t_of_memory+0x79a/0x12d0 [ 1361.037434][ T7661] ? cgroup_file_notify+0x140/0x1b0 [ 1361.042655][ T7661] ? oom_killer_disable+0x280/0x280 [ 1361.047875][ T7661] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1361.054392][ T7661] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1361.060045][ T7661] ? cgroup_file_notify+0x140/0x1b0 [ 1361.065263][ T7661] memory_max_write+0x262/0x3a0 [ 1361.070143][ T7661] ? mem_cgroup_write+0x360/0x360 [ 1361.075186][ T7661] ? cgroup_file_write+0x2ac/0x790 [ 1361.080333][ T7661] cgroup_file_write+0x307/0x790 [ 1361.085285][ T7661] ? mem_cgroup_write+0x360/0x360 [ 1361.090325][ T7661] ? cgroup_show_path+0x590/0x590 [ 1361.095395][ T7661] ? cgroup_show_path+0x590/0x590 [ 1361.100430][ T7661] kernfs_fop_write+0x2b8/0x480 [ 1361.105294][ T7661] __vfs_write+0x8a/0x110 [ 1361.109626][ T7661] ? kernfs_fop_open+0xd80/0xd80 [ 1361.114569][ T7661] vfs_write+0x268/0x5d0 [ 1361.118817][ T7661] ksys_write+0x14f/0x290 [ 1361.123238][ T7661] ? __ia32_sys_read+0xb0/0xb0 [ 1361.128011][ T7661] ? do_syscall_64+0x26/0x6a0 [ 1361.132694][ T7661] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1361.138761][ T7661] ? do_syscall_64+0x26/0x6a0 [ 1361.143443][ T7661] __x64_sys_write+0x73/0xb0 [ 1361.148056][ T7661] do_syscall_64+0xfd/0x6a0 [ 1361.152570][ T7661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1361.158462][ T7661] RIP: 0033:0x459829 [ 1361.162363][ T7661] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1361.182162][ T7661] RSP: 002b:00007f5536b0fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1361.190675][ T7661] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1361.198660][ T7661] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1361.206648][ T7661] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1361.214641][ T7661] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5536b106d4 [ 1361.222629][ T7661] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1361.234479][ T7661] memory: usage 3396kB, limit 0kB, failcnt 431315 [ 1361.241079][ T7661] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1361.248000][ T7661] Memory cgroup stats for /syz3: [ 1361.249086][ T7661] anon 2138112 [ 1361.249086][ T7661] file 172032 [ 1361.249086][ T7661] kernel_stack 65536 [ 1361.249086][ T7661] slab 962560 [ 1361.249086][ T7661] sock 0 [ 1361.249086][ T7661] shmem 8192 [ 1361.249086][ T7661] file_mapped 0 [ 1361.249086][ T7661] file_dirty 135168 [ 1361.249086][ T7661] file_writeback 0 [ 1361.249086][ T7661] anon_thp 2097152 [ 1361.249086][ T7661] inactive_anon 0 [ 1361.249086][ T7661] active_anon 2138112 [ 1361.249086][ T7661] inactive_file 135168 [ 1361.249086][ T7661] active_file 118784 [ 1361.249086][ T7661] unevictable 0 [ 1361.249086][ T7661] slab_reclaimable 405504 [ 1361.249086][ T7661] slab_unreclaimable 557056 [ 1361.249086][ T7661] pgfault 105171 [ 1361.249086][ T7661] pgmajfault 0 [ 1361.249086][ T7661] workingset_refault 0 [ 1361.249086][ T7661] workingset_activate 0 [ 1361.249086][ T7661] workingset_nodereclaim 0 [ 1361.249086][ T7661] pgrefill 0 [ 1361.249086][ T7661] pgscan 0 [ 1361.249086][ T7661] pgsteal 0 [ 1361.249086][ T7661] pgactivate 0 [ 1361.345093][ T7661] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7660,uid=0 [ 1361.360864][ T7661] Memory cgroup out of memory: Killed process 7660 (syz-executor.3) total-vm:72576kB, anon-rss:2180kB, file-rss:35804kB, shmem-rss:0kB [ 1361.376905][ T1057] oom_reaper: reaped process 7660 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:11:00 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:00 executing program 2: mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:00 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB]) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:00 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d", 0x78}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:00 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/24) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000200)={0xfff, 0x7, 0x5, 0x9, 0x8, 0xffffffffffffffff}) mkdir(0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x362) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000480)=""/166) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r3 = creat(0x0, 0x0) ioctl$PPPIOCSDEBUG(r3, 0x40047440, &(0x7f0000000080)=0x644f) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r4) setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @loopback, 0xfffffffffffffffc}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 23:11:00 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) [ 1361.539083][ T7653] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1361.549190][ T7653] CPU: 1 PID: 7653 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1361.556749][ T7653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1361.566901][ T7653] Call Trace: [ 1361.570215][ T7653] dump_stack+0x16f/0x1f0 [ 1361.574557][ T7653] dump_header+0x10b/0x831 [ 1361.578977][ T7653] ? oom_kill_process+0x94/0x3c0 [ 1361.583928][ T7653] oom_kill_process.cold+0x10/0x15 [ 1361.589049][ T7653] out_of_memory+0x79a/0x12d0 [ 1361.593735][ T7653] ? lock_downgrade+0x920/0x920 [ 1361.598621][ T7653] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1361.604443][ T7653] ? oom_killer_disable+0x280/0x280 [ 1361.609680][ T7653] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1361.615230][ T7653] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1361.620894][ T7653] ? do_raw_spin_unlock+0x57/0x270 [ 1361.626021][ T7653] ? _raw_spin_unlock+0x23/0x30 [ 1361.630883][ T7653] try_charge+0x1053/0x1430 [ 1361.635401][ T7653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1361.640950][ T7653] ? percpu_ref_tryget_live+0x104/0x270 [ 1361.646512][ T7653] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1361.652064][ T7653] mem_cgroup_try_charge+0x136/0x590 [ 1361.657362][ T7653] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1361.663005][ T7653] wp_page_copy+0x27c/0x1380 [ 1361.667605][ T7653] ? find_held_lock+0x35/0x130 [ 1361.672382][ T7653] ? pmd_pfn+0x1d0/0x1d0 [ 1361.676629][ T7653] ? lock_downgrade+0x920/0x920 [ 1361.681510][ T7653] ? swp_swapcount+0x520/0x520 [ 1361.686371][ T7653] ? __kasan_check_read+0x11/0x20 [ 1361.691399][ T7653] ? do_raw_spin_unlock+0x57/0x270 [ 1361.696520][ T7653] do_wp_page+0x499/0x14d0 [ 1361.700946][ T7653] ? finish_mkwrite_fault+0x570/0x570 [ 1361.706337][ T7653] __handle_mm_fault+0x2120/0x3ce0 [ 1361.711456][ T7653] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1361.717006][ T7653] ? handle_mm_fault+0x294/0xa90 [ 1361.721966][ T7653] ? handle_mm_fault+0x675/0xa90 [ 1361.726910][ T7653] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1361.732205][ T7653] handle_mm_fault+0x3bb/0xa90 [ 1361.736984][ T7653] __do_page_fault+0x536/0xdd0 [ 1361.741774][ T7653] do_page_fault+0x38/0x536 [ 1361.746283][ T7653] page_fault+0x39/0x40 [ 1361.750442][ T7653] RIP: 0033:0x430906 [ 1361.754340][ T7653] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1361.773950][ T7653] RSP: 002b:00007ffee828b630 EFLAGS: 00010206 [ 1361.780030][ T7653] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1361.788039][ T7653] RDX: 0000555557013930 RSI: 000055555701b970 RDI: 0000000000000003 [ 1361.796018][ T7653] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557012940 [ 1361.803999][ T7653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1361.811981][ T7653] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1361.820549][ T7653] memory: usage 1056kB, limit 0kB, failcnt 431323 [ 1361.826978][ T7653] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1361.833903][ T7653] Memory cgroup stats for /syz3: [ 1361.834028][ T7653] anon 0 [ 1361.834028][ T7653] file 172032 [ 1361.834028][ T7653] kernel_stack 65536 [ 1361.834028][ T7653] slab 962560 [ 1361.834028][ T7653] sock 0 [ 1361.834028][ T7653] shmem 8192 [ 1361.834028][ T7653] file_mapped 0 [ 1361.834028][ T7653] file_dirty 135168 [ 1361.834028][ T7653] file_writeback 0 [ 1361.834028][ T7653] anon_thp 0 [ 1361.834028][ T7653] inactive_anon 0 [ 1361.834028][ T7653] active_anon 0 [ 1361.834028][ T7653] inactive_file 135168 [ 1361.834028][ T7653] active_file 118784 [ 1361.834028][ T7653] unevictable 0 [ 1361.834028][ T7653] slab_reclaimable 405504 [ 1361.834028][ T7653] slab_unreclaimable 557056 [ 1361.834028][ T7653] pgfault 105171 [ 1361.834028][ T7653] pgmajfault 0 [ 1361.834028][ T7653] workingset_refault 0 [ 1361.834028][ T7653] workingset_activate 0 [ 1361.834028][ T7653] workingset_nodereclaim 0 [ 1361.834028][ T7653] pgrefill 0 [ 1361.834028][ T7653] pgscan 0 [ 1361.834028][ T7653] pgsteal 0 [ 1361.834028][ T7653] pgactivate 0 23:11:00 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB]) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:00 executing program 2: mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:00 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) [ 1361.928846][ T7653] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7653,uid=0 [ 1361.944291][ T7653] Memory cgroup out of memory: Killed process 7653 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1361.969806][ T1057] oom_reaper: reaped process 7653 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:00 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:00 executing program 2: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) [ 1362.140870][ T24] audit: type=1800 audit(1563837060.968:102): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=17152 res=0 23:11:01 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:01 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:01 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB]) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:01 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/24) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000200)={0xfff, 0x7, 0x5, 0x9, 0x8, 0xffffffffffffffff}) mkdir(0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x362) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000480)=""/166) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r3 = creat(0x0, 0x0) ioctl$PPPIOCSDEBUG(r3, 0x40047440, &(0x7f0000000080)=0x644f) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r4) setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @loopback, 0xfffffffffffffffc}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 23:11:01 executing program 2: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:01 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:01 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:01 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mod']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:01 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:01 executing program 2: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:01 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:01 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:02 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:02 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mod']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:02 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x10, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffc000/0x2000)=nil) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/24) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000200)={0xfff, 0x7, 0x5, 0x9, 0x8, 0xffffffffffffffff}) mkdir(0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x362) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000480)=""/166) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r3 = creat(0x0, 0x0) ioctl$PPPIOCSDEBUG(r3, 0x40047440, &(0x7f0000000080)=0x644f) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r4) setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @loopback, 0xfffffffffffffffc}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 23:11:02 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:02 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:02 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x10, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:02 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mod']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) [ 1364.999676][T23407] device bridge_slave_1 left promiscuous mode [ 1365.005972][T23407] bridge0: port 2(bridge_slave_1) entered disabled state [ 1365.062153][T23407] device bridge_slave_0 left promiscuous mode [ 1365.068356][T23407] bridge0: port 1(bridge_slave_0) entered disabled state [ 1367.068818][T23407] device hsr_slave_0 left promiscuous mode [ 1367.119146][T23407] device hsr_slave_1 left promiscuous