: port 2(bridge_slave_1) entered disabled state [ 757.805137][T19372] device bridge_slave_1 entered promiscuous mode [ 757.822880][ T21] device bridge_slave_1 left promiscuous mode [ 757.829563][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 757.874676][ T21] device bridge_slave_0 left promiscuous mode [ 757.880896][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.854351][ T21] device hsr_slave_0 left promiscuous mode [ 759.893855][ T21] device hsr_slave_1 left promiscuous mode [ 759.963514][ T21] team0 (unregistering): Port device team_slave_1 removed [ 759.977394][ T21] team0 (unregistering): Port device team_slave_0 removed [ 759.988576][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 760.031848][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 760.122453][ T21] bond0 (unregistering): Released all slaves [ 760.219274][T19372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 760.230746][T19372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 760.252653][T19372] team0: Port device team_slave_0 added [ 760.270018][T19372] team0: Port device team_slave_1 added [ 760.347057][T19372] device hsr_slave_0 entered promiscuous mode [ 760.394151][T19372] device hsr_slave_1 entered promiscuous mode [ 760.433728][T19372] debugfs: Directory 'hsr0' with parent '/' already present! [ 760.573419][T19372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.598070][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 760.613350][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 760.624932][T19372] 8021q: adding VLAN 0 to HW filter on device team0 [ 760.637686][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 760.646907][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 760.655998][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 760.663138][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 760.685679][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 760.695439][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 760.704649][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 760.713101][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.720221][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 760.730783][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 760.740078][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 760.749649][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 760.772245][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 760.780880][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 760.789875][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 760.818530][T19372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 760.831734][T19372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 760.849157][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 760.882941][T19372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 761.181233][T19380] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 761.192157][T19380] CPU: 0 PID: 19380 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 761.201270][T19380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.211342][T19380] Call Trace: [ 761.214654][T19380] dump_stack+0x172/0x1f0 [ 761.218989][T19380] dump_header+0x177/0x1152 [ 761.223497][T19380] ? pagefault_out_of_memory+0x11c/0x11c [ 761.229131][T19380] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 761.235050][T19380] ? ___ratelimit+0x60/0x595 [ 761.239643][T19380] ? do_raw_spin_unlock+0x57/0x270 [ 761.244769][T19380] oom_kill_process.cold+0x10/0x15 [ 761.249889][T19380] out_of_memory+0x334/0x1340 [ 761.254568][T19380] ? __sched_text_start+0x8/0x8 [ 761.259417][T19380] ? oom_killer_disable+0x280/0x280 [ 761.264711][T19380] mem_cgroup_out_of_memory+0x1d8/0x240 [ 761.270263][T19380] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 761.275925][T19380] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 761.281728][T19380] ? cgroup_file_notify+0x140/0x1b0 [ 761.286936][T19380] memory_max_write+0x262/0x3a0 [ 761.291794][T19380] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 761.298564][T19380] ? lock_acquire+0x190/0x410 [ 761.303241][T19380] ? kernfs_fop_write+0x227/0x480 [ 761.308287][T19380] cgroup_file_write+0x241/0x790 [ 761.313231][T19380] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 761.319997][T19380] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 761.325641][T19380] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 761.331275][T19380] kernfs_fop_write+0x2b8/0x480 [ 761.336134][T19380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.342381][T19380] __vfs_write+0x8a/0x110 [ 761.346715][T19380] ? kernfs_fop_open+0xd80/0xd80 [ 761.351651][T19380] vfs_write+0x268/0x5d0 [ 761.355896][T19380] ksys_write+0x14f/0x290 [ 761.360228][T19380] ? __ia32_sys_read+0xb0/0xb0 [ 761.364994][T19380] ? do_syscall_64+0x26/0x760 [ 761.369671][T19380] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 761.375743][T19380] ? do_syscall_64+0x26/0x760 [ 761.380433][T19380] __x64_sys_write+0x73/0xb0 [ 761.385115][T19380] do_syscall_64+0xfa/0x760 [ 761.389631][T19380] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 761.395516][T19380] RIP: 0033:0x459879 [ 761.399403][T19380] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 761.418993][T19380] RSP: 002b:00007f6a2dbeac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 761.427391][T19380] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 761.435346][T19380] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 761.443296][T19380] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 761.451276][T19380] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a2dbeb6d4 [ 761.459401][T19380] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 761.478179][T19380] memory: usage 3136kB, limit 0kB, failcnt 206 [ 761.489145][T19380] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 761.499000][T19380] Memory cgroup stats for /syz2: [ 761.499838][T19380] anon 2154496 [ 761.499838][T19380] file 102400 [ 761.499838][T19380] kernel_stack 0 [ 761.499838][T19380] slab 720896 [ 761.499838][T19380] sock 0 [ 761.499838][T19380] shmem 45056 [ 761.499838][T19380] file_mapped 0 [ 761.499838][T19380] file_dirty 0 [ 761.499838][T19380] file_writeback 0 [ 761.499838][T19380] anon_thp 2097152 [ 761.499838][T19380] inactive_anon 131072 [ 761.499838][T19380] active_anon 2154496 [ 761.499838][T19380] inactive_file 0 [ 761.499838][T19380] active_file 0 [ 761.499838][T19380] unevictable 0 [ 761.499838][T19380] slab_reclaimable 270336 [ 761.499838][T19380] slab_unreclaimable 450560 [ 761.499838][T19380] pgfault 31647 [ 761.499838][T19380] pgmajfault 0 [ 761.499838][T19380] workingset_refault 0 [ 761.499838][T19380] workingset_activate 0 [ 761.499838][T19380] workingset_nodereclaim 0 [ 761.499838][T19380] pgrefill 33 [ 761.499838][T19380] pgscan 0 [ 761.499838][T19380] pgsteal 0 [ 761.499838][T19380] pgactivate 0 [ 761.595159][T19380] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19379,uid=0 [ 761.612193][T19380] Memory cgroup out of memory: Killed process 19379 (syz-executor.2) total-vm:72580kB, anon-rss:2180kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 761.635602][ T1065] oom_reaper: reaped process 19379 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:49:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:15 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x82600, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)) mincore(&(0x7f0000c65000/0x3000)=nil, 0x3000, 0x0) 01:49:15 executing program 0: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x0, 0x0) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000300)={0x4, @output={0x1000, 0x1, {0x8, 0x1}, 0x80, 0x9}}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x400, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x4) ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) setxattr(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="738476e5c6377a7973746506002f70726f632f73656c662f6e65742f59a124"], &(0x7f0000000280)='/proc/self/net/pfkey\x00', 0x15, 0x2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r1, 0x0, 0x15, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0}, 0x30) ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x6) ioctl$KVM_NMI(r1, 0xae9a) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f00000001c0)=0x1) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)=r2, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000)) 01:49:15 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x16040000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:15 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptp\x00', 0x0, 0x0) 01:49:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 761.719029][T19372] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 761.745626][T19384] bridge_slave_0: FDB only supports static addresses [ 761.749230][T19372] CPU: 1 PID: 19372 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 761.761626][T19372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.771787][T19372] Call Trace: [ 761.775096][T19372] dump_stack+0x172/0x1f0 [ 761.779440][T19372] dump_header+0x177/0x1152 [ 761.784998][T19372] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 761.790816][T19372] ? ___ratelimit+0x2c8/0x595 [ 761.795506][T19372] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 761.801318][T19372] ? lockdep_hardirqs_on+0x418/0x5d0 [ 761.806613][T19372] ? trace_hardirqs_on+0x67/0x240 [ 761.811655][T19372] ? pagefault_out_of_memory+0x11c/0x11c [ 761.817474][T19372] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 761.823289][T19372] ? ___ratelimit+0x60/0x595 [ 761.827883][T19372] ? do_raw_spin_unlock+0x57/0x270 [ 761.833009][T19372] oom_kill_process.cold+0x10/0x15 [ 761.838227][T19372] out_of_memory+0x334/0x1340 [ 761.842923][T19372] ? lock_downgrade+0x920/0x920 [ 761.848228][T19372] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 761.854045][T19372] ? oom_killer_disable+0x280/0x280 [ 761.859273][T19372] mem_cgroup_out_of_memory+0x1d8/0x240 [ 761.864842][T19372] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 761.870489][T19372] ? do_raw_spin_unlock+0x57/0x270 [ 761.875612][T19372] ? _raw_spin_unlock+0x2d/0x50 [ 761.880474][T19372] try_charge+0xf4b/0x1440 [ 761.884920][T19372] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 761.890474][T19372] ? percpu_ref_tryget_live+0x111/0x290 [ 761.896032][T19372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.902297][T19372] ? __kasan_check_read+0x11/0x20 [ 761.907338][T19372] ? get_mem_cgroup_from_mm+0x156/0x320 [ 761.912892][T19372] mem_cgroup_try_charge+0x136/0x590 [ 761.918190][T19372] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 761.924449][T19372] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 761.930093][T19372] wp_page_copy+0x41e/0x1600 [ 761.934692][T19372] ? find_held_lock+0x35/0x130 [ 761.939459][T19372] ? follow_pfn+0x2a0/0x2a0 [ 761.943966][T19372] ? lock_downgrade+0x920/0x920 [ 761.948826][T19372] ? swp_swapcount+0x540/0x540 [ 761.953601][T19372] ? __kasan_check_read+0x11/0x20 [ 761.958627][T19372] ? do_raw_spin_unlock+0x57/0x270 [ 761.963765][T19372] do_wp_page+0x499/0x14d0 [ 761.968191][T19372] ? finish_mkwrite_fault+0x570/0x570 [ 761.973581][T19372] __handle_mm_fault+0x22f1/0x3f20 [ 761.978704][T19372] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 761.984270][T19372] ? __kasan_check_read+0x11/0x20 [ 761.989308][T19372] handle_mm_fault+0x1b5/0x6c0 [ 761.994086][T19372] __do_page_fault+0x536/0xdd0 [ 761.998870][T19372] do_page_fault+0x38/0x590 [ 762.003384][T19372] page_fault+0x39/0x40 [ 762.007538][T19372] RIP: 0033:0x430956 [ 762.011430][T19372] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 762.031041][T19372] RSP: 002b:00007ffc51fcc450 EFLAGS: 00010206 [ 762.037138][T19372] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 762.045115][T19372] RDX: 000055555559c930 RSI: 00005555555a4970 RDI: 0000000000000003 [ 762.053091][T19372] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555559b940 [ 762.061078][T19372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 762.069064][T19372] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 762.085649][T19372] memory: usage 784kB, limit 0kB, failcnt 214 [ 762.092354][T19386] QAT: Invalid ioctl [ 762.103654][T19372] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 762.127567][T19372] Memory cgroup stats for /syz2: [ 762.127680][T19372] anon 53248 [ 762.127680][T19372] file 102400 [ 762.127680][T19372] kernel_stack 0 [ 762.127680][T19372] slab 720896 [ 762.127680][T19372] sock 0 [ 762.127680][T19372] shmem 45056 [ 762.127680][T19372] file_mapped 0 [ 762.127680][T19372] file_dirty 0 [ 762.127680][T19372] file_writeback 0 [ 762.127680][T19372] anon_thp 0 [ 762.127680][T19372] inactive_anon 131072 [ 762.127680][T19372] active_anon 53248 [ 762.127680][T19372] inactive_file 0 01:49:15 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x20000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:15 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptu\x00', 0x0, 0x0) [ 762.127680][T19372] active_file 0 [ 762.127680][T19372] unevictable 0 [ 762.127680][T19372] slab_reclaimable 270336 [ 762.127680][T19372] slab_unreclaimable 450560 [ 762.127680][T19372] pgfault 31647 [ 762.127680][T19372] pgmajfault 0 [ 762.127680][T19372] workingset_refault 0 [ 762.127680][T19372] workingset_activate 0 [ 762.127680][T19372] workingset_nodereclaim 0 [ 762.127680][T19372] pgrefill 33 [ 762.127680][T19372] pgscan 0 [ 762.127680][T19372] pgsteal 0 01:49:15 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) r1 = msgget(0x2, 0x128) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) r6 = getpgid(0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)=0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000000280)={{0x0, r2, r3, r4, r5, 0x30, 0x101}, 0x7fffffff, 0x0, 0x6, 0x6, 0x5, 0x4, r6, r7}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 762.127680][T19372] pgactivate 0 01:49:15 executing program 3: r0 = socket$inet(0x2, 0xa, 0x4) setsockopt$inet_int(r0, 0xffffffff00000000, 0xd1, &(0x7f0000000000), 0x4) [ 762.259008][T19396] bridge_slave_0: FDB only supports static addresses 01:49:15 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptx\x00', 0x0, 0x0) 01:49:15 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x3f000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 762.551188][T19417] bridge_slave_0: FDB only supports static addresses [ 762.819032][T19372] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19372,uid=0 [ 762.841749][T19372] Memory cgroup out of memory: Killed process 19372 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 762.867074][ T1065] oom_reaper: reaped process 19372 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 01:49:16 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r2, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:49:16 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f00000000c0)=[0x8]) 01:49:16 executing program 3: r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000b40)) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0xe, 0x4, 0x408, 0x0, 0x0, 0xc0, 0xc0, 0x218, 0x370, 0x370, 0x370, 0x370, 0x370, 0x4, &(0x7f00000002c0), {[{{@uncond, 0x0, 0x98, 0xc0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ip={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'dummy0\x00', 'team_slave_0\x00', {}, {0xff}, 0x0, 0x2}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x100000000, [0x7fff, 0xc1f5, 0x80, 0x0, 0x9, 0x80000000000], 0x3, 0x7ff}}}, @common=@socket0={0x20, 'socket\x00'}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x2, 0x2, [0x1f, 0x0, 0x28, 0x21, 0x1, 0xc, 0x30, 0x8, 0x3, 0x0, 0x2a, 0x15, 0x3d, 0x0, 0x13], 0x0, 0x4, 0x5}}}, {{@uncond, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0xfffffffffffffff7, 0x0, 0x1}}, @common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x0, 0x0, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x1, 0xc, [0x30, 0x2a, 0x0, 0x35, 0x16, 0x4, 0x0, 0x31, 0x38, 0x16, 0x4, 0x3b, 0x1c, 0x0, 0x3d], 0x22ffc8007cf18d02, 0x5}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x468) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getegid() getpeername$packet(r0, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000a40)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000a80)={@rand_addr="ad83bad3f8ac763a90cb271997494d31", r3}, 0x14) setgroups(0x1, &(0x7f0000000300)=[r2]) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000b80)=""/74) r4 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0xf, 0x400202) getsockopt(r4, 0x0, 0x400, &(0x7f0000000400)=""/204, &(0x7f0000000280)=0xcc) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000100)={0x0, 0x0, 0x20, 0x7, 0x4}, &(0x7f00000009c0)=0x18) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000a00)={r5, 0x2e, "44ca5e83a008dee97cb9552ca456915b58fe2e8553fc50d03a7ce1ba06867f3cf95da7c35458d2cbd18f1999b592"}, &(0x7f0000000ac0)=0x36) prctl$PR_SET_TSC(0x1a, 0x2) close(0xffffffffffffffff) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0xe80, 0xffffffffffffff31, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a4004000ffa377fbac141414e9", 0x0, 0x100}, 0x28) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x9, 0x0) 01:49:16 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x02', 0x0, 0x0) 01:49:16 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x40000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 763.498081][T19426] bridge_slave_0: FDB only supports static addresses [ 763.903281][T19440] IPVS: ftp: loaded support on port[0] = 21 [ 764.114807][T19440] chnl_net:caif_netlink_parms(): no params data found [ 764.217053][T19440] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.224466][T19440] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.232213][T19440] device bridge_slave_0 entered promiscuous mode [ 764.240653][T19440] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.248851][T19440] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.257987][T19440] device bridge_slave_1 entered promiscuous mode [ 764.341597][T19440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.354007][T19440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 764.373022][ T21] device bridge_slave_1 left promiscuous mode [ 764.379464][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.424473][ T21] device bridge_slave_0 left promiscuous mode [ 764.430660][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.384331][ T21] device hsr_slave_0 left promiscuous mode [ 766.424142][ T21] device hsr_slave_1 left promiscuous mode [ 766.471600][ T21] team0 (unregistering): Port device team_slave_1 removed [ 766.489442][ T21] team0 (unregistering): Port device team_slave_0 removed [ 766.502278][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 766.548167][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 766.642722][ T21] bond0 (unregistering): Released all slaves [ 766.768789][T19440] team0: Port device team_slave_0 added [ 766.778940][T19440] team0: Port device team_slave_1 added [ 766.816832][T19440] device hsr_slave_0 entered promiscuous mode [ 766.864202][T19440] device hsr_slave_1 entered promiscuous mode [ 766.913769][T19440] debugfs: Directory 'hsr0' with parent '/' already present! [ 766.967803][T19440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 766.982199][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 766.990627][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 767.036057][T19440] 8021q: adding VLAN 0 to HW filter on device team0 [ 767.046843][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 767.056165][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 767.064896][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.071947][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 767.088514][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 767.096782][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 767.106276][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 767.115822][T17538] bridge0: port 2(bridge_slave_1) entered blocking state [ 767.122880][T17538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 767.131773][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 767.152172][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 767.161089][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 767.170341][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 767.179654][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 767.188912][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 767.209567][T19440] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 767.220979][T19440] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 767.236257][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 767.245268][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 767.254294][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 767.274145][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 767.289015][T19440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 767.523216][T19448] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 767.534185][T19448] CPU: 1 PID: 19448 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 767.543393][T19448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.553449][T19448] Call Trace: [ 767.556780][T19448] dump_stack+0x172/0x1f0 [ 767.561114][T19448] dump_header+0x177/0x1152 [ 767.565667][T19448] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 767.571475][T19448] ? ___ratelimit+0x2c8/0x595 [ 767.576153][T19448] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 767.581958][T19448] ? lockdep_hardirqs_on+0x418/0x5d0 [ 767.587243][T19448] ? trace_hardirqs_on+0x67/0x240 [ 767.592268][T19448] ? pagefault_out_of_memory+0x11c/0x11c [ 767.597903][T19448] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 767.603705][T19448] ? ___ratelimit+0x60/0x595 [ 767.608288][T19448] ? do_raw_spin_unlock+0x57/0x270 [ 767.613403][T19448] oom_kill_process.cold+0x10/0x15 [ 767.618521][T19448] out_of_memory+0x334/0x1340 [ 767.623214][T19448] ? __sched_text_start+0x8/0x8 [ 767.628062][T19448] ? oom_killer_disable+0x280/0x280 [ 767.633265][T19448] mem_cgroup_out_of_memory+0x1d8/0x240 [ 767.638809][T19448] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 767.644447][T19448] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 767.650253][T19448] ? cgroup_file_notify+0x140/0x1b0 [ 767.655455][T19448] memory_max_write+0x262/0x3a0 [ 767.660418][T19448] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 767.667181][T19448] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 767.672644][T19448] cgroup_file_write+0x241/0x790 [ 767.677586][T19448] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 767.684348][T19448] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 767.689984][T19448] ? kernfs_ops+0x9f/0x120 [ 767.694404][T19448] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 767.700032][T19448] kernfs_fop_write+0x2b8/0x480 [ 767.704882][T19448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.711125][T19448] __vfs_write+0x8a/0x110 [ 767.715449][T19448] ? kernfs_fop_open+0xd80/0xd80 [ 767.720386][T19448] vfs_write+0x268/0x5d0 [ 767.725063][T19448] ksys_write+0x14f/0x290 [ 767.729391][T19448] ? __ia32_sys_read+0xb0/0xb0 [ 767.734156][T19448] ? do_syscall_64+0x26/0x760 [ 767.738832][T19448] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.744898][T19448] ? do_syscall_64+0x26/0x760 [ 767.749580][T19448] __x64_sys_write+0x73/0xb0 [ 767.754169][T19448] do_syscall_64+0xfa/0x760 [ 767.758673][T19448] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.764569][T19448] RIP: 0033:0x459879 [ 767.768555][T19448] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 767.788334][T19448] RSP: 002b:00007f273d1f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 767.797188][T19448] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 767.805167][T19448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 767.813136][T19448] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 767.821111][T19448] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f273d1fa6d4 [ 767.829080][T19448] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 767.857434][T19448] memory: usage 3332kB, limit 0kB, failcnt 210 [ 767.864502][T19448] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 767.871543][T19448] Memory cgroup stats for /syz5: [ 767.873061][T19448] anon 2174976 [ 767.873061][T19448] file 0 [ 767.873061][T19448] kernel_stack 0 [ 767.873061][T19448] slab 995328 [ 767.873061][T19448] sock 16384 [ 