mode [ 1367.169167][T23407] team0 (unregistering): Port device team_slave_1 removed [ 1367.182301][T23407] team0 (unregistering): Port device team_slave_0 removed [ 1367.193150][T23407] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1367.243731][T23407] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1367.315060][T23407] bond0 (unregistering): Released all slaves [ 1367.417481][ T7754] IPVS: ftp: loaded support on port[0] = 21 [ 1367.496712][ T7754] chnl_net:caif_netlink_parms(): no params data found [ 1367.526043][ T7754] bridge0: port 1(bridge_slave_0) entered blocking state [ 1367.533219][ T7754] bridge0: port 1(bridge_slave_0) entered disabled state [ 1367.541368][ T7754] device bridge_slave_0 entered promiscuous mode [ 1367.550091][ T7754] bridge0: port 2(bridge_slave_1) entered blocking state [ 1367.557190][ T7754] bridge0: port 2(bridge_slave_1) entered disabled state [ 1367.565428][ T7754] device bridge_slave_1 entered promiscuous mode [ 1367.631851][ T7754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1367.648851][ T7754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1367.679128][ T7754] team0: Port device team_slave_0 added [ 1367.686612][ T7754] team0: Port device team_slave_1 added [ 1367.801695][ T7754] device hsr_slave_0 entered promiscuous mode [ 1368.038864][ T7754] device hsr_slave_1 entered promiscuous mode [ 1368.188580][ T7754] debugfs: Directory 'hsr0' with parent '/' already present! [ 1368.215419][ T7754] bridge0: port 2(bridge_slave_1) entered blocking state [ 1368.222590][ T7754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1368.230169][ T7754] bridge0: port 1(bridge_slave_0) entered blocking state [ 1368.237292][ T7754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1368.305225][ T7754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1368.326100][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1368.341707][ T9070] bridge0: port 1(bridge_slave_0) entered disabled state [ 1368.351709][ T9070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1368.366416][ T7754] 8021q: adding VLAN 0 to HW filter on device team0 [ 1368.376526][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1368.385127][T20827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1368.392240][T20827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1368.409416][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1368.417884][T20827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1368.425070][T20827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1368.439704][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1368.448334][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1368.457083][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1368.465539][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1368.475231][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1368.485317][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1368.493848][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1368.508281][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1368.516731][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1368.526116][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1368.550229][ T7754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1368.687919][ T7763] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1368.762791][ T7763] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1368.774515][ T7763] CPU: 0 PID: 7763 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1368.782073][ T7763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1368.792134][ T7763] Call Trace: [ 1368.795445][ T7763] dump_stack+0x16f/0x1f0 [ 1368.799787][ T7763] dump_header+0x10b/0x831 [ 1368.804331][ T7763] oom_kill_process.cold+0x10/0x15 [ 1368.809451][ T7763] out_of_memory+0x79a/0x12d0 [ 1368.814139][ T7763] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1368.819778][ T7763] ? cgroup_file_notify+0x140/0x1b0 [ 1368.824989][ T7763] ? oom_killer_disable+0x280/0x280 [ 1368.830216][ T7763] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1368.835766][ T7763] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1368.841414][ T7763] ? cgroup_file_notify+0x140/0x1b0 [ 1368.846602][ T7763] memory_max_write+0x262/0x3a0 [ 1368.851442][ T7763] ? mem_cgroup_write+0x360/0x360 [ 1368.856460][ T7763] ? cgroup_file_write+0x86/0x790 [ 1368.861490][ T7763] cgroup_file_write+0x307/0x790 [ 1368.866430][ T7763] ? mem_cgroup_write+0x360/0x360 [ 1368.871529][ T7763] ? cgroup_show_path+0x590/0x590 [ 1368.876553][ T7763] ? cgroup_show_path+0x590/0x590 [ 1368.881584][ T7763] kernfs_fop_write+0x2b8/0x480 [ 1368.886423][ T7763] __vfs_write+0x8a/0x110 [ 1368.890744][ T7763] ? kernfs_fop_open+0xd80/0xd80 [ 1368.895673][ T7763] vfs_write+0x268/0x5d0 [ 1368.899925][ T7763] ksys_write+0x14f/0x290 [ 1368.904277][ T7763] ? __ia32_sys_read+0xb0/0xb0 [ 1368.909214][ T7763] ? do_syscall_64+0x26/0x6a0 [ 1368.913880][ T7763] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1368.919934][ T7763] ? do_syscall_64+0x26/0x6a0 [ 1368.924619][ T7763] __x64_sys_write+0x73/0xb0 [ 1368.929235][ T7763] do_syscall_64+0xfd/0x6a0 [ 1368.933756][ T7763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1368.939664][ T7763] RIP: 0033:0x459829 [ 1368.943650][ T7763] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1368.963261][ T7763] RSP: 002b:00007f1be4657c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1368.971661][ T7763] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1368.979616][ T7763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1368.987574][ T7763] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1368.995546][ T7763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1be46586d4 [ 1369.003531][ T7763] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1369.011677][ T7763] memory: usage 3412kB, limit 0kB, failcnt 431324 [ 1369.018139][ T7763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1369.025417][ T7763] Memory cgroup stats for /syz3: [ 1369.026383][ T7763] anon 2174976 [ 1369.026383][ T7763] file 172032 [ 1369.026383][ T7763] kernel_stack 65536 [ 1369.026383][ T7763] slab 962560 [ 1369.026383][ T7763] sock 0 [ 1369.026383][ T7763] shmem 8192 [ 1369.026383][ T7763] file_mapped 0 [ 1369.026383][ T7763] file_dirty 135168 [ 1369.026383][ T7763] file_writeback 0 [ 1369.026383][ T7763] anon_thp 2097152 [ 1369.026383][ T7763] inactive_anon 0 [ 1369.026383][ T7763] active_anon 2174976 [ 1369.026383][ T7763] inactive_file 135168 [ 1369.026383][ T7763] active_file 118784 [ 1369.026383][ T7763] unevictable 0 [ 1369.026383][ T7763] slab_reclaimable 405504 [ 1369.026383][ T7763] slab_unreclaimable 557056 [ 1369.026383][ T7763] pgfault 105237 [ 1369.026383][ T7763] pgmajfault 0 [ 1369.026383][ T7763] workingset_refault 0 [ 1369.026383][ T7763] workingset_activate 0 [ 1369.026383][ T7763] workingset_nodereclaim 0 [ 1369.026383][ T7763] pgrefill 0 [ 1369.026383][ T7763] pgscan 0 [ 1369.026383][ T7763] pgsteal 0 [ 1369.026383][ T7763] pgactivate 0 [ 1369.122270][ T7763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7762,uid=0 [ 1369.137998][ T7763] Memory cgroup out of memory: Killed process 7762 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1369.153765][ T1057] oom_reaper: reaped process 7762 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:11:08 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:08 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:08 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:08 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x10, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:08 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:08 executing program 5: r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x200001, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 1369.364211][ T7754] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1369.374718][ T7754] CPU: 0 PID: 7754 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1369.382269][ T7754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1369.392334][ T7754] Call Trace: [ 1369.395655][ T7754] dump_stack+0x16f/0x1f0 [ 1369.399998][ T7754] dump_header+0x10b/0x831 [ 1369.404417][ T7754] ? oom_kill_process+0x94/0x3c0 [ 1369.409361][ T7754] oom_kill_process.cold+0x10/0x15 [ 1369.414487][ T7754] out_of_memory+0x79a/0x12d0 [ 1369.419177][ T7754] ? lock_downgrade+0x920/0x920 [ 1369.424044][ T7754] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1369.429865][ T7754] ? oom_killer_disable+0x280/0x280 [ 1369.435082][ T7754] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1369.440646][ T7754] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1369.446330][ T7754] ? do_raw_spin_unlock+0x57/0x270 [ 1369.451460][ T7754] ? _raw_spin_unlock+0x23/0x30 [ 1369.456327][ T7754] try_charge+0x1053/0x1430 23:11:08 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:08 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:08 executing program 5: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = creat(0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x84003ff) r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0x1, 0x8, 0x0, 0x2, 0x0, 0x9, 0x2, 0x8, 0x5c, 0x4, 0x0, 0x548d, 0xc0, 0x0, 0x2, 0xd206510, 0x9, 0x0, 0x130, 0x7, 0xb9, 0x0, 0x9, 0x5, 0x7, 0xffffffffffffff87, 0x6, 0xf9, 0x0, 0x5, 0xffffffffffffffe1, 0x1, 0xedd, 0x1000, 0x4, 0x9, 0x0, 0x52e, 0x0, @perf_config_ext={0x7, 0x4}, 0x1044, 0x7, 0x9, 0x9, 0x6, 0x9c, 0x7fffffff}, 0xffffffffffffffff, 0x0, r1, 0x8) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000080)=0x10000) stat(&(0x7f0000000440)='./file0\x00', 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7de, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x3) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x8, 0x0, 0x0, 0x3359, 0x0, 0x0, 0x2, 0x0, 0x4, 0x1aa, 0x258, 0x400000000000000, 0x8, 0x0, 0xffffffffffff00e9, 0x8, 0x0, 0x101, 0x2, 0x10000, 0x5, 0x5, 0xfffffffffffffff9, 0x0, 0x10001, 0xe95b, 0xfffffffffffffff9, 0x9, 0x7ff, 0x3ff, 0x7, 0x0, 0x8000, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x400, 0xc0, 0x0, 0xf, 0x8, 0x8}, 0x0, 0x3, 0xffffffffffffffff, 0x0) fallocate(r3, 0x0, 0x0, 0x8200003) socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000040)={0x0, @aes128, 0x2, "3bf755891c3c657d"}) 23:11:08 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, 0xffffffffffffffff, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) [ 1369.460853][ T7754] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1369.466405][ T7754] ? percpu_ref_tryget_live+0x104/0x270 [ 1369.466431][ T7754] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1369.477504][ T7754] mem_cgroup_try_charge+0x136/0x590 [ 1369.482794][ T7754] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1369.488659][ T7754] wp_page_copy+0x27c/0x1380 [ 1369.493258][ T7754] ? find_held_lock+0x35/0x130 [ 1369.498118][ T7754] ? pmd_pfn+0x1d0/0x1d0 [ 1369.502374][ T7754] ? lock_downgrade+0x920/0x920 [ 1369.507235][ T7754] ? swp_swapcount+0x520/0x520 23:11:08 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) [ 1369.512037][ T7754] ? __kasan_check_read+0x11/0x20 [ 1369.517084][ T7754] ? do_raw_spin_unlock+0x57/0x270 [ 1369.522223][ T7754] do_wp_page+0x499/0x14d0 [ 1369.526656][ T7754] ? finish_mkwrite_fault+0x570/0x570 [ 1369.532064][ T7754] __handle_mm_fault+0x2120/0x3ce0 [ 1369.537284][ T7754] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1369.542843][ T7754] ? handle_mm_fault+0x294/0xa90 [ 1369.547788][ T7754] ? handle_mm_fault+0x675/0xa90 [ 1369.552733][ T7754] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1369.558029][ T7754] handle_mm_fault+0x3bb/0xa90 [ 1369.562806][ T7754] __do_page_fault+0x536/0xdd0 [ 1369.567597][ T7754] do_page_fault+0x38/0x536 [ 1369.572107][ T7754] page_fault+0x39/0x40 [ 1369.576264][ T7754] RIP: 0033:0x430906 [ 1369.580254][ T7754] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1369.580263][ T7754] RSP: 002b:00007ffe495f9290 EFLAGS: 00010206 [ 1369.580275][ T7754] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1369.580291][ T7754] RDX: 000055555561f930 RSI: 0000555555627970 RDI: 0000000000000003 [ 1369.605975][ T7754] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555561e940 [ 1369.605984][ T7754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1369.605991][ T7754] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1369.606117][ T7754] memory: usage 1080kB, limit 0kB, failcnt 431332 [ 1369.652489][ T7754] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1369.659390][ T7754] Memory cgroup stats for /syz3: [ 1369.659508][ T7754] anon 73728 [ 1369.659508][ T7754] file 