767.873061][T19448] shmem 28672 [ 767.873061][T19448] file_mapped 0 [ 767.873061][T19448] file_dirty 0 [ 767.873061][T19448] file_writeback 0 [ 767.873061][T19448] anon_thp 2097152 [ 767.873061][T19448] inactive_anon 0 [ 767.873061][T19448] active_anon 2174976 [ 767.873061][T19448] inactive_file 61440 [ 767.873061][T19448] active_file 0 [ 767.873061][T19448] unevictable 176128 [ 767.873061][T19448] slab_reclaimable 405504 [ 767.873061][T19448] slab_unreclaimable 589824 [ 767.873061][T19448] pgfault 25080 [ 767.873061][T19448] pgmajfault 0 [ 767.873061][T19448] workingset_refault 0 [ 767.873061][T19448] workingset_activate 0 [ 767.873061][T19448] workingset_nodereclaim 0 [ 767.873061][T19448] pgrefill 0 [ 767.873061][T19448] pgscan 0 [ 767.873061][T19448] pgsteal 0 [ 767.873061][T19448] pgactivate 0 [ 767.976418][T19448] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19447,uid=0 [ 767.993400][T19448] Memory cgroup out of memory: Killed process 19447 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 768.018318][ T1065] oom_reaper: reaped process 19447 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:49:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r6 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r6, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 01:49:21 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x03', 0x0, 0x0) 01:49:21 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x408000, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x1, 0x28001) splice(r0, &(0x7f00000000c0), r1, &(0x7f0000000180), 0x81, 0xa) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r0, 0xc010641d, &(0x7f00000002c0)={r2, &(0x7f0000000340)=""/247}) rt_sigprocmask(0x0, &(0x7f0000a9a000)={0xfffffffffffffffe}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000011000)) r3 = memfd_create(&(0x7f0000000300)='\'c{%*{,\x00', 0x1) ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000280)) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f00000001c0)={0x1, 0x0, 0x102, 0x1da60e021766c12d, {0xffffffff80000000, 0x8, 0xbed, 0xfff}}) ioctl$TCSETA(r3, 0x4030582a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x40000000000000d8}) syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00') openat$ion(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ion\x00', 0xc1bc47271b648627, 0x0) ioctl$RNDCLEARPOOL(r0, 0x5206, &(0x7f0000000200)=0xce) 01:49:21 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r2, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:49:21 executing program 0: socket$kcm(0xa, 0x2, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xfdd5, @mcast1}, 0x1c) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'L-', 0xfffffffffffffffa}, 0x28, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0xffffffffffffff36) syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x4, 0x2) 01:49:21 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x48000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 768.321658][T19453] bridge_slave_0: FDB only supports static addresses [ 768.322142][T19440] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 01:49:21 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) getsockopt(r0, 0xff, 0xffff, &(0x7f0000000080)=""/115, &(0x7f0000000100)=0x73) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 768.392557][T19440] CPU: 0 PID: 19440 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 768.401700][T19440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 768.411844][T19440] Call Trace: [ 768.415166][T19440] dump_stack+0x172/0x1f0 [ 768.419507][T19440] dump_header+0x177/0x1152 [ 768.424035][T19440] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 768.429842][T19440] ? ___ratelimit+0x2c8/0x595 [ 768.434526][T19440] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 768.440351][T19440] ? lockdep_hardirqs_on+0x418/0x5d0 [ 768.445646][T19440] ? trace_hardirqs_on+0x67/0x240 [ 768.450681][T19440] ? pagefault_out_of_memory+0x11c/0x11c [ 768.456334][T19440] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 768.462150][T19440] ? ___ratelimit+0x60/0x595 [ 768.466744][T19440] ? do_raw_spin_unlock+0x57/0x270 [ 768.471875][T19440] oom_kill_process.cold+0x10/0x15 [ 768.477001][T19440] out_of_memory+0x334/0x1340 [ 768.481674][T19440] ? lock_downgrade+0x920/0x920 [ 768.486520][T19440] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 768.486535][T19440] ? oom_killer_disable+0x280/0x280 [ 768.486556][T19440] mem_cgroup_out_of_memory+0x1d8/0x240 [ 768.486569][T19440] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 768.486586][T19440] ? do_raw_spin_unlock+0x57/0x270 [ 768.486603][T19440] ? _raw_spin_unlock+0x2d/0x50 [ 768.486618][T19440] try_charge+0xf4b/0x1440 [ 768.486639][T19440] ? __lock_acquire+0x880/0x4a00 [ 768.528493][T19440] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 768.534051][T19440] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 768.540041][T19440] ? cache_grow_begin+0x122/0xd20 [ 768.545073][T19440] ? find_held_lock+0x35/0x130 [ 768.549845][T19440] ? cache_grow_begin+0x122/0xd20 [ 768.554887][T19440] __memcg_kmem_charge_memcg+0x71/0xf0 [ 768.560365][T19440] ? memcg_kmem_put_cache+0x50/0x50 [ 768.565595][T19440] ? __kasan_check_read+0x11/0x20 [ 768.570630][T19440] cache_grow_begin+0x629/0xd20 [ 768.575501][T19440] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 768.581231][T19440] ? mempolicy_slab_node+0x139/0x390 [ 768.586519][T19440] fallback_alloc+0x1fd/0x2d0 01:49:22 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={r0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x80000, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x1, 0x1, [@dev={[], 0x29}]}) [ 768.591205][T19440] ____cache_alloc_node+0x1bc/0x1d0 [ 768.596507][T19440] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 768.602767][T19440] kmem_cache_alloc+0x1ef/0x710 [ 768.607635][T19440] ? stack_trace_save+0xac/0xe0 [ 768.612495][T19440] __alloc_file+0x27/0x340 [ 768.616924][T19440] alloc_empty_file+0x72/0x170 [ 768.621698][T19440] path_openat+0xef/0x46d0 [ 768.626105][T19440] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 768.626117][T19440] ? kasan_slab_alloc+0xf/0x20 [ 768.626127][T19440] ? kmem_cache_alloc+0x121/0x710 [ 768.626138][T19440] ? getname_flags+0xd6/0x5b0 [ 768.626149][T19440] ? getname+0x1a/0x20 [ 768.626163][T19440] ? do_sys_open+0x2c9/0x5d0 [ 768.626174][T19440] ? __x64_sys_open+0x7e/0xc0 [ 768.626187][T19440] ? __kasan_check_read+0x11/0x20 [ 768.626200][T19440] ? mark_lock+0xc2/0x1220 [ 768.626218][T19440] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 768.674764][T19440] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 768.680153][T19440] ? __alloc_fd+0x487/0x620 [ 768.684684][T19440] do_filp_open+0x1a1/0x280 [ 768.689210][T19440] ? may_open_dev+0x100/0x100 01:49:22 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x4c000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) [ 768.693900][T19440] ? lock_downgrade+0x920/0x920 [ 768.698765][T19440] ? rwlock_bug.part.0+0x90/0x90 [ 768.703800][T19440] ? __kasan_check_read+0x11/0x20 [ 768.708831][T19440] ? do_raw_spin_unlock+0x57/0x270 [ 768.713955][T19440] ? _raw_spin_unlock+0x2d/0x50 [ 768.718869][T19440] ? __alloc_fd+0x487/0x620 [ 768.723404][T19440] do_sys_open+0x3fe/0x5d0 [ 768.727826][T19440] ? filp_open+0x80/0x80 [ 768.732068][T19440] ? __detach_mounts+0x2a0/0x2a0 [ 768.737018][T19440] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 768.742480][T19440] ? do_syscall_64+0x26/0x760 [ 768.747165][T19440] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.753237][T19440] ? do_syscall_64+0x26/0x760 [ 768.759916][T19440] __x64_sys_open+0x7e/0xc0 [ 768.764425][T19440] do_syscall_64+0xfa/0x760 [ 768.768941][T19440] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.774840][T19440] RIP: 0033:0x4577f0 [ 768.778742][T19440] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 768.795419][T19472] bridge_slave_0: FDB only supports static addresses [ 768.798344][T19440] RSP: 002b:00007ffe51fc4740 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 768.798359][T19440] RAX: ffffffffffffffda RBX: 00000000000bb5f6 RCX: 00000000004577f0 [ 768.798368][T19440] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe51fc5920 [ 768.798377][T19440] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555560e0940 [ 768.798386][T19440] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe51fc5920 [ 768.798402][T19440] R13: 00007ffe51fc5910 R14: 0000000000000000 R15: 00007ffe51fc5920 [ 768.884116][T19440] memory: usage 996kB, limit 0kB, failcnt 222 01:49:22 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x1004, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000080)={0x2, 0x9, 0x1}) mount$overlay(0x400000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="2c6669c35530"]) sendmsg$can_raw(r0, &(0x7f0000000300)={&(0x7f00000000c0), 0x10, &(0x7f00000002c0)={&(0x7f0000000180)=@canfd={{0x0, 0x3, 0x752, 0x2}, 0x3c, 0x1, 0x0, 0x0, "fd0083c92da8ccea2507c84579f4c7ca4d2c1eaa9528df86ccd3048eee692baa5ec1701d39e50bd715880d3df23bcdd2094251dc1f891407875e026a42128d84"}, 0x48}, 0x1, 0x0, 0x0, 0x40001}, 0x10) r1 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x48, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x2, 0x0) 01:49:22 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x04', 0x0, 0x0) [ 768.890218][T19440] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 768.946668][T19440] Memory cgroup stats for /syz5: [ 768.946778][T19440] anon 0 [ 768.946778][T19440] file 0 [ 768.946778][T19440] kernel_stack 0 [ 768.946778][T19440] slab 995328 [ 768.946778][T19440] sock 16384 [ 768.946778][T19440] shmem 28672 [ 768.946778][T19440] file_mapped 0 [ 768.946778][T19440] file_dirty 0 [ 768.946778][T19440] file_writeback 0 [ 768.946778][T19440] anon_thp 0 [ 768.946778][T19440] inactive_anon 0 [ 768.946778][T19440] active_anon 0 [ 768.946778][T19440] inactive_file 61440 [ 768.946778][T19440] active_file 0 01:49:22 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f00000000c0)={0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}]}) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000000)={0x40008e, 0x1, 0x2, 0x6}, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1fd, 0x1, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000140)={r0}) [ 768.946778][T19440] unevictable 176128 [ 768.946778][T19440] slab_reclaimable 405504 [ 768.946778][T19440] slab_unreclaimable 589824 [ 768.946778][T19440] pgfault 25080 [ 768.946778][T19440] pgmajfault 0 [ 768.946778][T19440] workingset_refault 0 [ 768.946778][T19440] workingset_activate 0 [ 768.946778][T19440] workingset_nodereclaim 0 [ 768.946778][T19440] pgrefill 0 [ 768.946778][T19440] pgscan 0 [ 768.946778][T19440] pgsteal 0 [ 768.946778][T19440] pgactivate 0 [ 769.095614][T19476] overlayfs: unrecognized mount option "fiÃU0" or missing value [ 769.194563][T19481] overlayfs: unrecognized mount option "fiÃU0" or missing value [ 769.343641][T19440] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19440,uid=0 [ 769.410236][T19440] Memory cgroup out of memory: Killed process 19440 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 769.435033][ T1065] oom_reaper: reaped process 19440 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:49:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:23 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x60000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:23 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x05', 0x0, 0x0) [ 769.755611][T19494] bridge_slave_0: FDB only supports static addresses [ 770.698674][T19501] IPVS: ftp: loaded support on port[0] = 21 [ 771.059031][T19501] chnl_net:caif_netlink_parms(): no params data found [ 771.090895][T19501] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.098236][T19501] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.106633][T19501] device bridge_slave_0 entered promiscuous mode [ 771.114978][T19501] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.122096][T19501] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.130106][T19501] device bridge_slave_1 entered promiscuous mode [ 771.283032][T19501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.296021][T19501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.456714][T19501] team0: Port device team_slave_0 added [ 771.464234][T19501] team0: Port device team_slave_1 added [ 771.515699][T19501] device hsr_slave_0 entered promiscuous mode [ 771.554229][T19501] device hsr_slave_1 entered promiscuous mode [ 771.623707][T19501] debugfs: Directory 'hsr0' with parent '/' already present! [ 771.781210][T19501] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.788320][T19501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 771.795698][T19501] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.802865][T19501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 771.964964][T17987] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.972781][T17987] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.142611][T19501] 8021q: adding VLAN 0 to HW filter on device bond0 [ 772.155883][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 772.164685][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 772.175558][T19501] 8021q: adding VLAN 0 to HW filter on device team0 [ 772.184338][ T21] device bridge_slave_1 left promiscuous mode [ 772.190525][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.244875][ T21] device bridge_slave_0 left promiscuous mode [ 772.251076][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.315067][ T21] device bridge_slave_1 left promiscuous mode [ 772.321233][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.384729][ T21] device bridge_slave_0 left promiscuous mode [ 772.390970][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.214325][ T21] device hsr_slave_0 left promiscuous mode [ 776.253985][ T21] device hsr_slave_1 left promiscuous mode [ 776.311746][ T21] team0 (unregistering): Port device team_slave_1 removed [ 776.325978][ T21] team0 (unregistering): Port device team_slave_0 removed [ 776.339400][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 776.368324][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 776.461922][ T21] bond0 (unregistering): Released all slaves [ 776.604675][ T21] device hsr_slave_0 left promiscuous mode [ 776.673837][ T21] device hsr_slave_1 left promiscuous mode [ 776.737947][ T21] team0 (unregistering): Port device team_slave_1 removed [ 776.752860][ T21] team0 (unregistering): Port device team_slave_0 removed [ 776.765385][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 776.830666][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 776.922697][ T21] bond0 (unregistering): Released all slaves [ 777.005805][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 777.014891][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 777.023192][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.030468][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 777.038833][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 777.048200][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 777.056865][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.063963][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.071495][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 777.083815][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 777.095192][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 777.105627][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 777.116942][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 777.125009][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 777.133521][T17987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 777.155142][T19501] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 777.165957][T19501] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 777.177820][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 777.187052][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 777.195927][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 777.204573][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 777.222484][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 777.241153][T19501] 8021q: adding VLAN 0 to HW filter on device batadv0 01:49:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r2, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 01:49:31 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={r0}) 01:49:31 executing program 3: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) fcntl$setflags(r0, 0x2, 0x1) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x30}, 0xc) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x2}, 0x8) write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYRES32], 0x1037b) write$binfmt_script(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="a5fd8958c21392cfb6771b8fdea0ac3f8d155f"], 0x1a000) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0321382e0a91180900000a7bd867363dfcda44bc6e0669a9e2c79448edc2cd4d61bbfc77a1b77e4febb8b84a30d16c38d5884583f500fee63071039458b6273e2ea089316f04904f77d1483c81cefe45f42244b6d2761a2fdb042567e3f297"], 0xb) 01:49:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x68000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:31 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:31 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x06', 0x0, 0x0) [ 777.661081][T19514] bridge_slave_0: FDB only supports static addresses 01:49:31 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = gettid() r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x100, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x8, 0x8, 0xabc, 0x3, 0x0, 0xffff, 0x2, 0x8, 0x6, 0xa488, 0x1, 0x81, 0x400, 0x4, 0x1f, 0x8000, 0xe330, 0xfffffffffffffff9, 0x6, 0x5, 0x4, 0x4, 0x7fffffff, 0x6, 0x2, 0x41c35ea2, 0x4, 0x0, 0x3cb8, 0x4, 0x6, 0x8, 0x1, 0x401, 0x8, 0x9e1c, 0x0, 0x4337a277, 0x3, @perf_config_ext={0x2, 0xff}, 0x400, 0x9, 0x8, 0x7, 0x1ff, 0x6, 0x8000}, r1, 0x2, r2, 0x507c8866ca66d0f6) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 01:49:31 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\a', 0x0, 0x0) 01:49:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x6c000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 777.959382][T19532] bridge_slave_0: FDB only supports static addresses 01:49:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x74000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:31 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\b', 0x0, 0x0) 01:49:31 executing program 3: r0 = socket(0x10, 0x2, 0x4) r1 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) 01:49:31 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, r1, 0xd, 0x7}, 0x14) r2 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) ioctl$SIOCRSACCEPT(r2, 0x89e3) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f00000000c0)=ANY=[@ANYBLOB="5b000000ad012ac6aecd00aa7457c3b22fc2bc8d046e0c8800355585540444ebbf0af3a7e7b72a3d86af63f92b7bff001f570b435cec3377eb090055a6a48790f302b67afc0ce6da0f64eb767f46a9a6f4bea9926a3d3d0000000000000000"]) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) [ 778.206220][T19542] bridge_slave_0: FDB only supports static addresses 01:49:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:31 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffff}, [@map={0x18, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @ldst={0x2, 0x2, 0x0, 0x4, 0x7, 0x1c, 0x10}, @alu={0x7, 0x8, 0x0, 0x9, 0x7, 0xc, 0x4}]}, &(0x7f0000000100)='GPL\x00', 0x100000001, 0x4f, &(0x7f0000000140)=""/79, 0x40f00, 0x4, [], 0x0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0x7, 0x6, 0xffffffff80000000}, 0x10}, 0x70) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, r1, 0x3, 0x2}, 0xd) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={r0}) [ 778.420476][T19557] block nbd3: Device being setup by another task [ 778.701736][T19563] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 778.732848][T19563] CPU: 0 PID: 19563 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 778.742121][T19563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.752195][T19563] Call Trace: [ 778.757893][T19563] dump_stack+0x172/0x1f0 [ 778.762235][T19563] dump_header+0x177/0x1152 [ 778.766771][T19563] ? pagefault_out_of_memory+0x11c/0x11c [ 778.772424][T19563] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 778.778240][T19563] ? ___ratelimit+0x60/0x595 [ 778.782837][T19563] ? do_raw_spin_unlock+0x57/0x270 [ 778.787988][T19563] oom_kill_process.cold+0x10/0x15 [ 778.793295][T19563] out_of_memory+0x334/0x1340 [ 778.797981][T19563] ? retint_kernel+0x2b/0x2b [ 778.802590][T19563] ? oom_killer_disable+0x280/0x280 [ 778.807806][T19563] ? out_of_memory+0x25/0x1340 [ 778.812595][T19563] mem_cgroup_out_of_memory+0x1d8/0x240 [ 778.818154][T19563] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 778.823802][T19563] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 778.829623][T19563] ? cgroup_file_notify+0x140/0x1b0 [ 778.834852][T19563] memory_max_write+0x262/0x3a0 [ 778.839751][T19563] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 778.846518][T19563] ? lock_acquire+0x190/0x410 [ 778.851266][T19563] ? kernfs_fop_write+0x227/0x480 [ 778.856303][T19563] cgroup_file_write+0x241/0x790 [ 778.861272][T19563] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 778.868037][T19563] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 778.873691][T19563] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 778.879339][T19563] kernfs_fop_write+0x2b8/0x480 [ 778.884230][T19563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.890484][T19563] __vfs_write+0x8a/0x110 [ 778.894819][T19563] ? kernfs_fop_open+0xd80/0xd80 [ 778.899762][T19563] vfs_write+0x268/0x5d0 [ 778.904017][T19563] ksys_write+0x14f/0x290 [ 778.908361][T19563] ? __ia32_sys_read+0xb0/0xb0 [ 778.913151][T19563] ? do_syscall_64+0x26/0x760 [ 778.917834][T19563] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.925836][T19563] ? do_syscall_64+0x26/0x760 [ 778.930542][T19563] __x64_sys_write+0x73/0xb0 [ 778.935161][T19563] do_syscall_64+0xfa/0x760 [ 778.939684][T19563] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.945575][T19563] RIP: 0033:0x459879 [ 778.952201][T19563] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 778.975457][T19563] RSP: 002b:00007fb302e55c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 778.984353][T19563] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 778.992339][T19563] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 779.000321][T19563] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 779.008310][T19563] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb302e566d4 [ 779.016290][T19563] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 779.033243][T19563] memory: usage 3320kB, limit 0kB, failcnt 215 [ 779.040977][T19563] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 779.048554][T19563] Memory cgroup stats for /syz2: [ 779.050238][T19563] anon 2256896 [ 779.050238][T19563] file 102400 [ 779.050238][T19563] kernel_stack 65536 [ 779.050238][T19563] slab 720896 [ 779.050238][T19563] sock 0 [ 779.050238][T19563] shmem 45056 [ 779.050238][T19563] file_mapped 0 [ 779.050238][T19563] file_dirty 0 [ 779.050238][T19563] file_writeback 0 [ 779.050238][T19563] anon_thp 2097152 [ 779.050238][T19563] inactive_anon 131072 [ 779.050238][T19563] active_anon 2183168 [ 779.050238][T19563] inactive_file 0 [ 779.050238][T19563] active_file 0 [ 779.050238][T19563] unevictable 0 [ 779.050238][T19563] slab_reclaimable 270336 [ 779.050238][T19563] slab_unreclaimable 450560 [ 779.050238][T19563] pgfault 31911 [ 779.050238][T19563] pgmajfault 0 [ 779.050238][T19563] workingset_refault 0 [ 779.050238][T19563] workingset_activate 0 [ 779.050238][T19563] workingset_nodereclaim 0 [ 779.050238][T19563] pgrefill 33 [ 779.050238][T19563] pgscan 0 [ 779.050238][T19563] pgsteal 0 [ 779.050238][T19563] pgactivate 0 [ 779.153925][T19554] block nbd3: shutting down sockets [ 779.185851][T19563] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19559,uid=0 [ 779.208737][T19563] Memory cgroup out of memory: Killed process 19559 (syz-executor.2) total-vm:72576kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 779.252950][ T1065] oom_reaper: reaped process 19559 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 779.580452][T19501] syz-executor.2 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 779.594945][T19501] CPU: 0 PID: 19501 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 