172032 [ 1369.659508][ T7754] kernel_stack 0 [ 1369.659508][ T7754] slab 962560 [ 1369.659508][ T7754] sock 0 [ 1369.659508][ T7754] shmem 8192 [ 1369.659508][ T7754] file_mapped 0 [ 1369.659508][ T7754] file_dirty 135168 [ 1369.659508][ T7754] file_writeback 0 [ 1369.659508][ T7754] anon_thp 0 [ 1369.659508][ T7754] inactive_anon 0 [ 1369.659508][ T7754] active_anon 73728 [ 1369.659508][ T7754] inactive_file 135168 [ 1369.659508][ T7754] active_file 118784 23:11:08 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, 0xffffffffffffffff, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) [ 1369.659508][ T7754] unevictable 0 [ 1369.659508][ T7754] slab_reclaimable 405504 [ 1369.659508][ T7754] slab_unreclaimable 557056 [ 1369.659508][ T7754] pgfault 105237 [ 1369.659508][ T7754] pgmajfault 0 [ 1369.659508][ T7754] workingset_refault 0 [ 1369.659508][ T7754] workingset_activate 0 [ 1369.659508][ T7754] workingset_nodereclaim 0 [ 1369.659508][ T7754] pgrefill 0 [ 1369.659508][ T7754] pgscan 0 [ 1369.659508][ T7754] pgsteal 0 [ 1369.659508][ T7754] pgactivate 0 [ 1369.755984][ T7754] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset= [ 1369.756002][ T7754] syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7754,uid=0 [ 1369.773757][ T7754] Memory cgroup out of memory: Killed process 7754 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1369.788551][ T1057] oom_reaper: reaped process 7754 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:09 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:09 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:09 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:09 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, 0xffffffffffffffff, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, &(0x7f0000001800)) 23:11:09 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fff}, 0x8000000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='nfs\x00', 0x0, &(0x7f000000a000)) pipe2(0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 23:11:09 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:09 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, 0x0, 0x0, &(0x7f0000001800)) 23:11:09 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:09 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:09 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(r0, 0x0, &(0x7f00000000c0), 0x80800) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='nfs\x00', 0x0, &(0x7f000000a000)) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') 23:11:09 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:09 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:09 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, 0x0, 0x0, &(0x7f0000001800)) 23:11:09 executing program 5: io_setup(0xffff, &(0x7f0000000380)) 23:11:09 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:09 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(0x0, 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:09 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:09 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, 0x0, 0x0, &(0x7f0000001800)) 23:11:09 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:09 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:10 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(0x0, 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:10 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) [ 1371.388567][ T7865] gfs2: not a GFS2 filesystem [ 1371.486890][ T7865] gfs2: not a GFS2 filesystem [ 1372.479241][T23407] device bridge_slave_1 left promiscuous mode [ 1372.485456][T23407] bridge0: port 2(bridge_slave_1) entered disabled state [ 1372.549755][T23407] device bridge_slave_0 left promiscuous mode [ 1372.555992][T23407] bridge0: port 1(bridge_slave_0) entered disabled state [ 1374.508849][T23407] device hsr_slave_0 left promiscuous mode [ 1374.548588][T23407] device hsr_slave_1 left promiscuous mode [ 1374.596413][T23407] team0 (unregistering): Port device team_slave_1 removed [ 1374.610863][T23407] team0 (unregistering): Port device team_slave_0 removed [ 1374.624383][T23407] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1374.655058][T23407] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1374.735446][T23407] bond0 (unregistering): Released all slaves [ 1374.837996][ T7874] IPVS: ftp: loaded support on port[0] = 21 [ 1374.904389][ T7874] chnl_net:caif_netlink_parms(): no params data found [ 1374.944399][ T7874] bridge0: port 1(bridge_slave_0) entered blocking state [ 1374.955467][ T7874] bridge0: port 1(bridge_slave_0) entered disabled state [ 1374.963698][ T7874] device bridge_slave_0 entered promiscuous mode [ 1374.972349][ T7874] bridge0: port 2(bridge_slave_1) entered blocking state [ 1374.979508][ T7874] bridge0: port 2(bridge_slave_1) entered disabled state [ 1374.987149][ T7874] device bridge_slave_1 entered promiscuous mode [ 1375.005680][ T7874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1375.016998][ T7874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1375.038214][ T7874] team0: Port device team_slave_0 added [ 1375.045803][ T7874] team0: Port device team_slave_1 added [ 1375.191694][ T7874] device hsr_slave_0 entered promiscuous mode [ 1375.234794][ T7874] device hsr_slave_1 entered promiscuous mode [ 1375.418678][ T7874] debugfs: Directory 'hsr0' with parent '/' already present! [ 1375.439114][ T7874] bridge0: port 2(bridge_slave_1) entered blocking state [ 1375.446210][ T7874] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1375.453682][ T7874] bridge0: port 1(bridge_slave_0) entered blocking state [ 1375.460791][ T7874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1375.515100][ T7874] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1375.529913][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1375.539932][T20827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1375.547967][T20827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1375.572779][ T7874] 8021q: adding VLAN 0 to HW filter on device team0 [ 1375.591032][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1375.599570][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 1375.606719][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1375.655423][ T7874] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1375.666015][ T7874] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1375.685519][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1375.694270][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 1375.701384][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1375.710226][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1375.719102][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1375.728672][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1375.737163][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1375.753513][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1375.762120][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1375.777793][ T7874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1375.921437][ T7882] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1375.971274][ T7883] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1375.981769][ T7883] CPU: 1 PID: 7883 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1375.989323][ T7883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.999396][ T7883] Call Trace: [ 1376.002716][ T7883] dump_stack+0x16f/0x1f0 [ 1376.007071][ T7883] dump_header+0x10b/0x831 [ 1376.011514][ T7883] oom_kill_process.cold+0x10/0x15 [ 1376.016639][ T7883] out_of_memory+0x79a/0x12d0 [ 1376.021341][ T7883] ? cgroup_file_notify+0x140/0x1b0 [ 1376.026540][ T7883] ? oom_killer_disable+0x280/0x280 [ 1376.031752][ T7883] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1376.037304][ T7883] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1376.042934][ T7883] ? cgroup_file_notify+0x140/0x1b0 [ 1376.048156][ T7883] memory_max_write+0x262/0x3a0 [ 1376.053007][ T7883] ? mem_cgroup_write+0x360/0x360 [ 1376.058043][ T7883] ? lock_acquire+0x190/0x400 [ 1376.062713][ T7883] ? kernfs_fop_write+0x227/0x480 [ 1376.067730][ T7883] cgroup_file_write+0x307/0x790 [ 1376.072675][ T7883] ? mem_cgroup_write+0x360/0x360 [ 1376.077691][ T7883] ? cgroup_show_path+0x590/0x590 [ 1376.082706][ T7883] ? cgroup_show_path+0x590/0x590 [ 1376.087715][ T7883] kernfs_fop_write+0x2b8/0x480 [ 1376.092559][ T7883] __vfs_write+0x8a/0x110 [ 1376.096874][ T7883] ? kernfs_fop_open+0xd80/0xd80 [ 1376.101816][ T7883] vfs_write+0x268/0x5d0 [ 1376.106044][ T7883] ksys_write+0x14f/0x290 [ 1376.110370][ T7883] ? __ia32_sys_read+0xb0/0xb0 [ 1376.115131][ T7883] ? do_syscall_64+0x26/0x6a0 [ 1376.119813][ T7883] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.125891][ T7883] ? do_syscall_64+0x26/0x6a0 [ 1376.130580][ T7883] __x64_sys_write+0x73/0xb0 [ 1376.135176][ T7883] do_syscall_64+0xfd/0x6a0 [ 1376.139685][ T7883] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.145577][ T7883] RIP: 0033:0x459829 [ 1376.149479][ T7883] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1376.169185][ T7883] RSP: 002b:00007fb72800fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1376.177607][ T7883] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1376.185565][ T7883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1376.193529][ T7883] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1376.201490][ T7883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb7280106d4 [ 1376.209458][ T7883] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1376.218711][ T7883] memory: usage 3444kB, limit 0kB, failcnt 431333 [ 1376.225158][ T7883] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1376.232071][ T7883] Memory cgroup stats for /syz3: [ 1376.232219][ T7883] anon 2174976 [ 1376.232219][ T7883] file 172032 [ 1376.232219][ T7883] kernel_stack 65536 [ 1376.232219][ T7883] slab 962560 [ 1376.232219][ T7883] sock 0 [ 1376.232219][ T7883] shmem 8192 [ 1376.232219][ T7883] file_mapped 0 [ 1376.232219][ T7883] file_dirty 135168 [ 1376.232219][ T7883] file_writeback 0 [ 1376.232219][ T7883] anon_thp 2097152 [ 1376.232219][ T7883] inactive_anon 0 [ 1376.232219][ T7883] active_anon 2174976 [ 1376.232219][ T7883] inactive_file 135168 [ 1376.232219][ T7883] active_file 118784 [ 1376.232219][ T7883] unevictable 0 [ 1376.232219][ T7883] slab_reclaimable 405504 [ 1376.232219][ T7883] slab_unreclaimable 557056 [ 1376.232219][ T7883] pgfault 105336 [ 1376.232219][ T7883] pgmajfault 0 [ 1376.232219][ T7883] workingset_refault 0 [ 1376.232219][ T7883] workingset_activate 0 [ 1376.232219][ T7883] workingset_nodereclaim 0 [ 1376.232219][ T7883] pgrefill 0 [ 1376.232219][ T7883] pgscan 0 [ 1376.232219][ T7883] pgsteal 0 [ 1376.232219][ T7883] pgactivate 0 [ 1376.328121][ T7883] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7881,uid=0 [ 1376.343540][ T7883] Memory cgroup out of memory: Killed process 7881 (syz-executor.3) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1376.362478][ T1057] oom_reaper: reaped process 7881 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:11:15 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:15 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100), 0x0, &(0x7f0000001800)) 23:11:15 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:15 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:15 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r0 = open$dir(0x0, 0x0, 0x0) getdents64(r0, 0x0, 0x0) 23:11:15 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) [ 1376.455092][ T7874] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1376.465223][ T7874] CPU: 0 PID: 7874 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1376.472782][ T7874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.482849][ T7874] Call Trace: [ 1376.486153][ T7874] dump_stack+0x16f/0x1f0 [ 1376.490508][ T7874] dump_header+0x10b/0x831 [ 1376.494931][ T7874] ? oom_kill_process+0x94/0x3c0 [ 1376.499882][ T7874] oom_kill_process.cold+0x10/0x15 23:11:15 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) 23:11:15 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) 23:11:15 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) [ 1376.505006][ T7874] out_of_memory+0x79a/0x12d0 [ 1376.509692][ T7874] ? lock_downgrade+0x920/0x920 [ 1376.514557][ T7874] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1376.520373][ T7874] ? oom_killer_disable+0x280/0x280 [ 1376.525589][ T7874] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1376.531141][ T7874] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1376.536787][ T7874] ? do_raw_spin_unlock+0x57/0x270 [ 1376.541909][ T7874] ? _raw_spin_unlock+0x23/0x30 [ 1376.546776][ T7874] try_charge+0x1053/0x1430 [ 1376.551287][ T7874] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1376.556840][ T7874] ? percpu_ref_tryget_live+0x104/0x270 [ 1376.562407][ T7874] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1376.562425][ T7874] mem_cgroup_try_charge+0x136/0x590 [ 1376.562444][ T7874] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1376.573279][ T7874] wp_page_copy+0x27c/0x1380 [ 1376.573295][ T7874] ? find_held_lock+0x35/0x130 [ 1376.573316][ T7874] ? pmd_pfn+0x1d0/0x1d0 [ 1376.592522][ T7874] ? lock_downgrade+0x920/0x920 [ 1376.597395][ T7874] ? swp_swapcount+0x520/0x520 [ 1376.602174][ T7874] ? __kasan_check_read+0x11/0x20 [ 1376.607212][ T7874] ? do_raw_spin_unlock+0x57/0x270 [ 1376.612339][ T7874] do_wp_page+0x499/0x14d0 [ 1376.616775][ T7874] ? finish_mkwrite_fault+0x570/0x570 [ 1376.622164][ T7874] __handle_mm_fault+0x2120/0x3ce0 [ 1376.627297][ T7874] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1376.632866][ T7874] ? handle_mm_fault+0x294/0xa90 [ 1376.637835][ T7874] ? handle_mm_fault+0x675/0xa90 [ 1376.642799][ T7874] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1376.648100][ T7874] handle_mm_fault+0x3bb/0xa90 [ 1376.652876][ T7874] __do_page_fault+0x536/0xdd0 [ 1376.652901][ T7874] do_page_fault+0x38/0x536 [ 1376.652921][ T7874] page_fault+0x39/0x40 [ 1376.662187][ T7874] RIP: 0033:0x430906 [ 1376.662203][ T7874] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1376.662210][ T7874] RSP: 002b:00007ffc9ce7a1c0 EFLAGS: 00010206 [ 1376.662221][ T7874] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 23:11:15 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000180)='ramfs\x00', 0x0, &(0x7f00000001c0)) [ 1376.662230][ T7874] RDX: 000055555702d930 RSI: 0000555557035970 RDI: 0000000000000003 [ 1376.662245][ T7874] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555702c940 [ 1376.719840][ T7874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1376.727820][ T7874] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1376.736701][ T7874] memory: usage 1068kB, limit 0kB, failcnt 431341 [ 1376.743192][ T7874] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1376.745357][ T7889] gfs2: not a GFS2 filesystem 23:11:15 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x0) [ 1376.750099][ T7874] Memory cgroup stats for /syz3: [ 1376.750205][ T7874] anon 81920 [ 1376.750205][ T7874] file 172032 [ 1376.750205][ T7874] kernel_stack 0 [ 1376.750205][ T7874] slab 962560 [ 1376.750205][ T7874] sock 0 [ 1376.750205][ T7874] shmem 8192 [ 1376.750205][ T7874] file_mapped 0 [ 1376.750205][ T7874] file_dirty 135168 [ 1376.750205][ T7874] file_writeback 0 [ 1376.750205][ T7874] anon_thp 0 [ 1376.750205][ T7874] inactive_anon 0 [ 1376.750205][ T7874] active_anon 81920 [ 1376.750205][ T7874] inactive_file 135168 [ 1376.750205][ T7874] active_file 118784 [ 1376.750205][ T7874] unevictable 0 [ 1376.750205][ T7874] slab_reclaimable 405504 [ 1376.750205][ T7874] slab_unreclaimable 557056 [ 1376.750205][ T7874] pgfault 105336 [ 1376.750205][ T7874] pgmajfault 0 [ 1376.750205][ T7874] workingset_refault 0 [ 1376.750205][ T7874] workingset_activate 0 [ 1376.750205][ T7874] workingset_nodereclaim 0 [ 1376.750205][ T7874] pgrefill 0 [ 1376.750205][ T7874] pgscan 0 [ 1376.750205][ T7874] pgsteal 0 [ 1376.750205][ T7874] pgactivate 0 23:11:15 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)) [ 1376.849529][ T7874] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7874,uid=0 [ 1376.864963][ T7874] Memory cgroup out of memory: Killed process 7874 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1376.879307][ T1057] oom_reaper: reaped process 7874 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:16 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:16 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100), 0x0, &(0x7f0000001800)) 23:11:16 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:16 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) 23:11:16 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:16 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)) 23:11:16 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) 23:11:16 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)) [ 1377.575940][ T7923] gfs2: not a GFS2 filesystem 23:11:16 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100), 0x0, &(0x7f0000001800)) 23:11:16 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:16 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:16 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:16 executing program 2: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r0, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) 23:11:16 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) 23:11:16 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:11:16 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, 0x0) [ 1378.098619][ T7961] gfs2: not a GFS2 filesystem 23:11:16 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(0xffffffffffffffff, &(0x7f0000000700), 0x31f, 0x0) 23:11:17 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) 23:11:17 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, 0x0) 23:11:17 executing program 5: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:17 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(0xffffffffffffffff, &(0x7f0000000700), 0x31f, 0x0) 23:11:17 executing program 4: mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=']) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) [ 1379.915241][T23407] device bridge_slave_1 left promiscuous mode [ 1379.921589][T23407] bridge0: port 2(bridge_slave_1) entered disabled state [ 1379.969411][T23407] device bridge_slave_0 left promiscuous mode [ 1379.975578][T23407] bridge0: port 1(bridge_slave_0) entered disabled state [ 1381.950184][T23407] device hsr_slave_0 left promiscuous mode [ 1381.989095][T23407] device hsr_slave_1 left promiscuous mode [ 1382.048769][T23407] team0 (unregistering): Port device team_slave_1 removed [ 1382.061325][T23407] team0 (unregistering): Port device team_slave_0 removed [ 1382.072438][T23407] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1382.122575][T23407] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1382.196076][T23407] bond0 (unregistering): Released all slaves [ 1382.299508][ T7996] IPVS: ftp: loaded support on port[0] = 21 [ 1382.375495][ T7996] chnl_net:caif_netlink_parms(): no params data found [ 1382.407813][ T7996] bridge0: port 1(bridge_slave_0) entered blocking state [ 1382.414951][ T7996] bridge0: port 1(bridge_slave_0) entered disabled state [ 1382.423048][ T7996] device bridge_slave_0 entered promiscuous mode [ 1382.431098][ T7996] bridge0: port 2(bridge_slave_1) entered blocking state [ 1382.438195][ T7996] bridge0: port 2(bridge_slave_1) entered disabled state [ 1382.445971][ T7996] device bridge_slave_1 entered promiscuous mode [ 1382.464301][ T7996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1382.537517][ T7996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1382.575802][ T7996] team0: Port device team_slave_0 added [ 1382.589132][ T7996] team0: Port device team_slave_1 added [ 1382.801852][ T7996] device hsr_slave_0 entered promiscuous mode [ 1382.948938][ T7996] device hsr_slave_1 entered promiscuous mode [ 1383.158562][ T7996] debugfs: Directory 'hsr0' with parent '/' already present! [ 1383.184719][ T7996] bridge0: port 2(bridge_slave_1) entered blocking state [ 1383.192004][ T7996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1383.199546][ T7996] bridge0: port 1(bridge_slave_0) entered blocking state [ 1383.206642][ T7996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1383.257223][ T7996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1383.270629][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1383.280346][ T9070] bridge0: port 1(bridge_slave_0) entered disabled state [ 1383.289747][ T9070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1383.304858][ T7996] 8021q: adding VLAN 0 to HW filter on device team0 [ 1383.317827][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1383.327110][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1383.336003][ T9070] bridge0: port 1(bridge_slave_0) entered blocking state [ 1383.343326][ T9070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1383.368667][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1383.377618][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1383.386984][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1383.394144][ T9070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1383.401969][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1383.411153][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1383.421894][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1383.431112][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1383.440261][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1383.449498][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1383.461209][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1383.470138][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1383.479988][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1383.493623][ T7996] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1383.506045][ T7996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1383.514584][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1383.523220][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1383.545173][ T7996] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1383.661001][ T8004] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1383.746605][ T8004] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1383.758512][ T8004] CPU: 1 PID: 8004 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1383.766551][ T8004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1383.777090][ T8004] Call Trace: [ 1383.780489][ T8004] dump_stack+0x16f/0x1f0 [ 1383.784946][ T8004] dump_header+0x10b/0x831 [ 1383.789538][ T8004] oom_kill_process.cold+0x10/0x15 [ 1383.794784][ T8004] out_of_memory+0x79a/0x12d0 [ 1383.799568][ T8004] ? retint_kernel+0x10/0x10 [ 1383.804530][ T8004] ? oom_killer_disable+0x280/0x280 [ 1383.810015][ T8004] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1383.815680][ T8004] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1383.821640][ T8004] ? cgroup_file_notify+0x140/0x1b0 [ 1383.826858][ T8004] memory_max_write+0x262/0x3a0 [ 1383.832136][ T8004] ? mem_cgroup_write+0x360/0x360 [ 1383.837160][ T8004] ? lock_acquire+0x190/0x400 [ 1383.842170][ T8004] ? kernfs_fop_write+0x227/0x480 [ 1383.847434][ T8004] cgroup_file_write+0x307/0x790 [ 1383.852402][ T8004] ? mem_cgroup_write+0x360/0x360 [ 1383.857440][ T8004] ? cgroup_show_path+0x590/0x590 [ 1383.862739][ T8004] ? cgroup_show_path+0x590/0x590 [ 1383.867852][ T8004] kernfs_fop_write+0x2b8/0x480 [ 1383.872910][ T8004] __vfs_write+0x8a/0x110 [ 1383.877341][ T8004] ? kernfs_fop_open+0xd80/0xd80 [ 1383.882516][ T8004] vfs_write+0x268/0x5d0 [ 1383.887070][ T8004] ksys_write+0x14f/0x290 [ 1383.891611][ T8004] ? __ia32_sys_read+0xb0/0xb0 [ 1383.897453][ T8004] ? do_syscall_64+0x26/0x6a0 [ 1383.902275][ T8004] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.908682][ T8004] ? do_syscall_64+0x26/0x6a0 [ 1383.913365][ T8004] __x64_sys_write+0x73/0xb0 [ 1383.918209][ T8004] do_syscall_64+0xfd/0x6a0 [ 1383.922735][ T8004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.928763][ T8004] RIP: 0033:0x459829 [ 1383.932802][ T8004] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1383.952676][ T8004] RSP: 002b:00007f7332584c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1383.961106][ T8004] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1383.969287][ T8004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1383.978006][ T8004] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1383.986680][ T8004] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73325856d4 [ 1383.994872][ T8004] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1384.003131][ T8004] memory: usage 3404kB, limit 0kB, failcnt 431342 [ 1384.010074][ T8004] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1384.017671][ T8004] Memory cgroup stats for /syz3: [ 1384.019031][ T8004] anon 2129920 [ 1384.019031][ T8004] file 172032 [ 1384.019031][ T8004] kernel_stack 65536 [ 1384.019031][ T8004] slab 962560 [ 1384.019031][ T8004] sock 0 [ 1384.019031][ T8004] shmem 8192 [ 1384.019031][ T8004] file_mapped 0 [ 1384.019031][ T8004] file_dirty 135168 [ 1384.019031][ T8004] file_writeback 0 [ 1384.019031][ T8004] anon_thp 2097152 [ 1384.019031][ T8004] inactive_anon 0 [ 1384.019031][ T8004] active_anon 2129920 [ 1384.019031][ T8004] inactive_file 135168 [ 1384.019031][ T8004] active_file 118784 [ 1384.019031][ T8004] unevictable 0 [ 1384.019031][ T8004] slab_reclaimable 405504 [ 1384.019031][ T8004] slab_unreclaimable 557056 [ 1384.019031][ T8004] pgfault 105369 [ 1384.019031][ T8004] pgmajfault 0 [ 1384.019031][ T8004] workingset_refault 0 [ 1384.019031][ T8004] workingset_activate 0 [ 1384.019031][ T8004] workingset_nodereclaim 0 [ 1384.019031][ T8004] pgrefill 0 [ 1384.019031][ T8004] pgscan 0 [ 1384.019031][ T8004] pgsteal 0 [ 1384.019031][ T8004] pgactivate 0 [ 1384.120727][ T8004] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8003,uid=0 [ 1384.137313][ T8004] Memory cgroup out of memory: Killed process 8003 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1384.153346][ T1057] oom_reaper: reaped process 8003 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 1384.263064][ T7996] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1384.273561][ T7996] CPU: 1 PID: 7996 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1384.281633][ T7996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1384.291721][ T7996] Call Trace: [ 1384.295630][ T7996] dump_stack+0x16f/0x1f0 [ 1384.300113][ T7996] dump_header+0x10b/0x831 [ 1384.304860][ T7996] ? oom_kill_process+0x94/0x3c0 23:11:23 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:23 executing program 1: r0 = memfd_create(&(0x7f0000000280)='#g\x04\x00\x00\x00\x10r\xe9\xdf\xb1\xb9a\xb7\x11\x98\xdb\xabT\xf0\xd4#\xc8\xcfr\xe2 \xfe\x15\xd2G\xa4\xf1\xb7\xd27\xe0N\x11\x86i\x80\xaeI\x9b\xcfAd8\x03\x11O9\xe7!8\x82\xeag!