779.604071][T19501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.614116][T19501] Call Trace: [ 779.617429][T19501] dump_stack+0x172/0x1f0 [ 779.621760][T19501] dump_header+0x177/0x1152 [ 779.626256][T19501] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 779.632043][T19501] ? ___ratelimit+0x2c8/0x595 [ 779.636715][T19501] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 779.642519][T19501] ? lockdep_hardirqs_on+0x418/0x5d0 [ 779.647788][T19501] ? trace_hardirqs_on+0x67/0x240 [ 779.653856][T19501] ? pagefault_out_of_memory+0x11c/0x11c [ 779.659494][T19501] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 779.665282][T19501] ? ___ratelimit+0x60/0x595 [ 779.669852][T19501] ? do_raw_spin_unlock+0x57/0x270 [ 779.674958][T19501] oom_kill_process.cold+0x10/0x15 [ 779.680071][T19501] out_of_memory+0x334/0x1340 [ 779.684740][T19501] ? lock_downgrade+0x920/0x920 [ 779.689578][T19501] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 779.695383][T19501] ? oom_killer_disable+0x280/0x280 [ 779.700587][T19501] mem_cgroup_out_of_memory+0x1d8/0x240 [ 779.706144][T19501] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 779.711765][T19501] ? do_raw_spin_unlock+0x57/0x270 [ 779.716866][T19501] ? _raw_spin_unlock+0x2d/0x50 [ 779.721718][T19501] try_charge+0xf4b/0x1440 [ 779.726119][T19501] ? __lock_acquire+0x880/0x4a00 [ 779.731039][T19501] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 779.736573][T19501] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 779.742570][T19501] ? cache_grow_begin+0x122/0xd20 [ 779.747581][T19501] ? find_held_lock+0x35/0x130 [ 779.752335][T19501] ? cache_grow_begin+0x122/0xd20 [ 779.757719][T19501] __memcg_kmem_charge_memcg+0x71/0xf0 [ 779.763179][T19501] ? memcg_kmem_put_cache+0x50/0x50 [ 779.768373][T19501] ? __kasan_check_read+0x11/0x20 [ 779.773386][T19501] cache_grow_begin+0x629/0xd20 [ 779.778235][T19501] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 779.783966][T19501] ? mempolicy_slab_node+0x139/0x390 [ 779.789263][T19501] fallback_alloc+0x1fd/0x2d0 [ 779.795172][T19501] ____cache_alloc_node+0x1bc/0x1d0 [ 779.800367][T19501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 779.806593][T19501] kmem_cache_alloc+0x1ef/0x710 [ 779.811439][T19501] ? lock_downgrade+0x920/0x920 [ 779.816303][T19501] ? rwlock_bug.part.0+0x90/0x90 [ 779.821236][T19501] ? ratelimit_state_init+0xb0/0xb0 [ 779.826418][T19501] ext4_alloc_inode+0x1f/0x640 [ 779.831249][T19501] ? ratelimit_state_init+0xb0/0xb0 [ 779.836457][T19501] alloc_inode+0x68/0x1e0 [ 779.840864][T19501] iget_locked+0x1a6/0x4b0 [ 779.845275][T19501] __ext4_iget+0x265/0x3bb0 [ 779.849766][T19501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.856011][T19501] ? ext4_get_projid+0x190/0x190 [ 779.860939][T19501] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 779.866475][T19501] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 779.872580][T19501] ? d_alloc_parallel+0xa78/0x1c30 [ 779.877692][T19501] ext4_lookup+0x3b1/0x7a0 [ 779.882176][T19501] ? ext4_cross_rename+0x1430/0x1430 [ 779.887448][T19501] ? __lock_acquire+0x16f2/0x4a00 [ 779.892544][T19501] ? __kasan_check_read+0x11/0x20 [ 779.897573][T19501] ? lockdep_init_map+0x1be/0x6d0 [ 779.902602][T19501] __lookup_slow+0x279/0x500 [ 779.907204][T19501] ? vfs_unlink+0x620/0x620 [ 779.911717][T19501] lookup_slow+0x58/0x80 [ 779.915969][T19501] path_mountpoint+0x5d2/0x1e60 [ 779.920920][T19501] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 779.926468][T19501] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 779.932450][T19501] ? path_openat+0x46d0/0x46d0 [ 779.937229][T19501] filename_mountpoint+0x190/0x3c0 [ 779.942338][T19501] ? filename_parentat.isra.0+0x410/0x410 [ 779.948061][T19501] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 779.954226][T19501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 779.960461][T19501] ? __phys_addr_symbol+0x30/0x70 [ 779.965474][T19501] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 779.971190][T19501] ? __check_object_size+0x3d/0x437 [ 779.976388][T19501] ? strncpy_from_user+0x2b4/0x400 [ 779.981517][T19501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.987747][T19501] ? getname_flags+0x277/0x5b0 [ 779.992505][T19501] user_path_mountpoint_at+0x3a/0x50 [ 779.997788][T19501] ksys_umount+0x167/0xf00 [ 780.002200][T19501] ? down_read_non_owner+0x490/0x490 [ 780.007471][T19501] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 780.013715][T19501] ? __detach_mounts+0x2a0/0x2a0 [ 780.018661][T19501] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 780.024115][T19501] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 780.029552][T19501] ? do_syscall_64+0x26/0x760 [ 780.034239][T19501] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.040386][T19501] ? do_syscall_64+0x26/0x760 [ 780.045138][T19501] ? lockdep_hardirqs_on+0x418/0x5d0 [ 780.050410][T19501] __x64_sys_umount+0x54/0x80 [ 780.055091][T19501] do_syscall_64+0xfa/0x760 [ 780.059600][T19501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.065498][T19501] RIP: 0033:0x45c2a7 [ 780.069390][T19501] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 780.088982][T19501] RSP: 002b:00007fff63d81328 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 780.097390][T19501] RAX: ffffffffffffffda RBX: 00000000000be184 RCX: 000000000045c2a7 [ 780.105356][T19501] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007fff63d813d0 [ 780.113309][T19501] RBP: 0000000000000009 R08: 0000000000000000 R09: 000000000000000e [ 780.121287][T19501] R10: 000000000000000a R11: 0000000000000206 R12: 00007fff63d82460 [ 780.129261][T19501] R13: 0000555556229940 R14: 0000000000000000 R15: 00007fff63d82460 [ 780.139262][T19501] memory: usage 976kB, limit 0kB, failcnt 227 [ 780.145407][T19501] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 780.152354][T19501] Memory cgroup stats for /syz2: [ 780.152447][T19501] anon 16384 [ 780.152447][T19501] file 102400 [ 780.152447][T19501] kernel_stack 0 [ 780.152447][T19501] slab 720896 [ 780.152447][T19501] sock 0 [ 780.152447][T19501] shmem 45056 [ 780.152447][T19501] file_mapped 0 [ 780.152447][T19501] file_dirty 0 [ 780.152447][T19501] file_writeback 0 [ 780.152447][T19501] anon_thp 0 [ 780.152447][T19501] inactive_anon 131072 [ 780.152447][T19501] active_anon 16384 [ 780.152447][T19501] inactive_file 0 [ 780.152447][T19501] active_file 0 [ 780.152447][T19501] unevictable 0 [ 780.152447][T19501] slab_reclaimable 270336 [ 780.152447][T19501] slab_unreclaimable 450560 [ 780.152447][T19501] pgfault 31911 [ 780.152447][T19501] pgmajfault 0 [ 780.152447][T19501] workingset_refault 0 [ 780.152447][T19501] workingset_activate 0 [ 780.152447][T19501] workingset_nodereclaim 0 [ 780.152447][T19501] pgrefill 33 [ 780.152447][T19501] pgscan 0 [ 780.152447][T19501] pgsteal 0 [ 780.152447][T19501] pgactivate 0 [ 780.246546][T19501] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19501,uid=0 [ 780.266315][T19501] Memory cgroup out of memory: Killed process 19501 (syz-executor.2) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 780.294466][ T1065] oom_reaper: reaped process 19501 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 780.621159][T19570] IPVS: ftp: loaded support on port[0] = 21 [ 780.758653][T19570] chnl_net:caif_netlink_parms(): no params data found [ 780.796738][T19570] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.803950][T19570] bridge0: port 1(bridge_slave_0) entered disabled state [ 780.812015][T19570] device bridge_slave_0 entered promiscuous mode [ 780.820560][T19570] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.827736][T19570] bridge0: port 2(bridge_slave_1) entered disabled state [ 780.835958][T19570] device bridge_slave_1 entered promiscuous mode [ 780.859100][T19570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 780.871562][T19570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 780.902486][T19570] team0: Port device team_slave_0 added [ 780.910447][T19570] team0: Port device team_slave_1 added [ 780.967248][T19570] device hsr_slave_0 entered promiscuous mode [ 781.004121][T19570] device hsr_slave_1 entered promiscuous mode [ 781.043798][T19570] debugfs: Directory 'hsr0' with parent '/' already present! [ 781.061461][T19570] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.068672][T19570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.076085][T19570] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.083141][T19570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.122970][T19570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 781.137170][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 781.146819][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.155309][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.172101][T19570] 8021q: adding VLAN 0 to HW filter on device team0 [ 781.209836][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 781.218404][T17538] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.225528][T17538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.233756][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 781.242234][T17538] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.249420][T17538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.258394][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 781.274258][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 781.282188][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 781.290681][T17538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 781.303946][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 781.315621][T19570] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 781.339952][T19570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 781.505025][T19578] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 781.518384][T19578] CPU: 0 PID: 19578 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 781.527591][T19578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.537645][T19578] Call Trace: [ 781.540946][T19578] dump_stack+0x172/0x1f0 [ 781.545299][T19578] dump_header+0x177/0x1152 [ 781.549832][T19578] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 781.555651][T19578] ? ___ratelimit+0x2c8/0x595 [ 781.560459][T19578] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 781.566266][T19578] ? lockdep_hardirqs_on+0x418/0x5d0 [ 781.571553][T19578] ? trace_hardirqs_on+0x67/0x240 [ 781.576576][T19578] ? pagefault_out_of_memory+0x11c/0x11c [ 781.582216][T19578] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 781.588011][T19578] ? ___ratelimit+0x60/0x595 [ 781.592585][T19578] oom_kill_process.cold+0x10/0x15 [ 781.597690][T19578] out_of_memory+0x334/0x1340 [ 781.602362][T19578] ? __sched_text_start+0x8/0x8 [ 781.607219][T19578] ? oom_killer_disable+0x280/0x280 [ 781.612420][T19578] mem_cgroup_out_of_memory+0x1d8/0x240 [ 781.617990][T19578] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 781.623634][T19578] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 781.629434][T19578] ? cgroup_file_notify+0x140/0x1b0 [ 781.634630][T19578] memory_max_write+0x262/0x3a0 [ 781.639509][T19578] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 781.646414][T19578] ? lock_acquire+0x190/0x410 [ 781.651083][T19578] ? kernfs_fop_write+0x227/0x480 [ 781.656195][T19578] cgroup_file_write+0x241/0x790 [ 781.661231][T19578] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 781.667988][T19578] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 781.673621][T19578] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 781.679268][T19578] kernfs_fop_write+0x2b8/0x480 [ 781.684124][T19578] __vfs_write+0x8a/0x110 [ 781.688443][T19578] ? kernfs_fop_open+0xd80/0xd80 [ 781.693363][T19578] vfs_write+0x268/0x5d0 [ 781.697615][T19578] ksys_write+0x14f/0x290 [ 781.701966][T19578] ? __ia32_sys_read+0xb0/0xb0 [ 781.706719][T19578] ? do_syscall_64+0x26/0x760 [ 781.711380][T19578] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.717702][T19578] ? do_syscall_64+0x26/0x760 [ 781.722374][T19578] __x64_sys_write+0x73/0xb0 [ 781.726963][T19578] do_syscall_64+0xfa/0x760 [ 781.731473][T19578] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.737359][T19578] RIP: 0033:0x459879 [ 781.741247][T19578] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 781.761026][T19578] RSP: 