\xb6\xbb\x06\xc0P\x99L', 0x0) writev(r0, &(0x7f0000001400)=[{&(0x7f0000000000)="1459bcabf09d9a7493b7ffe166c2bbcd0a321dd088a0c9c9b941425dd934eebce6911cad5010f4277306be85be1840bee51102ea0a11bd33eebe3ae235a416e5a248aaca90816d655efd690ed4a2b47b343cd5212d191cda3c1866b79d7e3f41917107a20c659be73c6f5d2f053a4ecef27d8660a57f931d8e", 0x79}, {&(0x7f0000000080)="c6db00c5c22765f6167653232835718eb2534c54ed21e2d244742ef3d328967ea8028994fc9e33faf4a3873c70c732e66283a3926f821551ffdda1ea18f0eee53ac56e8ce1b422c586c34c257ce4a299f1ecc806f979769f3f1de44f6b0354d80fe87ad142017fa7fa46ab8d0c71bb23dce5c32d5feb56", 0x77}, {&(0x7f0000000180)="f8a0b08aefe9f3d4c79ee89ff15395dc644a98bb62b76b0a677aacc02ed54f191cd33d0a0a9ff3edc8c45b44f263e60677f774ec8db6dd1ae8d9a094ef2d29e1c55a347ac1544e35328545678d930010c6ff7f19791f8b8c71eb080d80c789e21ef235a13c", 0x65}, {&(0x7f0000000200)="ba20d2f179410508be4d929e6733a681a0a84e9e3a2a5b27a19eba353445d612d7b73f1c447fda70", 0x28}, {&(0x7f0000000300)="1a760deadc6f282d8b8b755c0b90bc09d98816cfb1409ec1be9c16d2513fd8c62da6542a4603d82a6f803e94102bdd2e2d72784977ae93cf0b62984821e9b46344ab1556d0e9450c15bcc071c7dceb93f3e7313a946c04d6fbef98037c298267b3aa885718aa5303053a6254ae227f74efab65f8773e68301b8f829fda9a26a62d4ce4f3207b6f9ba68d419c08720c2472d5099131a04bcbd8d3c47f685226a67507da7972d56218518a1b0c2b97f6686f38de54f7264fd59e6f9e202be29062df40b4d700101aeb8eb389afa6cb7174d1b0544101058644c5b971652357b1a93583a3b961f5c553f0c202e1ced2778fd4fc4168943e87396b4c8b3b504f14a479baf25e16d1bcc841074e9097a4d7b399fdacb100c21171d7561cf7c971eeba73e75cb9832d74db96e0ca30ee2c7bf12ce444d26987954931118da330f8684c8b5c78b39846a010566c0717db3e787fdebc72f15796ab6c720cd236c5eb042105829a8487e95a25b8ce340d316ffcaafd31538ae1aca7f136002e06dceb9246a7d50ee89b09aeea456d8e6041c4b316951386a961ad5d24bd6c1404e92eeff1c70bc7f65a3799c4427813e263b7be2afa4d16c3f344186497f88562b8b9a367239214c41825863b2cddd40419cb931b51c833899f9ff9badce1486513f1632cd6881c5fa87bb246739b098a82f795bbb3d47790822650094554a90859c546641c8bda5c506dde1b2998756c00aa838f66cd0927909b162356d5075f569723f02cb8893822ecca1ef29fdfff15bca68ff66b8e8473a4ff6654d8e5d2ee3cbe1a58608bc57312d534845b6db545ceb39d80d1328a8a4f85bd54d5467700d09e93f6eba64e6080c337f8e768dec681f4deaa1b514cc525ab19c2cfa0864c09352a51525c998ebad6167275953e32b91abfb9201e85962fd9ba4cdeb5b04af527f8c2aa695793a7ba72e07ddddbe0d5c2e3d8f8465c635e0d95b4da7b8f0be51f71d583a52e6d46471d9efa4d3484372d9313888b8c038055a1caae7dae9e3f72c06736bb54040f3a9f471d7e51d82015d502e01a4dfff3478b19381a72dda99d0ac38e4de966e43ea2946161d49f4f2db69dfbdfd282a0437d8ac7b9a04e900c63cf1aa50a38aa86a4d6df84ae2ac80cf4a081f98a3ea93190d863040356c666db139a24ef7938f7f02957bab4a566cc931799c82004fa4b40800f97be0459732c58722f485c4717c7c4a266de1cd7843791a29da71071f19b8d14de3250b43b68c606d4d4793a0141f98cff8fb2c8fa620f9525c52023030728ff19c5379a05a51b31d3b7cb373f2f2653f691efc27406b4349bc1ed3f132c7fb3b4a2c6e5f7c765727dcd46bd84c663e8e8acff08901ca3280d86da14377e1ecc012920167dd56821712796b16b9b0e590fbe72525608d3eedf1d016133f80c5c216780c811dce1cad7748598b889032d1a7d2a9bd39857d951412e7e48d69b1ac3198d43b75148b1bff7f709db6f5a5eccd26ce1ab5e2b02a344a9316463861f45989f8ef5e27dbde0a206f1efa42be1ee87faeb8219b08a2aa716ca423d44d25f1379eccbe81ef2f6198de31575d9f57c976888e8d9fa629ac0e4726a6e9ccc02bd763fc7b1f01adbc093db90e33b6d14f4eef64432d3548b487979a1561adf5feecc71e253c29a5b98d7f658886395b45e93ea3785774dbc5e0650f493056dcbf6628d566af25b82fc41b1760c13e7927a24bbc3a1e3b6bf43f3f1d74696046f35b63432e26fffc19c40b12ba9f3b30b33e33ad537f587a608566f6bb879c40a59b49a4a18b33d4572c4bcd41476e937023d42abe9d428263ad3932e6c647fbd2663490da81bfd08bf87769ce7d1e84e4750bbd6cadad43ec2784daaa61ed70d6b12dfa21394e756a854e4d1ac8004711eb8b464f8c3970be0964d7d09dc4553cc3098f645a8fe74908c556cd79ea6a7ff62a7a268e4fec479b9d160a03d9396cb2875ebb8f49f6cd26a6b17414d217a2d8582336832eaa41a69c46b68473f706aba54d258ccf84405817069caadd49304559804faed8aba5f932337d898fa53b9b7061690f8a69618a51e18b9366b4be7cee6c5e70d8f02936d334d0421f21ae22f5f2389a7b88b387df433d0d3959421fdb096427794c5e1c044b953a90c7842cee8e0f168c93e713f959f910c6f56f91c29a1ff4c4eff33b2d8e853c72a8cfee7340a105c52f66df8575a91554c2cbc2ef365b0d02984e3d4bff4bab4d2126e5ece903fec4bfbd473e4e8b9002e967fbd68e776017405580987dddd09a26cf1e6c99146c29a0c90784ed68136f6c37d6703314e1ffa3fa30fd42b07f162bf35421af9eb1aa3f6bc829541bbfe096602add4d4", 0x68f}], 0x5) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{}], 0x1, 0x0) 23:11:23 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x3, 0x400) getsockopt$inet6_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mount(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) socket$inet(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) epoll_create(0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x1, 0x0) r4 = memfd_create(&(0x7f0000000000)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r4, &(0x7f0000000340)=[{&(0x7f0000000080)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r4) sendfile(r3, r3, 0x0, 0x9f50) ioctl$LOOP_CLR_FD(r3, 0x4c01) ioctl$LOOP_SET_FD(r3, 0x4c00, r4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') dup2(r2, r1) 23:11:23 executing program 5: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:23 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(0xffffffffffffffff, &(0x7f0000000700), 0x31f, 0x0) 23:11:23 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 1384.310185][ T7996] oom_kill_process.cold+0x10/0x15 [ 1384.315426][ T7996] out_of_memory+0x79a/0x12d0 [ 1384.320140][ T7996] ? lock_downgrade+0x920/0x920 [ 1384.325540][ T7996] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1384.331576][ T7996] ? oom_killer_disable+0x280/0x280 [ 1384.336904][ T7996] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1384.342602][ T7996] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1384.348265][ T7996] ? do_raw_spin_unlock+0x57/0x270 [ 1384.353679][ T7996] ? _raw_spin_unlock+0x23/0x30 [ 1384.358960][ T7996] try_charge+0x1053/0x1430 [ 1384.363664][ T7996] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1384.369229][ T7996] ? percpu_ref_tryget_live+0x104/0x270 [ 1384.374895][ T7996] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1384.380637][ T7996] mem_cgroup_try_charge+0x136/0x590 [ 1384.386243][ T7996] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1384.392022][ T7996] wp_page_copy+0x27c/0x1380 [ 1384.396836][ T7996] ? find_held_lock+0x35/0x130 [ 1384.401875][ T7996] ? pmd_pfn+0x1d0/0x1d0 [ 1384.406321][ T7996] ? lock_downgrade+0x920/0x920 [ 1384.411192][ T7996] ? swp_swapcount+0x520/0x520 [ 1384.415978][ T7996] ? __kasan_check_read+0x11/0x20 [ 1384.421262][ T7996] ? do_raw_spin_unlock+0x57/0x270 [ 1384.426390][ T7996] do_wp_page+0x499/0x14d0 [ 1384.430912][ T7996] ? finish_mkwrite_fault+0x570/0x570 [ 1384.436669][ T7996] __handle_mm_fault+0x2120/0x3ce0 [ 1384.441797][ T7996] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1384.447381][ T7996] ? handle_mm_fault+0x294/0xa90 [ 1384.452482][ T7996] ? handle_mm_fault+0x675/0xa90 [ 1384.457514][ T7996] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1384.463071][ T7996] handle_mm_fault+0x3bb/0xa90 [ 1384.467858][ T7996] __do_page_fault+0x536/0xdd0 [ 1384.472727][ T7996] do_page_fault+0x38/0x536 [ 1384.477430][ T7996] page_fault+0x39/0x40 [ 1384.481601][ T7996] RIP: 0033:0x4034f2 [ 1384.485519][ T7996] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 1384.505151][ T7996] RSP: 002b:00007fff106a1b50 EFLAGS: 00010246 [ 1384.511305][ T7996] RAX: 0000000000000000 RBX: 0000000000151cfa RCX: 0000000000413430 [ 1384.519296][ T7996] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff106a2c80 [ 1384.527576][ T7996] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556533940 [ 1384.535571][ T7996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff106a2c80 [ 1384.543649][ T7996] R13: 00007fff106a2c70 R14: 0000000000000000 R15: 00007fff106a2c80 [ 1384.551768][ T7996] memory: usage 1076kB, limit 0kB, failcnt 431350 [ 1384.558292][ T7996] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1384.565218][ T7996] Memory cgroup stats for /syz3: [ 1384.565331][ T7996] anon 28672 [ 1384.565331][ T7996] file 172032 [ 1384.565331][ T7996] kernel_stack 0 [ 1384.565331][ T7996] slab 962560 [ 1384.565331][ T7996] sock 0 [ 1384.565331][ T7996] shmem 8192 [ 1384.565331][ T7996] file_mapped 0 [ 1384.565331][ T7996] file_dirty 135168 [ 1384.565331][ T7996] file_writeback 0 [ 1384.565331][ T7996] anon_thp 0 [ 1384.565331][ T7996] inactive_anon 0 [ 1384.565331][ T7996] active_anon 28672 [ 1384.565331][ T7996] inactive_file 135168 [ 1384.565331][ T7996] active_file 118784 [ 1384.565331][ T7996] unevictable 0 [ 1384.565331][ T7996] slab_reclaimable 405504 [ 1384.565331][ T7996] slab_unreclaimable 557056 [ 1384.565331][ T7996] pgfault 105369 [ 1384.565331][ T7996] pgmajfault 0 [ 1384.565331][ T7996] workingset_refault 0 [ 1384.565331][ T7996] workingset_activate 0 [ 1384.565331][ T7996] workingset_nodereclaim 0 [ 1384.565331][ T7996] pgrefill 0 [ 1384.565331][ T7996] pgscan 0 [ 1384.565331][ T7996] pgsteal 0 [ 1384.565331][ T7996] pgactivate 0 23:11:23 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) utime(&(0x7f00000004c0)='./file0/../file0\x00', 0x0) [ 1384.661925][ T7996] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7996,uid=0 [ 1384.662014][ T7996] Memory cgroup out of memory: Killed process 7996 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1384.677226][ T1057] oom_reaper: reaped process 7996 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:23 executing program 1: 23:11:23 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, 0x0, 0x0, 0x0) 23:11:23 executing program 4: 23:11:23 executing program 2: 23:11:23 executing program 1: 23:11:24 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:24 executing program 5: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:24 executing program 4: 23:11:24 executing program 2: 23:11:24 executing program 1: 23:11:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, 0x0, 0x0, 0x0) 23:11:24 executing program 4: 23:11:24 executing program 2: 23:11:24 executing program 1: 23:11:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') preadv(r0, 0x0, 0x0, 0x0) 23:11:24 executing program 4: 23:11:24 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:24 executing program 2: 23:11:24 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:24 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @dev}], 0x1c) 23:11:24 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') fallocate(r0, 0x0, 0x0, 0x5) 23:11:24 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0xffffffffffffffff, 0x1) 23:11:24 executing program 4: r0 = epoll_create1(0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000140)) 23:11:24 executing program 1: ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000240)) socket$kcm(0x2b, 0x200000000000001, 0x0) unlink(&(0x7f0000000200)='./file0\x00') ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, 0x0) write$cgroup_int(r0, &(0x7f00000000c0), 0x12) 23:11:24 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') sendfile(r0, r0, 0x0, 0x401) 23:11:24 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:25 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0xffffffffffffffff, 0x1) 23:11:25 executing program 4: [ 1387.529757][T23426] device bridge_slave_1 left promiscuous mode [ 1387.536088][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1387.569904][T23426] device bridge_slave_0 left promiscuous mode [ 1387.576207][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1389.579116][T23426] device hsr_slave_0 left promiscuous mode [ 1389.629370][T23426] device hsr_slave_1 left promiscuous mode [ 1389.679554][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1389.693090][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1389.705347][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1389.753670][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1389.825833][T23426] bond0 (unregistering): Released all slaves [ 1389.927817][ T8102] IPVS: ftp: loaded support on port[0] = 21 [ 1390.001779][ T8102] chnl_net:caif_netlink_parms(): no params data found [ 1390.044145][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1390.051791][ T8102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1390.060168][ T8102] device bridge_slave_0 entered promiscuous mode [ 1390.068709][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1390.076079][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1390.084934][ T8102] device bridge_slave_1 entered promiscuous mode [ 1390.105203][ T8102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1390.116760][ T8102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1390.140709][ T8102] team0: Port device team_slave_0 added [ 1390.148591][ T8102] team0: Port device team_slave_1 added [ 1390.241769][ T8102] device hsr_slave_0 entered promiscuous mode [ 1390.309031][ T8102] device hsr_slave_1 entered promiscuous mode [ 1390.538601][ T8102] debugfs: Directory 'hsr0' with parent '/' already present! [ 1390.565829][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1390.573232][ T8102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1390.581278][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1390.588768][ T8102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1390.656005][ T8102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1390.677887][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1390.694250][ T4577] bridge0: port 1(bridge_slave_0) entered disabled state [ 1390.703678][ T4577] bridge0: port 2(bridge_slave_1) entered disabled state [ 1390.726823][ T8102] 8021q: adding VLAN 0 to HW filter on device team0 [ 1390.747007][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1390.755750][ T4577] bridge0: port 1(bridge_slave_0) entered blocking state [ 1390.762993][ T4577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1390.803105][ T8102] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1390.813934][ T8102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1390.828317][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1390.837327][ T4577] bridge0: port 2(bridge_slave_1) entered blocking state [ 1390.844825][ T4577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1390.854104][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1390.863602][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1390.874588][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1390.884244][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1390.896194][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1390.906910][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1390.939686][ T8102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1391.082357][ T8110] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1391.109903][ T8110] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1391.121690][ T8110] CPU: 0 PID: 8110 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1391.129422][ T8110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.140430][ T8110] Call Trace: [ 1391.144088][ T8110] dump_stack+0x16f/0x1f0 [ 1391.148757][ T8110] dump_header+0x10b/0x831 [ 1391.153196][ T8110] oom_kill_process.cold+0x10/0x15 [ 1391.158908][ T8110] out_of_memory+0x79a/0x12d0 [ 1391.164678][ T8110] ? cgroup_file_notify+0x140/0x1b0 [ 1391.170616][ T8110] ? oom_killer_disable+0x280/0x280 [ 1391.176872][ T8110] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1391.183179][ T8110] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1391.189029][ T8110] ? cgroup_file_notify+0x140/0x1b0 [ 1391.195503][ T8110] memory_max_write+0x262/0x3a0 [ 1391.201665][ T8110] ? mem_cgroup_write+0x360/0x360 [ 1391.206808][ T8110] ? lock_acquire+0x190/0x400 [ 1391.211693][ T8110] ? kernfs_fop_write+0x227/0x480 [ 1391.217679][ T8110] cgroup_file_write+0x307/0x790 [ 1391.223347][ T8110] ? mem_cgroup_write+0x360/0x360 [ 1391.228862][ T8110] ? cgroup_show_path+0x590/0x590 [ 1391.234622][ T8110] ? cgroup_show_path+0x590/0x590 [ 1391.240052][ T8110] kernfs_fop_write+0x2b8/0x480 [ 1391.245364][ T8110] __vfs_write+0x8a/0x110 [ 1391.249850][ T8110] ? kernfs_fop_open+0xd80/0xd80 [ 1391.255254][ T8110] vfs_write+0x268/0x5d0 [ 1391.259539][ T8110] ksys_write+0x14f/0x290 [ 1391.264740][ T8110] ? __ia32_sys_read+0xb0/0xb0 [ 1391.270237][ T8110] ? do_syscall_64+0x26/0x6a0 [ 1391.275419][ T8110] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1391.282881][ T8110] ? do_syscall_64+0x26/0x6a0 [ 1391.288172][ T8110] __x64_sys_write+0x73/0xb0 [ 1391.292779][ T8110] do_syscall_64+0xfd/0x6a0 [ 1391.297750][ T8110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1391.305439][ T8110] RIP: 0033:0x459829 [ 1391.310423][ T8110] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1391.335888][ T8110] RSP: 002b:00007f61ef1abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1391.345045][ T8110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1391.353272][ T8110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1391.361805][ T8110] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1391.370267][ T8110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61ef1ac6d4 [ 1391.378460][ T8110] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1391.388941][ T8110] memory: usage 3412kB, limit 0kB, failcnt 431351 [ 1391.395490][ T8110] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1391.402728][ T8110] Memory cgroup stats for /syz3: [ 1391.402858][ T8110] anon 2174976 [ 1391.402858][ T8110] file 172032 [ 1391.402858][ T8110] kernel_stack 0 [ 1391.402858][ T8110] slab 1101824 [ 1391.402858][ T8110] sock 0 [ 1391.402858][ T8110] shmem 8192 [ 1391.402858][ T8110] file_mapped 0 [ 1391.402858][ T8110] file_dirty 135168 [ 1391.402858][ T8110] file_writeback 0 [ 1391.402858][ T8110] anon_thp 2097152 [ 1391.402858][ T8110] inactive_anon 0 [ 1391.402858][ T8110] active_anon 2174976 [ 1391.402858][ T8110] inactive_file 135168 [ 1391.402858][ T8110] active_file 118784 [ 1391.402858][ T8110] unevictable 0 [ 1391.402858][ T8110] slab_reclaimable 405504 [ 1391.402858][ T8110] slab_unreclaimable 696320 [ 1391.402858][ T8110] pgfault 105468 [ 1391.402858][ T8110] pgmajfault 0 [ 1391.402858][ T8110] workingset_refault 0 [ 1391.402858][ T8110] workingset_activate 0 [ 1391.402858][ T8110] workingset_nodereclaim 0 [ 1391.402858][ T8110] pgrefill 0 [ 1391.402858][ T8110] pgscan 0 [ 1391.402858][ T8110] pgsteal 0 [ 1391.402858][ T8110] pgactivate 0 [ 1391.503533][ T8110] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8109,uid=0 [ 1391.520306][ T8110] Memory cgroup out of memory: Killed process 8109 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB 23:11:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:30 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={[{@localflocks='localflocks'}]}) 23:11:30 executing program 2: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffd8) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001a80)={0x0, 0x0, 0x0}, 0x0) [ 1391.540856][ T1057] oom_reaper: reaped process 8109 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 1391.572653][ T8102] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1391.583685][ T8102] CPU: 1 PID: 8102 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1391.591674][ T8102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.602150][ T8102] Call Trace: [ 1391.605483][ T8102] dump_stack+0x16f/0x1f0 [ 1391.609843][ T8102] dump_header+0x10b/0x831 [ 1391.614283][ T8102] ? oom_kill_process+0x94/0x3c0 [ 1391.619350][ T8102] oom_kill_process.cold+0x10/0x15 [ 1391.624488][ T8102] out_of_memory+0x79a/0x12d0 [ 1391.624507][ T8102] ? lock_downgrade+0x920/0x920 [ 1391.624534][ T8102] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 23:11:30 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 23:11:30 executing program 1: ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000240)) socket$kcm(0x2b, 0x200000000000001, 0x0) unlink(&(0x7f0000000200)='./file0\x00') ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, 0x0) write$cgroup_int(r0, &(0x7f00000000c0), 0x12) 23:11:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0xffffffffffffffff, 0x1) [ 1391.624555][ T8102] ? oom_killer_disable+0x280/0x280 [ 1391.634722][ T8102] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1391.652005][ T8102] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1391.658116][ T8102] ? do_raw_spin_unlock+0x57/0x270 [ 1391.663272][ T8102] ? _raw_spin_unlock+0x23/0x30 [ 1391.668247][ T8102] try_charge+0x1053/0x1430 [ 1391.672988][ T8102] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1391.678871][ T8102] ? percpu_ref_tryget_live+0x104/0x270 [ 1391.684578][ T8102] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1391.690165][ T8102] mem_cgroup_try_charge+0x136/0x590 [ 1391.695812][ T8102] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1391.701477][ T8102] wp_page_copy+0x27c/0x1380 [ 1391.706184][ T8102] ? find_held_lock+0x35/0x130 [ 1391.710988][ T8102] ? pmd_pfn+0x1d0/0x1d0 [ 1391.715452][ T8102] ? lock_downgrade+0x920/0x920 [ 1391.720466][ T8102] ? swp_swapcount+0x520/0x520 [ 1391.725598][ T8102] ? __kasan_check_read+0x11/0x20 [ 1391.730653][ T8102] ? do_raw_spin_unlock+0x57/0x270 [ 1391.736149][ T8102] do_wp_page+0x499/0x14d0 [ 1391.740614][ T8102] ? finish_mkwrite_fault+0x570/0x570 [ 1391.746113][ T8102] __handle_mm_fault+0x2120/0x3ce0 [ 1391.752762][ T8102] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1391.759118][ T8102] ? handle_mm_fault+0x294/0xa90 [ 1391.764356][ T8102] ? handle_mm_fault+0x675/0xa90 [ 1391.769907][ T8102] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1391.775704][ T8102] handle_mm_fault+0x3bb/0xa90 [ 1391.780755][ T8102] __do_page_fault+0x536/0xdd0 [ 1391.785572][ T8102] do_page_fault+0x38/0x536 [ 1391.790341][ T8102] page_fault+0x39/0x40 [ 1391.794813][ T8102] RIP: 0033:0x430906 [ 1391.798747][ T8102] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1391.819023][ T8102] RSP: 002b:00007ffc9f9ff820 EFLAGS: 00010206 [ 1391.825206][ T8102] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1391.833842][ T8102] RDX: 0000555555a63930 RSI: 0000555555a6b970 RDI: 0000000000000003 23:11:30 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, 0x0) [ 1391.841993][ T8102] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555a62940 [ 1391.850166][ T8102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1391.858169][ T8102] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1391.866881][ T8102] memory: usage 1072kB, limit 0kB, failcnt 431359 [ 1391.873614][ T8102] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1391.880626][ T8102] Memory cgroup stats for /syz3: [ 1391.880737][ T8102] anon 0 [ 1391.880737][ T8102] file 172032 [ 1391.880737][ T8102] kernel_stack 0 [ 1391.880737][ T8102] slab 1101824 [ 1391.880737][ T8102] sock 0 [ 1391.880737][ T8102] shmem 8192 [ 1391.880737][ T8102] file_mapped 0 [ 1391.880737][ T8102] file_dirty 135168 [ 1391.880737][ T8102] file_writeback 0 [ 1391.880737][ T8102] anon_thp 0 [ 1391.880737][ T8102] inactive_anon 0 [ 1391.880737][ T8102] active_anon 0 [ 1391.880737][ T8102] inactive_file 135168 [ 1391.880737][ T8102] active_file 118784 [ 1391.880737][ T8102] unevictable 0 [ 1391.880737][ T8102] slab_reclaimable 405504 23:11:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0xffffffffffffffff, 0x1) [ 1391.880737][ T8102] slab_unreclaimable 696320 [ 1391.880737][ T8102] pgfault 105468 [ 1391.880737][ T8102] pgmajfault 0 [ 1391.880737][ T8102] workingset_refault 0 [ 