002b:00007fefc3accc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 781.769427][T19578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 781.777394][T19578] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 781.785375][T19578] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 781.793338][T19578] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefc3acd6d4 [ 781.801294][T19578] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 781.819894][T19578] memory: usage 3304kB, limit 0kB, failcnt 223 [ 781.827005][T19578] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 781.834435][T19578] Memory cgroup stats for /syz5: [ 781.835524][T19578] anon 2174976 [ 781.835524][T19578] file 0 [ 781.835524][T19578] kernel_stack 65536 [ 781.835524][T19578] slab 995328 [ 781.835524][T19578] sock 16384 [ 781.835524][T19578] shmem 28672 [ 781.835524][T19578] file_mapped 0 [ 781.835524][T19578] file_dirty 0 [ 781.835524][T19578] file_writeback 0 [ 781.835524][T19578] anon_thp 2097152 [ 781.835524][T19578] inactive_anon 0 [ 781.835524][T19578] active_anon 2174976 [ 781.835524][T19578] inactive_file 61440 [ 781.835524][T19578] active_file 0 [ 781.835524][T19578] unevictable 176128 [ 781.835524][T19578] slab_reclaimable 405504 [ 781.835524][T19578] slab_unreclaimable 589824 [ 781.835524][T19578] pgfault 25146 [ 781.835524][T19578] pgmajfault 0 [ 781.835524][T19578] workingset_refault 0 [ 781.835524][T19578] workingset_activate 0 [ 781.835524][T19578] workingset_nodereclaim 0 [ 781.835524][T19578] pgrefill 0 [ 781.835524][T19578] pgscan 0 [ 781.835524][T19578] pgsteal 0 [ 781.835524][T19578] pgactivate 0 [ 781.938283][T19578] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19576,uid=0 [ 781.956647][T19578] Memory cgroup out of memory: Killed process 19576 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 781.978693][ T1065] oom_reaper: reaped process 19576 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 01:49:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r3, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000600)='io.weight\x00', 0x2, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 01:49:35 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\n', 0x0, 0x0) 01:49:35 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf002, 0x6c00000000000000, 0x7a000000}, 0x334, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000729d50000000000000007000000", @ANYRES32=r3, @ANYBLOB="700b7e000a000200aaaaaaaaaa0c000001000000"], 0x42e}}, 0x0) 01:49:35 executing program 0: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x1, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000400)={0x10001, 0x3ba, &(0x7f0000000300)="252a29d62609f22be84248366e2b859132cbaec3ddde53baf4b0d740d9ab14a814ebc9d072c4c3a758f1be6eadcadaa6efc1220ab953df08", &(0x7f0000000340)="e30864c8ad88ba55fa367f30d2c2be593a377e47974e26bb0c8c5d7339bb62b79e6f60fe3c1203f962980e5b0a3d99f25bc4b1df3f5f5f2e988bcbd650eda6371e992189f767d7fa597d3ea775cd177018317cdad0464b9e55a2ef2f95932ed93601beac1df2ca3978e1df4dd954ead44c42d239b6b7ad35f052829e7d8d01091ef7fd97a7eecc41b92881d7", 0x38, 0x8c}) ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000000440)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr', 0x0}, 0xd6, 'syz0\x00', @default, 0x3, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x6, 0x4}, 0x0, 0x0, &(0x7f0000000140)={0x2, 0xa, 0x1ff, 0x2}, &(0x7f0000000180)=0x8001, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0xd3a4}}, 0x10) r1 = socket$kcm(0xa, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)={r1}) 01:49:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) gettid() ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="d04a1664489d8499c9c3f94ad13f3769ded1fa1033b1d241735ea0ae949085258150a38925a383af522f4c00338d5e031e20936e0d2df0bbbb76df27374674ea1ddc368b9d6114a7e4a3b9608f72c4b7581fe844fea4a04ff31ab46b08a99fade56e61fe9ffe8777cf9d0beb8d03f56ddcf733ea563535715a559d49e11d43598af3b0"], 0x0, 0x83}, 0x20) sendmsg(r3, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b800081002545", 0x10}], 0x1}, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) gettid() prctl$PR_SET_FPEXC(0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r2, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuacct.usage_sys\x00', 0x0, 0x0) r5 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r5, 0x0, 0xfc00) openat$cgroup_ro(r0, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 782.076340][T19570] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 782.098878][T19570] CPU: 0 PID: 19570 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190827 #74 [ 782.108020][T19570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.118084][T19570] Call Trace: [ 782.121399][T19570] dump_stack+0x172/0x1f0 [ 782.125771][T19570] dump_header+0x177/0x1152 [ 782.130281][T19570] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 782.136180][T19570] ? ___ratelimit+0x2c8/0x595 [ 782.140860][T19570] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 782.146675][T19570] ? lockdep_hardirqs_on+0x418/0x5d0 [ 782.151969][T19570] ? trace_hardirqs_on+0x67/0x240 [ 782.157014][T19570] ? pagefault_out_of_memory+0x11c/0x11c [ 782.162655][T19570] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 782.168470][T19570] ? ___ratelimit+0x60/0x595 01:49:35 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x10', 0x0, 0x0) [ 782.173061][T19570] ? do_raw_spin_unlock+0x57/0x270 [ 782.178217][T19570] oom_kill_process.cold+0x10/0x15 [ 782.183360][T19570] out_of_memory+0x334/0x1340 [ 782.188050][T19570] ? lock_downgrade+0x920/0x920 [ 782.192920][T19570] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 782.198739][T19570] ? oom_killer_disable+0x280/0x280 [ 782.203972][T19570] mem_cgroup_out_of_memory+0x1d8/0x240 [ 782.209532][T19570] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 782.215185][T19570] ? do_raw_spin_unlock+0x57/0x270 [ 782.220304][T19570] ? _raw_spin_unlock+0x2d/0x50 [ 782.225166][T19570] try_charge+0xf4b/0x1440 [ 782.229624][T19570] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 782.235179][T19570] ? percpu_ref_tryget_live+0x111/0x290 [ 782.235198][T19570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.235214][T19570] ? __kasan_check_read+0x11/0x20 [ 782.235232][T19570] ? get_mem_cgroup_from_mm+0x156/0x320 [ 782.235252][T19570] mem_cgroup_try_charge+0x136/0x590 [ 782.262879][T19570] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 782.262902][T19570] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 782.262921][T19570] wp_page_copy+0x41e/0x1600 [ 782.279355][T19570] ? find_held_lock+0x35/0x130 [ 782.284134][T19570] ? follow_pfn+0x2a0/0x2a0 [ 782.288650][T19570] ? lock_downgrade+0x920/0x920 [ 782.293507][T19570] ? swp_swapcount+0x540/0x540 [ 782.298275][T19570] ? __kasan_check_read+0x11/0x20 [ 782.303303][T19570] ? do_raw_spin_unlock+0x57/0x270 [ 782.308440][T19570] do_wp_page+0x499/0x14d0 [ 782.312882][T19570] ? finish_mkwrite_fault+0x570/0x570 [ 782.318273][T19570] __handle_mm_fault+0x22f1/0x3f20 [ 782.323405][T19570] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 782.328974][T19570] ? __kasan_check_read+0x11/0x20 [ 782.334016][T19570] handle_mm_fault+0x1b5/0x6c0 [ 782.338816][T19570] __do_page_fault+0x536/0xdd0 [ 782.343597][T19570] do_page_fault+0x38/0x590 [ 782.348106][T19570] page_fault+0x39/0x40 [ 782.352260][T19570] RIP: 0033:0x430956 [ 782.356157][T19570] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 [ 782.375784][T19570] RSP: 002b:00007fffe4b52440 EFLAGS: 00010206 [ 782.381863][T19570] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 782.389848][T19570] RDX: 0000555556680930 RSI: 0000555556688970 RDI: 0000000000000003 [ 782.397853][T19570] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555667f940 [ 782.400346][T19589] bridge_slave_0: FDB only supports static addresses [ 782.405827][T19570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 782.405836][T19570] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 782.426757][T19570] memory: usage 972kB, limit 0kB, failcnt 235 [ 782.439848][T19570] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 782.447462][T19570] Memory cgroup stats for /syz5: [ 782.447635][T19570] anon 73728 [ 782.447635][T19570] file 0 [ 782.447635][T19570] kernel_stack 0 [ 782.447635][T19570] slab 995328 [ 782.447635][T19570] sock 16384 [ 782.447635][T19570] shmem 28672 [ 782.447635][T19570] file_mapped 0 [ 782.447635][T19570] file_dirty 0 01:49:36 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devpts\x11', 0x0, 0x0) [ 782.447635][T19570] file_writeback 0 [ 782.447635][T19570] anon_thp 0 [ 782.447635][T19570] inactive_anon 0 [ 782.447635][T19570] active_anon 73728 [ 782.447635][T19570] inactive_file 61440 [ 782.447635][T19570] active_file 0 [ 782.447635][T19570] unevictable 176128 [ 782.447635][T19570] slab_reclaimable 405504 [ 782.447635][T19570] slab_unreclaimable 589824 [ 782.447635][T19570] pgfault 25146 [ 782.447635][T19570] pgmajfault 0 [ 782.447635][T19570] workingset_refault 0 [ 782.447635][T19570] workingset_activate 0 [ 782.447635][T19570] workingset_nodereclaim 0 [ 782.447635][T19570] pgrefill 0 [ 782.447635][T19570] pgscan 0 [ 782.447635][T19570] pgsteal 0 [ 782.447635][T19570] pgactivate 0 [ 782.551136][T19570] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19570,uid=0 [ 782.567551][T19570] Memory cgroup out of memory: Killed process 19570 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 782.586769][ T1065] oom_reaper: reaped process 19570 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 01:49:36 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='devptsJ', 0x0, 0x0) [ 784.025158][ T21] device bridge_slave_1 left promiscuous mode [ 784.031365][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 784.094981][ T21] device bridge_slave_0 left promiscuous mode [ 784.101221][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.074251][ T21] device hsr_slave_0 left promiscuous mode [ 786.143738][ T21] device hsr_slave_1 left promiscuous mode [ 786.212886][ T21] team0 (unregistering): Port device team_slave_1 removed [ 786.226602][ T21] team0 (unregistering): Port device team_slave_0 removed [ 786.237360][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 786.280485][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 786.380953][ T21] bond0 (unregistering): Released all slaves [ 786.503468][T19604] IPVS: ftp: loaded support on port[0] = 21 [ 786.577274][T19604] chnl_net:caif_netlink_parms(): no params data found [ 786.612597][T19604] bridge0: port 1(bridge_slave_0) entered blocking state [ 786.619828][T19604] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.628028][T19604] device bridge_slave_0 entered promiscuous mode [ 786.636418][T19604] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.643529][T19604] bridge0: port 2(bridge_slave_1) entered disabled state [ 786.651261][T19604] device bridge_slave_1 entered promiscuous mode [ 786.678952][T19604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 786.691155][T19604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 786.752664][T19604] team0: Port device team_slave_0 added [ 786.770081][T19604] team0: Port device team_slave_1 added [ 786.837895][T19604] device hsr_slave_0 entered promiscuous mode [ 786.884134][T19604] device hsr_slave_1 entered promiscuous mode [ 786.924613][T19604] debugfs: Directory 'hsr0' with parent '/' already present! [ 786.961058][T19604] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.968192][T19604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 786.975715][T19604] bridge0: port 1(bridge_slave_0) entered blocking state [ 786.982774][T19604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 787.069922][T19604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 787.093419][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 787.108089][ T9019] bridge0: port 1(bridge_slave_0) entered disabled state [ 787.119607][ T9019] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.147111][T19604] 8021q: adding VLAN 0 to HW filter on device team0 [ 787.169366][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 787.181767][ T9019] bridge0: port 1(bridge_slave_0) entered blocking state [ 787.188916][ T9019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 787.227451][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 787.242623][T18791] bridge0: port 2(bridge_slave_1) entered blocking state [ 787.249759][T18791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 787.277940][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 787.286930][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 787.304970][T19604] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 787.315787][T19604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 787.330335][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 787.339432][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 787.348796][T18791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 787.372458][T19604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 787.385892][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 787.673477][T19612] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 787.685144][T19612] CPU: 1 PID: 19612 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 787.694355][T19612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.704414][T19612] Call Trace: [ 787.707695][T19612] dump_stack+0x172/0x1f0 [ 787.712091][T19612] dump_header+0x177/0x1152 [ 787.716591][T19612] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 787.722377][T19612] ? ___ratelimit+0x2c8/0x595 [ 787.727235][T19612] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 787.733040][T19612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 787.738320][T19612] ? trace_hardirqs_on+0x67/0x240 [ 787.743347][T19612] ? pagefault_out_of_memory+0x11c/0x11c [ 787.748968][T19612] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 787.754771][T19612] ? ___ratelimit+0x60/0x595 [ 787.759357][T19612] ? do_raw_spin_unlock+0x57/0x270 [ 787.764540][T19612] oom_kill_process.cold+0x10/0x15 [ 787.769656][T19612] out_of_memory+0x334/0x1340 [ 787.774408][T19612] ? __sched_text_start+0x8/0x8 [ 787.779247][T19612] ? oom_killer_disable+0x280/0x280 [ 787.784442][T19612] mem_cgroup_out_of_memory+0x1d8/0x240 [ 787.789982][T19612] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 787.795609][T19612] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 787.801422][T19612] ? cgroup_file_notify+0x140/0x1b0 [ 787.806615][T19612] memory_max_write+0x262/0x3a0 [ 787.811458][T19612] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 787.818297][T19612] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 787.823749][T19612] cgroup_file_write+0x241/0x790 [ 787.828765][T19612] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 787.835511][T19612] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 787.841131][T19612] ? kernfs_ops+0x9f/0x120 [ 787.845548][T19612] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 787.851255][T19612] kernfs_fop_write+0x2b8/0x480 [ 787.856100][T19612] __vfs_write+0x8a/0x110 [ 787.860417][T19612] ? kernfs_fop_open+0xd80/0xd80 [ 787.865336][T19612] vfs_write+0x268/0x5d0 [ 787.869560][T19612] ksys_write+0x14f/0x290 [ 787.873873][T19612] ? __ia32_sys_read+0xb0/0xb0 [ 787.878620][T19612] ? do_syscall_64+0x26/0x760 [ 787.883280][T19612] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.889367][T19612] ? do_syscall_64+0x26/0x760 [ 787.894032][T19612] __x64_sys_write+0x73/0xb0 [ 787.898610][T19612] do_syscall_64+0xfa/0x760 [ 787.903121][T19612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.909109][T19612] RIP: 0033:0x459879 [ 787.913021][T19612] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 787.932616][T19612] RSP: 002b:00007f6da4045c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 787.941019][T19612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 787.948991][T19612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 787.956958][T19612] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 787.964922][T19612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da40466d4 [ 787.972883][T19612] R13: 00000000004c9a03 R14: 00000000004e10c8 R15: 00000000ffffffff [ 787.986289][T19612] memory: usage 3388kB, limit 0kB, failcnt 228 [ 787.992658][T19612] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 788.000122][T19612] Memory cgroup stats for /syz2: [ 788.001718][T19612] anon 2195456 [ 788.001718][T19612] file 102400 [ 788.001718][T19612] kernel_stack 0 [ 788.001718][T19612] slab 856064 [ 788.001718][T19612] sock 0 [ 788.001718][T19612] shmem 45056 [ 788.001718][T19612] file_mapped 0 [ 788.001718][T19612] file_dirty 0 [ 788.001718][T19612] file_writeback 0 [ 788.001718][T19612] anon_thp 2097152 [ 788.001718][T19612] inactive_anon 131072 [ 788.001718][T19612] active_anon 2195456 [ 788.001718][T19612] inactive_file 0 [ 788.001718][T19612] active_file 0 [ 788.001718][T19612] unevictable 0 [ 788.001718][T19612] slab_reclaimable 270336 [ 788.001718][T19612] slab_unreclaimable 585728 [ 788.001718][T19612] pgfault 31977 [ 788.001718][T19612] pgmajfault 0 [ 788.001718][T19612] workingset_refault 0 [ 788.001718][T19612] workingset_activate 0 [ 788.001718][T19612] workingset_nodereclaim 0 [ 788.001718][T19612] pgrefill 33 [ 788.001718][T19612] pgscan 0 [ 788.001718][T19612] pgsteal 0 [ 788.001718][T19612] pgactivate 0 [ 788.097600][T19612] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19611,uid=0 [ 788.114170][T19612] Memory cgroup out of memory: Killed process 19611 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 788.198012][T19604] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 788.214643][T19604] CPU: 0 PID: 19604 Comm: syz-executor.2 Not tainted 5.3.0-rc6-next-20190827 #74 [ 788.223873][T19604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.233929][T19604] Call Trace: [ 788.237215][T19604] dump_stack+0x172/0x1f0 [ 788.241536][T19604] dump_header+0x177/0x1152 [ 788.246033][T19604] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 788.251827][T19604] ? ___ratelimit+0x2c8/0x595 [ 788.256488][T19604] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 788.262277][T19604] ? lockdep_hardirqs_on+0x418/0x5d0 [ 788.267543][T19604] ? trace_hardirqs_on+0x67/0x240 [ 788.272617][T19604] ? pagefault_out_of_memory+0x11c/0x11c [ 788.278243][T19604] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 788.284042][T19604] ? ___ratelimit+0x60/0x595 [ 788.288618][T19604] ? do_raw_spin_unlock+0x57/0x270 [ 788.293723][T19604] oom_kill_process.cold+0x10/0x15 [ 788.298834][T19604] out_of_memory+0x334/0x1340 [ 788.303492][T19604] ? lock_downgrade+0x920/0x920 [ 788.308325][T19604] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 788.314126][T19604] ? oom_killer_disable+0x280/0x280 [ 788.319321][T19604] mem_cgroup_out_of_memory+0x1d8/0x240 [ 788.324861][T19604] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 788.330487][T19604] ? do_raw_spin_unlock+0x57/0x270 [ 788.335577][T19604] ? _raw_spin_unlock+0x2d/0x50 [ 788.340409][T19604] try_charge+0xf4b/0x1440 [ 788.344829][T19604] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 788.350362][T19604] ? percpu_ref_tryget_live+0x111/0x290 [ 788.355889][T19604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.362109][T19604] ? __kasan_check_read+0x11/0x20 [ 788.367129][T19604] ? get_mem_cgroup_from_mm+0x156/0x320 [ 788.372668][T19604] mem_cgroup_try_charge+0x136/0x590 [ 788.377942][T19604] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 788.384181][T19604] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 788.389819][T19604] __handle_mm_fault+0x1e34/0x3f20 [ 788.394928][T19604] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 788.400473][T19604] ? __kasan_check_read+0x11/0x20 [ 788.405493][T19604] handle_mm_fault+0x1b5/0x6c0 [ 788.410249][T19604] __do_page_fault+0x536/0xdd0 [ 788.415012][T19604] do_page_fault+0x38/0x590 [ 788.419506][T19604] page_fault+0x39/0x40 [ 788.423647][T19604] RIP: 0033:0x42fdcc [ 788.427619][T19604] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d 9a 51 64 00 77 70 89 ef [ 788.447234][T19604] RSP: 002b:00007fff5aab0f70 EFLAGS: 00010202 [ 788.453298][T19604] RAX: 0000000000000020 RBX: 0000000000715640 RCX: 0000000000458be4 [ 788.461266][T19604] RDX: 00007fff5aab1060 RSI: 0000000000008030 RDI: 0000000000715640 [ 788.469227][T19604] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000555555b2e940 [ 788.477178][T19604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff5aab2240 [ 788.485164][T19604] R13: 00007fff5aab2230 R14: 0000000000000000 R15: 00007fff5aab2240 [ 788.499124][T19604] memory: usage 1048kB, limit 0kB, failcnt 236 [ 788.505413][T19604] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 788.512251][T19604] Memory cgroup stats for /syz2: [ 788.512341][T19604] anon 40960 [ 788.512341][T19604] file 102400 [ 788.512341][T19604] kernel_stack 0 [ 788.512341][T19604] slab 856064 [ 788.512341][T19604] sock 0 [ 788.512341][T19604] shmem 45056 [ 788.512341][T19604] file_mapped 0 [ 788.512341][T19604] file_dirty 0 [ 788.512341][T19604] file_writeback 0 [ 788.512341][T19604] anon_thp 0 [ 788.512341][T19604] inactive_anon 131072 [ 788.512341][T19604] active_anon 40960 [ 788.512341][T19604] inactive_file 0 [ 788.512341][T19604] active_file 0 [ 788.512341][T19604] unevictable 0 [ 788.512341][T19604] slab_reclaimable 270336 [ 788.512341][T19604] slab_unreclaimable 585728 [ 788.512341][T19604] pgfault 31977 [ 788.512341][T19604] pgmajfault 0 [ 788.512341][T19604] workingset_refault 0 [ 788.512341][T19604] workingset_activate 0 [ 788.512341][T19604] workingset_nodereclaim 0 [ 788.512341][T19604] pgrefill 33 [ 788.512341][T19604] pgscan 0 [ 788.512341][T19604] pgsteal 0 [ 788.512341][T19604] pgactivate 0 [ 788.608095][T19604] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19604,uid=0 [ 788.623719][T19604] Memory cgroup out of memory: Killed process 19604 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:0 [ 788.641858][ T1065] oom_reaper: reaped process 19604 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 791.264911][ T21] device bridge_slave_1 left promiscuous mode [ 791.271129][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 791.324710][ T21] device bridge_slave_0 left promiscuous mode [ 791.330908][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 791.395258][ T21] device bridge_slave_1 left promiscuous mode [ 791.401557][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 791.464598][ T21] device bridge_slave_0 left promiscuous mode [ 791.470780][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.154043][ T21] device hsr_slave_0 left promiscuous mode [ 795.203959][ T21] device hsr_slave_1 left promiscuous mode [ 795.282801][ T21] team0 (unregistering): Port device team_slave_1 removed [ 795.297309][ T21] team0 (unregistering): Port device team_slave_0 removed [ 795.308490][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 795.390174][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 795.480494][ T21] bond0 (unregistering): Released all slaves [ 795.624426][ T21] device hsr_slave_0 left promiscuous mode [ 795.663836][ T21] device hsr_slave_1 left promiscuous mode [ 795.715256][ T21] team0 (unregistering): Port device team_slave_1 removed [ 795.729544][ T21] team0 (unregistering): Port device team_slave_0 removed [ 795.741940][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 795.780723][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 795.872813][ T21] bond0 (unregistering): Released all slaves [ 935.133897][ T1064] INFO: task syz-executor.3:19554 can't die for more than 143 seconds. [ 935.142294][ T1064] syz-executor.3 D28072 19554 19085 0x00004004 [ 935.148720][ T1064] Call Trace: [ 935.152033][ T1064] __schedule+0x76e/0x17a0 [ 935.157022][ T1064] ? __sched_text_start+0x8/0x8 [ 935.161877][ T1064] ? __kasan_check_read+0x11/0x20 [ 935.167007][ T1064] ? __lock_acquire+0x16f2/0x4a00 [ 935.172044][ T1064] schedule+0xd9/0x260 [ 935.176217][ T1064] schedule_timeout+0x717/0xc50 [ 935.181083][ T1064] ? find_held_lock+0x35/0x130 [ 935.185928][ T1064] ? usleep_range+0x170/0x170 [ 935.190688][ T1064] ? lock_downgrade+0x920/0x920 [ 935.195640][ T1064] ? _raw_spin_unlock_irq+0x28/0x90 [ 935.200839][ T1064] ? wait_for_completion+0x294/0x440 [ 935.206474][ T1064] ? _raw_spin_unlock_irq+0x28/0x90 [ 935.211705][ T1064] ? lockdep_hardirqs_on+0x418/0x5d0 [ 935.217165][ T1064] ? trace_hardirqs_on+0x67/0x240 [ 935.222305][ T1064] ? __kasan_check_read+0x11/0x20 [ 935.227665][ T1064] wait_for_completion+0x29c/0x440 [ 