1391.880737][ T8102] workingset_activate 0 [ 1391.880737][ T8102] workingset_nodereclaim 0 [ 1391.880737][ T8102] pgrefill 0 [ 1391.880737][ T8102] pgscan 0 [ 1391.880737][ T8102] pgsteal 0 [ 1391.880737][ T8102] pgactivate 0 23:11:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) [ 1391.979290][ T8102] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8102,uid=0 [ 1391.995648][ T8102] Memory cgroup out of memory: Killed process 8102 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1392.012232][ T1057] oom_reaper: reaped process 8102 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:30 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:11:31 executing program 2: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) symlink(&(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00') pipe(0x0) socket$inet_udplite(0x2, 0x2, 0x88) removexattr(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000003c0)=@known='trusted.syz\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc396}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) times(&(0x7f0000000400)) mkdirat(0xffffffffffffffff, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000640)='/dev/hwrng\x00', 0x0, 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000340)=0x0) ptrace$peek(0xffffffffffffffff, r1, &(0x7f0000000700)) clone(0x80000000103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000380)={0x7, 0x7f, 0x1}, 0x7) connect$inet(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0) socket$inet(0x10, 0x3, 0xc) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00'}, 0x10) syz_extract_tcp_res$synack(&(0x7f00000007c0), 0x1, 0x0) 23:11:31 executing program 0: lseek(0xffffffffffffffff, 0xffffffffffffffff, 0x1) [ 1392.300474][ T8139] gfs2: not a GFS2 filesystem 23:11:31 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:31 executing program 2: 23:11:31 executing program 1: 23:11:31 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:11:31 executing program 0: lseek(0xffffffffffffffff, 0xffffffffffffffff, 0x1) 23:11:31 executing program 4: 23:11:31 executing program 4: 23:11:31 executing program 0: lseek(0xffffffffffffffff, 0xffffffffffffffff, 0x1) 23:11:31 executing program 2: [ 1393.017910][ T8161] gfs2: not a GFS2 filesystem 23:11:31 executing program 1: 23:11:31 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:11:32 executing program 2: creat(0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff26, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) open(0x0, 0x0, 0x90) getresgid(0x0, 0x0, 0x0) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0) r0 = open(0x0, 0x20000000100, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x3, 0x0) bind$alg(r1, 0x0, 0xffffffffffffff92) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb3) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x5) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x3, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 23:11:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:32 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x0, 0x300) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x5) gettid() fstat(0xffffffffffffffff, &(0x7f0000000600)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f00006ff000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0xfffffc41) syz_open_procfs(0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote}}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in=@loopback}}, 0xe8) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) 23:11:32 executing program 0: r0 = syz_open_procfs(0x0, 0x0) lseek(r0, 0xffffffffffffffff, 0x1) 23:11:32 executing program 1: close(0xffffffffffffffff) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r0, 0x0, 0x0) [ 1393.367145][ T8176] gfs2: not a GFS2 filesystem 23:11:32 executing program 2: creat(0x0, 0x0) inotify_init1(0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) open(0x0, 0x0, 0x90) socket$alg(0x26, 0x5, 0x0) getresgid(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x3, 0x0) bind$alg(r0, 0x0, 0xffffffffffffff92) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, [0xa, 0x0, 0x101]}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb3) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000002900)={&(0x7f00000028c0)=[0x0, 0x0], 0x2}) finit_module(0xffffffffffffffff, 0x0, 0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 23:11:32 executing program 0: r0 = syz_open_procfs(0x0, 0x0) lseek(r0, 0xffffffffffffffff, 0x1) 23:11:32 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)) 23:11:32 executing program 0: r0 = syz_open_procfs(0x0, 0x0) lseek(r0, 0xffffffffffffffff, 0x1) [ 1393.707799][ T8202] gfs2: not a GFS2 filesystem 23:11:32 executing program 2: inotify_init1(0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) getresgid(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, [0xa, 0x0, 0x101]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb3) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x5) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x3, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:11:32 executing program 1: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf74, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000300)={0x0, 0x0, {0x3, 0x2, 0x12cac6f38000000, 0x2}}) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) write$binfmt_aout(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="11c5504f92e971251c060000006281fcba044fedecec0df2e5c986529e0fa7bfc3242c8c9020c504afd44c4f7982bb8dc9abc6297c42235fe93f9d4493ff69bd0c1430f6fee0ab8a5379b8e0fa1f6d6c74119fe28630a860757c11fcd8c3361a0ea0e401bfd02fea597134ee9064ef80a0fa000000000000000000abdc7adfac7742c341646eef87f31fbc1cf8e9ed51e74a9c262287bb3dc3ecab2ae047659d45760356002c0c2377cb5675be3ecd6a2a19546e266a526db4fab5b4dc50d8c82bae58e7395ef86d5c56e5e9dbe566cbdb21347af2479be8f470c8e2b8bad52ea0c3ce30fd8368a86c98b5daf23af1e4ba", @ANYRES16], 0x102) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) 23:11:32 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)) 23:11:32 executing program 0: syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(0xffffffffffffffff, 0xffffffffffffffff, 0x1) [ 1394.091481][ T8216] gfs2: not a GFS2 filesystem [ 1395.421087][ T8234] IPVS: ftp: loaded support on port[0] = 21 [ 1395.430198][T23426] device bridge_slave_1 left promiscuous mode [ 1395.436463][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1395.480106][T23426] device bridge_slave_0 left promiscuous mode [ 1395.486487][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1397.478830][T23426] device hsr_slave_0 left promiscuous mode [ 1397.518543][T23426] device hsr_slave_1 left promiscuous mode [ 1397.586067][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1397.599887][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1397.612458][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1397.643520][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1397.725333][T23426] bond0 (unregistering): Released all slaves [ 1397.912080][ T8234] chnl_net:caif_netlink_parms(): no params data found [ 1397.943357][ T8234] bridge0: port 1(bridge_slave_0) entered blocking state [ 1397.950521][ T8234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1397.958144][ T8234] device bridge_slave_0 entered promiscuous mode [ 1398.018783][ T8234] bridge0: port 2(bridge_slave_1) entered blocking state [ 1398.025898][ T8234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1398.034259][ T8234] device bridge_slave_1 entered promiscuous mode [ 1398.071303][ T8234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1398.087665][ T8234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1398.112418][ T8234] team0: Port device team_slave_0 added [ 1398.119956][ T8234] team0: Port device team_slave_1 added [ 1398.191817][ T8234] device hsr_slave_0 entered promiscuous mode [ 1398.358894][ T8234] device hsr_slave_1 entered promiscuous mode [ 1398.598506][ T8234] debugfs: Directory 'hsr0' with parent '/' already present! [ 1398.624624][ T8234] bridge0: port 2(bridge_slave_1) entered blocking state [ 1398.631754][ T8234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1398.639204][ T8234] bridge0: port 1(bridge_slave_0) entered blocking state [ 1398.646297][ T8234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1398.705293][ T8234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1398.720300][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1398.730212][ T5291] bridge0: port 1(bridge_slave_0) entered disabled state [ 1398.745257][ T5291] bridge0: port 2(bridge_slave_1) entered disabled state [ 1398.761085][ T8234] 8021q: adding VLAN 0 to HW filter on device team0 [ 1398.782014][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1398.790924][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 1398.798038][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1398.805838][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1398.814352][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 1398.821465][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1398.843819][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1398.852328][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1398.861266][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1398.877975][ T8234] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1398.889010][ T8234] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1398.903510][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1398.912234][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1398.920869][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1398.929928][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1398.939214][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1398.963087][ T8234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1399.036542][ T8243] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1399.062232][ T8243] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1399.072529][ T8243] CPU: 0 PID: 8243 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1399.080085][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.090147][ T8243] Call Trace: [ 1399.093457][ T8243] dump_stack+0x16f/0x1f0 [ 1399.097815][ T8243] dump_header+0x10b/0x831 [ 1399.102245][ T8243] oom_kill_process.cold+0x10/0x15 [ 1399.107369][ T8243] out_of_memory+0x79a/0x12d0 [ 1399.112058][ T8243] ? cgroup_file_notify+0x140/0x1b0 [ 1399.117276][ T8243] ? oom_killer_disable+0x280/0x280 [ 1399.122504][ T8243] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1399.128065][ T8243] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1399.133720][ T8243] ? cgroup_file_notify+0x140/0x1b0 [ 1399.138939][ T8243] memory_max_write+0x262/0x3a0 [ 1399.143812][ T8243] ? mem_cgroup_write+0x360/0x360 [ 1399.148848][ T8243] ? lock_acquire+0x190/0x400 [ 1399.153531][ T8243] ? kernfs_fop_write+0x227/0x480 [ 1399.158571][ T8243] cgroup_file_write+0x307/0x790 [ 1399.163535][ T8243] ? mem_cgroup_write+0x360/0x360 [ 1399.168578][ T8243] ? cgroup_show_path+0x590/0x590 [ 1399.173618][ T8243] ? cgroup_show_path+0x590/0x590 [ 1399.178656][ T8243] kernfs_fop_write+0x2b8/0x480 [ 1399.183533][ T8243] __vfs_write+0x8a/0x110 [ 1399.187866][ T8243] ? kernfs_fop_open+0xd80/0xd80 [ 1399.192811][ T8243] vfs_write+0x268/0x5d0 [ 1399.197067][ T8243] ksys_write+0x14f/0x290 [ 1399.201405][ T8243] ? __ia32_sys_read+0xb0/0xb0 [ 1399.206171][ T8243] ? do_syscall_64+0x26/0x6a0 [ 1399.210848][ T8243] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1399.216922][ T8243] ? do_syscall_64+0x26/0x6a0 [ 1399.221614][ T8243] __x64_sys_write+0x73/0xb0 [ 1399.226203][ T8243] do_syscall_64+0xfd/0x6a0 [ 1399.230708][ T8243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1399.236593][ T8243] RIP: 0033:0x459829 [ 1399.240490][ T8243] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1399.260106][ T8243] RSP: 002b:00007fa675e00c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1399.268539][ T8243] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1399.276512][ T8243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1399.284475][ T8243] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1399.292436][ T8243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa675e016d4 [ 1399.300415][ T8243] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1399.308751][ T8243] memory: usage 3396kB, limit 0kB, failcnt 431360 [ 1399.317206][ T8243] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1399.324157][ T8243] Memory cgroup stats for /syz3: [ 1399.324274][ T8243] anon 2220032 [ 1399.324274][ T8243] file 172032 [ 1399.324274][ T8243] kernel_stack 