935.232804][ T1064] ? wait_for_completion_interruptible+0x470/0x470 [ 935.239396][ T1064] ? wake_up_q+0xf0/0xf0 [ 935.243722][ T1064] ? flush_workqueue_prep_pwqs+0x352/0x590 [ 935.249729][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.256328][ T1064] flush_workqueue+0x40f/0x14c0 [ 935.261541][ T1064] ? __dev_printk+0x202/0x20e [ 935.266477][ T1064] ? _dev_warn+0xd7/0x109 [ 935.270826][ T1064] ? pwq_unbound_release_workfn+0x2f0/0x2f0 [ 935.276899][ T1064] ? sock_shutdown+0x83/0x200 [ 935.281586][ T1064] nbd_ioctl+0xb32/0xc50 [ 935.286093][ T1064] ? nbd_ioctl+0xb32/0xc50 [ 935.290622][ T1064] ? nbd_release+0x150/0x150 [ 935.295561][ T1064] ? finish_wait+0x260/0x260 [ 935.300438][ T1064] ? nbd_release+0x150/0x150 [ 935.305192][ T1064] blkdev_ioctl+0xedb/0x1c20 [ 935.309842][ T1064] ? blkpg_ioctl+0xa90/0xa90 [ 935.314550][ T1064] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 935.320644][ T1064] block_ioctl+0xee/0x130 [ 935.325066][ T1064] ? blkdev_fallocate+0x410/0x410 [ 935.330099][ T1064] do_vfs_ioctl+0xdb6/0x13e0 [ 935.334893][ T1064] ? ioctl_preallocate+0x210/0x210 [ 935.340135][ T1064] ? __fget+0x384/0x560 [ 935.344405][ T1064] ? ksys_dup3+0x3e0/0x3e0 [ 935.348833][ T1064] ? nsecs_to_jiffies+0x30/0x30 [ 935.353929][ T1064] ? tomoyo_file_ioctl+0x23/0x30 [ 935.358911][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.365585][ T1064] ? security_file_ioctl+0x8d/0xc0 [ 935.370712][ T1064] ksys_ioctl+0xab/0xd0 [ 935.375426][ T1064] __x64_sys_ioctl+0x73/0xb0 [ 935.380366][ T1064] do_syscall_64+0xfa/0x760 [ 935.384972][ T1064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 935.390959][ T1064] RIP: 0033:0x459879 [ 935.394932][ T1064] Code: 30 48 c7 44 24 38 00 00 00 00 48 c7 44 24 40 00 00 00 00 48 c7 44 24 48 00 00 00 00 e8 b0 67 ff ff 48 8b 44 24 50 48 8b 4c 24 <58> 48 89 01 48 8b 6c 24 60 48 83 c4 68 c3 e8 14 06 fd ff 0f 0b e8 [ 935.415164][ T1064] RSP: 002b:00007f0aebf9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 935.423683][ T1064] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459879 [ 935.431748][ T1064] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005 [ 935.439930][ T1064] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 935.448351][ T1064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0aebf9b6d4 [ 935.456423][ T1064] R13: 00000000004c3166 R14: 00000000004d68c8 R15: 00000000ffffffff [ 935.464539][ T1064] INFO: task syz-executor.3:19554 blocked for more than 143 seconds. [ 935.472603][ T1064] Not tainted 5.3.0-rc6-next-20190827 #74 [ 935.478983][ T1064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 935.492376][ T1064] syz-executor.3 D28072 19554 19085 0x00004004 [ 935.498853][ T1064] Call Trace: [ 935.502423][ T1064] __schedule+0x76e/0x17a0 [ 935.506907][ T1064] ? __sched_text_start+0x8/0x8 [ 935.511885][ T1064] ? __kasan_check_read+0x11/0x20 [ 935.517004][ T1064] ? __lock_acquire+0x16f2/0x4a00 [ 935.522139][ T1064] schedule+0xd9/0x260 [ 935.526340][ T1064] schedule_timeout+0x717/0xc50 [ 935.531255][ T1064] ? find_held_lock+0x35/0x130 [ 935.536192][ T1064] ? usleep_range+0x170/0x170 [ 935.540905][ T1064] ? lock_downgrade+0x920/0x920 [ 935.545940][ T1064] ? _raw_spin_unlock_irq+0x28/0x90 [ 935.551150][ T1064] ? wait_for_completion+0x294/0x440 [ 935.556845][ T1064] ? _raw_spin_unlock_irq+0x28/0x90 [ 935.562091][ T1064] ? lockdep_hardirqs_on+0x418/0x5d0 [ 935.567491][ T1064] ? trace_hardirqs_on+0x67/0x240 [ 935.572741][ T1064] ? __kasan_check_read+0x11/0x20 [ 935.577931][ T1064] wait_for_completion+0x29c/0x440 [ 935.583069][ T1064] ? wait_for_completion_interruptible+0x470/0x470 [ 935.589789][ T1064] ? wake_up_q+0xf0/0xf0 [ 935.594125][ T1064] ? flush_workqueue_prep_pwqs+0x352/0x590 [ 935.600122][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.606604][ T1064] flush_workqueue+0x40f/0x14c0 [ 935.611500][ T1064] ? __dev_printk+0x202/0x20e [ 935.616530][ T1064] ? _dev_warn+0xd7/0x109 [ 935.620869][ T1064] ? pwq_unbound_release_workfn+0x2f0/0x2f0 [ 935.626860][ T1064] ? sock_shutdown+0x83/0x200 [ 935.631550][ T1064] nbd_ioctl+0xb32/0xc50 [ 935.635879][ T1064] ? nbd_ioctl+0xb32/0xc50 [ 935.640315][ T1064] ? nbd_release+0x150/0x150 [ 935.645128][ T1064] ? finish_wait+0x260/0x260 [ 935.650027][ T1064] ? nbd_release+0x150/0x150 [ 935.654810][ T1064] blkdev_ioctl+0xedb/0x1c20 [ 935.659457][ T1064] ? blkpg_ioctl+0xa90/0xa90 [ 935.664130][ T1064] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 935.669970][ T1064] block_ioctl+0xee/0x130 [ 935.674533][ T1064] ? blkdev_fallocate+0x410/0x410 [ 935.679853][ T1064] do_vfs_ioctl+0xdb6/0x13e0 [ 935.684624][ T1064] ? ioctl_preallocate+0x210/0x210 [ 935.689749][ T1064] ? __fget+0x384/0x560 [ 935.694275][ T1064] ? ksys_dup3+0x3e0/0x3e0 [ 935.698766][ T1064] ? nsecs_to_jiffies+0x30/0x30 [ 935.704327][ T1064] ? tomoyo_file_ioctl+0x23/0x30 [ 935.709274][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.715923][ T1064] ? security_file_ioctl+0x8d/0xc0 [ 935.721050][ T1064] ksys_ioctl+0xab/0xd0 [ 935.725308][ T1064] __x64_sys_ioctl+0x73/0xb0 [ 935.730029][ T1064] do_syscall_64+0xfa/0x760 [ 935.734643][ T1064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 935.740536][ T1064] RIP: 0033:0x459879 [ 935.744520][ T1064] Code: 30 48 c7 44 24 38 00 00 00 00 48 c7 44 24 40 00 00 00 00 48 c7 44 24 48 00 00 00 00 e8 b0 67 ff ff 48 8b 44 24 50 48 8b 4c 24 <58> 48 89 01 48 8b 6c 24 60 48 83 c4 68 c3 e8 14 06 fd ff 0f 0b e8 [ 935.764379][ T1064] RSP: 002b:00007f0aebf9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 935.772799][ T1064] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459879 [ 935.780964][ T1064] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005 [ 935.789008][ T1064] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 935.797295][ T1064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0aebf9b6d4 [ 935.805802][ T1064] R13: 00000000004c3166 R14: 00000000004d68c8 R15: 00000000ffffffff [ 935.813981][ T1064] [ 935.813981][ T1064] Showing all locks held in the system: [ 935.821715][ T1064] 1 lock held by khungtaskd/1064: [ 935.826861][ T1064] #0: ffffffff88fa7f00 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 935.836244][ T1064] 2 locks held by kworker/u5:0/1523: [ 935.842773][ T1064] #0: ffff8880899386e8 ((wq_completion)knbd3-recv){+.+.}, at: process_one_work+0x88b/0x1740 [ 935.853066][ T1064] #1: ffff8880a625fdc0 ((work_completion)(&args->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 935.864233][ T1064] 1 lock held by rsyslogd/8873: [ 935.869107][ T1064] #0: ffff888097e06160 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 935.878350][ T1064] 2 locks held by getty/8963: [ 935.883029][ T1064] #0: ffff8880901e8190 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 935.892408][ T1064] #1: ffffc90005f092e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 935.902066][ T1064] 2 locks held by getty/8964: [ 935.906840][ T1064] #0: ffff88809f282590 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 935.916191][ T1064] #1: ffffc90005f252e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 935.926463][ T1064] 2 locks held by getty/8965: [ 935.931314][ T1064] #0: ffff8880a0a771d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 935.940483][ T1064] #1: ffffc90005f1d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 935.950237][ T1064] 2 locks held by getty/8966: [ 935.954970][ T1064] #0: ffff8880a0a760d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 935.964192][ T1064] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 935.973856][ T1064] 2 locks held by getty/8967: [ 935.978602][ T1064] #0: ffff8880a0a76950 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 935.987735][ T1064] #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 935.997616][ T1064] 2 locks held by getty/8968: [ 936.002279][ T1064] #0: ffff8880a38a6c10 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 936.011310][ T1064] #1: ffffc90005f052e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 936.021012][ T1064] 2 locks held by getty/8969: [ 936.025745][ T1064] #0: ffff8880908f89d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 936.034860][ T1064] #1: ffffc90005ef12e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 936.044847][ T1064] [ 936.047169][ T1064] ============================================= [ 936.047169][ T1064] [ 936.055819][ T1064] NMI backtrace for cpu 1 [ 936.060154][ T1064] CPU: 1 PID: 1064 Comm: khungtaskd Not tainted 5.3.0-rc6-next-20190827 #74 [ 936.068828][ T1064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 936.078882][ T1064] Call Trace: [ 936.082272][ T1064] dump_stack+0x172/0x1f0 [ 936.086622][ T1064] nmi_cpu_backtrace.cold+0x70/0xb2 [ 936.091900][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 936.098233][ T1064] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 936.104222][ T1064] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 936.110210][ T1064] arch_trigger_cpumask_backtrace+0x14/0x20 [ 936.116140][ T1064] watchdog+0xc99/0x1360 [ 936.120395][ T1064] kthread+0x361/0x430 [ 936.124505][ T1064] ? reset_hung_task_detector+0x30/0x30 [ 936.130108][ T1064] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 936.136407][ T1064] ret_from_fork+0x24/0x30 [ 936.140964][ T1064] Sending NMI from CPU 1 to CPUs 0: [ 936.146582][ C0] NMI backtrace for cpu 0 [ 936.146598][ C0] CPU: 0 PID: 715 Comm: kworker/u4:3 Not tainted 5.3.0-rc6-next-20190827 #74 [ 936.146603][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 936.146607][ C0] Workqueue: bat_events batadv_nc_worker [ 936.146613][ C0] RIP: 0010:batadv_nc_purge_paths+0xee/0x370 [ 936.146623][ C0] Code: 48 6b db 38 48 03 58 08 48 89 df 48 89 5d b8 e8 78 86 1c 00 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 0f 85 e0 01 00 00 4d 8b 24 24 30 e8 fb b7 4b fa e8 e6 40 7f fe 31 ff 41 89 c7 89 c6 e8 6a b9 [ 936.146627][ C0] RSP: 0018:ffff8880a85f7c60 EFLAGS: 00000246 [ 936.146634][ C0] RAX: 1ffff11015234dc8 RBX: ffff8880a0ad5580 RCX: ffffffff8159594a [ 936.146638][ C0] RDX: 1ffff1101415aab2 RSI: 0000000000000004 RDI: ffff8880a85f7bc8 [ 936.146643][ C0] RBP: ffff8880a85f7cd0 R08: 0000000000000004 R09: ffffed10150bef7a [ 936.146647][ C0] R10: ffffed10150bef79 R11: 0000000000000003 R12: 0000000000000000 [ 936.146652][ C0] R13: dffffc0000000000 R14: ffffffff87268210 R15: 0000000000000010 [ 936.146657][ C0] FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 936.146661][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 936.146665][ C0] CR2: 000000c4312b3b58 CR3: 00000000a7052000 CR4: 00000000001406f0 [ 936.146673][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 936.146678][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 936.146680][ C0] Call Trace: [ 936.146683][ C0] batadv_nc_worker+0x2cf/0x760 [ 936.146687][ C0] process_one_work+0x9af/0x1740 [ 936.146690][ C0] ? __schedule+0x776/0x17a0 [ 936.146693][ C0] ? pwq_dec_nr_in_flight+0x320/0x320 [ 936.146696][ C0] ? lock_acquire+0x190/0x410 [ 936.146699][ C0] worker_thread+0x98/0xe40 [ 936.146702][ C0] kthread+0x361/0x430 [ 936.146705][ C0] ? process_one_work+0x1740/0x1740 [ 936.146709][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 936.146712][ C0] ret_from_fork+0x24/0x30 [ 936.147227][ T1064] Kernel panic - not syncing: hung_task: blocked tasks [ 936.347150][ T1064] CPU: 1 PID: 1064 Comm: khungtaskd Not tainted 5.3.0-rc6-next-20190827 #74 [ 936.355809][ T1064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 936.365883][ T1064] Call Trace: [ 936.369181][ T1064] dump_stack+0x172/0x1f0 [ 936.373524][ T1064] panic+0x2dc/0x755 [ 936.377543][ T1064] ? add_taint.cold+0x16/0x16 [ 936.382225][ T1064] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 936.388153][ T1064] ? printk_safe_flush+0xf2/0x140 [ 936.393360][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 936.399597][ T1064] ? nmi_trigger_cpumask_backtrace+0x224/0x28b [ 936.405753][ T1064] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 936.411902][ T1064] watchdog+0xcaa/0x1360 [ 936.416165][ T1064] kthread+0x361/0x430 [ 936.420346][ T1064] ? reset_hung_task_detector+0x30/0x30 [ 936.425884][ T1064] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 936.432172][ T1064] ret_from_fork+0x24/0x30 [ 936.438207][ T1064] Kernel Offset: disabled [ 936.442540][ T1064] Rebooting in 86400 seconds..