65536 [ 1399.324274][ T8243] slab 1101824 [ 1399.324274][ T8243] sock 0 [ 1399.324274][ T8243] shmem 8192 [ 1399.324274][ T8243] file_mapped 0 [ 1399.324274][ T8243] file_dirty 135168 [ 1399.324274][ T8243] file_writeback 0 [ 1399.324274][ T8243] anon_thp 2097152 [ 1399.324274][ T8243] inactive_anon 0 [ 1399.324274][ T8243] active_anon 2220032 [ 1399.324274][ T8243] inactive_file 135168 [ 1399.324274][ T8243] active_file 118784 [ 1399.324274][ T8243] unevictable 0 [ 1399.324274][ T8243] slab_reclaimable 405504 [ 1399.324274][ T8243] slab_unreclaimable 696320 [ 1399.324274][ T8243] pgfault 105534 [ 1399.324274][ T8243] pgmajfault 0 [ 1399.324274][ T8243] workingset_refault 0 [ 1399.324274][ T8243] workingset_activate 0 [ 1399.324274][ T8243] workingset_nodereclaim 0 [ 1399.324274][ T8243] pgrefill 0 [ 1399.324274][ T8243] pgscan 0 [ 1399.324274][ T8243] pgsteal 0 [ 1399.324274][ T8243] pgactivate 0 [ 1399.420307][ T8243] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8241,uid=0 23:11:38 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x2000)=nil) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000000ad, 0x200096dc) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) 23:11:38 executing program 0: syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(0xffffffffffffffff, 0xffffffffffffffff, 0x1) 23:11:38 executing program 5: syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)) 23:11:38 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='attr\x00') getdents64(r1, &(0x7f0000000df0)=""/528, 0x7f355f22) 23:11:38 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r1, 0x12) ptrace$cont(0x18, r2, 0x0, 0x0) [ 1399.435801][ T8243] Memory cgroup out of memory: Killed process 8241 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1399.451588][ T1057] oom_reaper: reaped process 8241 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 1399.544913][ T8234] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1399.554956][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1399.562502][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.572658][ T8234] Call Trace: [ 1399.575960][ T8234] dump_stack+0x16f/0x1f0 [ 1399.580307][ T8234] dump_header+0x10b/0x831 [ 1399.584734][ T8234] ? oom_kill_process+0x94/0x3c0 [ 1399.589693][ T8234] oom_kill_process.cold+0x10/0x15 23:11:38 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r1, &(0x7f0000000340), 0x0, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) [ 1399.594816][ T8234] out_of_memory+0x79a/0x12d0 [ 1399.599505][ T8234] ? lock_downgrade+0x920/0x920 [ 1399.604363][ T8234] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1399.610176][ T8234] ? oom_killer_disable+0x280/0x280 [ 1399.615380][ T8234] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1399.620920][ T8234] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1399.626551][ T8234] ? do_raw_spin_unlock+0x57/0x270 [ 1399.631663][ T8234] ? _raw_spin_unlock+0x23/0x30 [ 1399.636510][ T8234] try_charge+0x1053/0x1430 [ 1399.641017][ T8234] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1399.646555][ T8234] ? percpu_ref_tryget_live+0x104/0x270 [ 1399.652105][ T8234] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1399.657650][ T8234] mem_cgroup_try_charge+0x136/0x590 [ 1399.662943][ T8234] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1399.668579][ T8234] wp_page_copy+0x27c/0x1380 [ 1399.673170][ T8234] ? find_held_lock+0x35/0x130 [ 1399.677936][ T8234] ? pmd_pfn+0x1d0/0x1d0 [ 1399.682186][ T8234] ? lock_downgrade+0x920/0x920 [ 1399.687218][ T8234] ? swp_swapcount+0x520/0x520 [ 1399.691980][ T8234] ? __kasan_check_read+0x11/0x20 [ 1399.697020][ T8234] ? do_raw_spin_unlock+0x57/0x270 [ 1399.702132][ T8234] do_wp_page+0x499/0x14d0 [ 1399.706550][ T8234] ? finish_mkwrite_fault+0x570/0x570 [ 1399.711926][ T8234] __handle_mm_fault+0x2120/0x3ce0 [ 1399.717042][ T8234] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1399.722583][ T8234] ? handle_mm_fault+0x294/0xa90 [ 1399.727522][ T8234] ? handle_mm_fault+0x675/0xa90 [ 1399.732458][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1399.737741][ T8234] handle_mm_fault+0x3bb/0xa90 [ 1399.742509][ T8234] __do_page_fault+0x536/0xdd0 [ 1399.747278][ T8234] do_page_fault+0x38/0x536 [ 1399.751781][ T8234] page_fault+0x39/0x40 [ 1399.755931][ T8234] RIP: 0033:0x430906 [ 1399.759827][ T8234] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1399.779524][ T8234] RSP: 002b:00007ffc48ee6220 EFLAGS: 00010206 [ 1399.785595][ T8234] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1399.793571][ T8234] RDX: 0000555555eb7930 RSI: 0000555555ebf970 RDI: 0000000000000003 [ 1399.801545][ T8234] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555eb6940 [ 1399.809522][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1399.817494][ T8234] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1399.828121][ T8234] memory: usage 1064kB, limit 0kB, failcnt 431368 [ 1399.834608][ T8234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 23:11:38 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='attr\x00') getdents64(r1, &(0x7f0000000df0)=""/528, 0x7f355f22) [ 1399.841499][ T8234] Memory cgroup stats for /syz3: [ 1399.841613][ T8234] anon 0 [ 1399.841613][ T8234] file 172032 [ 1399.841613][ T8234] kernel_stack 0 [ 1399.841613][ T8234] slab 1101824 [ 1399.841613][ T8234] sock 0 [ 1399.841613][ T8234] shmem 8192 [ 1399.841613][ T8234] file_mapped 0 [ 1399.841613][ T8234] file_dirty 135168 [ 1399.841613][ T8234] file_writeback 0 [ 1399.841613][ T8234] anon_thp 0 [ 1399.841613][ T8234] inactive_anon 0 [ 1399.841613][ T8234] active_anon 0 [ 1399.841613][ T8234] inactive_file 135168 [ 1399.841613][ T8234] active_file 118784 [ 1399.841613][ T8234] unevictable 0 [ 1399.841613][ T8234] slab_reclaimable 405504 [ 1399.841613][ T8234] slab_unreclaimable 696320 [ 1399.841613][ T8234] pgfault 105534 [ 1399.841613][ T8234] pgmajfault 0 [ 1399.841613][ T8234] workingset_refault 0 [ 1399.841613][ T8234] workingset_activate 0 [ 1399.841613][ T8234] workingset_nodereclaim 0 [ 1399.841613][ T8234] pgrefill 0 [ 1399.841613][ T8234] pgscan 0 [ 1399.841613][ T8234] pgsteal 0 [ 1399.841613][ T8234] pgactivate 0 [ 1399.935513][ T8234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8234,uid=0 [ 1399.950947][ T8234] Memory cgroup out of memory: Killed process 8234 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1399.967927][ T1057] oom_reaper: reaped process 8234 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:38 executing program 0: syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(0xffffffffffffffff, 0xffffffffffffffff, 0x1) [ 1400.024074][ T8258] gfs2: not a GFS2 filesystem 23:11:38 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='attr\x00') getdents64(r1, &(0x7f0000000df0)=""/528, 0x7f355f22) 23:11:39 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) 23:11:39 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0x0, 0x1) 23:11:39 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x2000)=nil) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000000ad, 0x200096dc) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) 23:11:39 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0x0, 0x1) 23:11:39 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) 23:11:39 executing program 5: 23:11:39 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0x0, 0x1) 23:11:39 executing program 1: 23:11:39 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:39 executing program 5: 23:11:39 executing program 1: 23:11:39 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) 23:11:39 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') lseek(r0, 0xffffffffffffffff, 0x0) 23:11:39 executing program 1: 23:11:39 executing program 2: 23:11:39 executing program 5: 23:11:40 executing program 4: 23:11:40 executing program 1: 23:11:40 executing program 5: 23:11:40 executing program 2: [ 1402.649533][T23434] device bridge_slave_1 left promiscuous mode [ 1402.655763][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1402.689593][T23434] device bridge_slave_0 left promiscuous mode [ 1402.695781][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1404.729443][T23434] device hsr_slave_0 left promiscuous mode [ 1404.769142][T23434] device hsr_slave_1 left promiscuous mode [ 1404.819006][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1404.831032][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1404.841840][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1404.882729][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1404.966523][T23434] bond0 (unregistering): Released all slaves [ 1405.075947][ T8336] IPVS: ftp: loaded support on port[0] = 21 [ 1405.151374][ T8336] chnl_net:caif_netlink_parms(): no params data found [ 1405.185170][ T8336] bridge0: port 1(bridge_slave_0) entered blocking state [ 1405.192372][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state [ 1405.200096][ T8336] device bridge_slave_0 entered promiscuous mode [ 1405.208040][ T8336] bridge0: port 2(bridge_slave_1) entered blocking state [ 1405.215202][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state [ 1405.223422][ T8336] device bridge_slave_1 entered promiscuous mode [ 1405.242693][ T8336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1405.255093][ T8336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1405.316829][ T8336] team0: Port device team_slave_0 added [ 1405.331774][ T8336] team0: Port device team_slave_1 added [ 1405.511651][ T8336] device hsr_slave_0 entered promiscuous mode [ 1405.548957][ T8336] device hsr_slave_1 entered promiscuous mode [ 1405.638537][ T8336] debugfs: Directory 'hsr0' with parent '/' already present! [ 1405.664864][ T8336] bridge0: port 2(bridge_slave_1) entered blocking state [ 1405.672028][ T8336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1405.679497][ T8336] bridge0: port 1(bridge_slave_0) entered blocking state [ 1405.686577][ T8336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1405.755087][ T8336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1405.786645][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1405.796514][T20827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1405.812851][T20827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1405.830811][ T8336] 8021q: adding VLAN 0 to HW filter on device team0 [ 1405.843062][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1405.852447][T20827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1405.859567][T20827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1405.892499][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1405.901291][T20827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1405.908450][T20827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1405.916946][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1405.925927][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1405.934595][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1405.942994][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1405.953580][ T8336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1405.966641][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1406.000851][ T8336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1406.111526][ T8344] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1406.137365][ T8344] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1406.147944][ T8344] CPU: 0 PID: 8344 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1406.155596][ T8344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.165672][ T8344] Call Trace: [ 1406.168986][ T8344] dump_stack+0x16f/0x1f0 [ 1406.173367][ T8344] dump_header+0x10b/0x831 [ 1406.177804][ T8344] oom_kill_process.cold+0x10/0x15 [ 1406.182926][ T8344] out_of_memory+0x79a/0x12d0 [ 1406.187617][ T8344] ? cgroup_file_notify+0x140/0x1b0 [ 1406.192835][ T8344] ? oom_killer_disable+0x280/0x280 [ 1406.198075][ T8344] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1406.203644][ T8344] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1406.209309][ T8344] ? cgroup_file_notify+0x140/0x1b0 [ 1406.214531][ T8344] memory_max_write+0x262/0x3a0 [ 1406.219406][ T8344] ? mem_cgroup_write+0x360/0x360 [ 1406.224441][ T8344] ? lock_acquire+0x190/0x400 [ 1406.229125][ T8344] ? kernfs_fop_write+0x227/0x480 [ 1406.234166][ T8344] cgroup_file_write+0x307/0x790 [ 1406.239123][ T8344] ? mem_cgroup_write+0x360/0x360 [ 1406.244158][ T8344] ? cgroup_show_path+0x590/0x590 [ 1406.249199][ T8344] ? cgroup_show_path+0x590/0x590 [ 1406.254233][ T8344] kernfs_fop_write+0x2b8/0x480 [ 1406.259100][ T8344] __vfs_write+0x8a/0x110 [ 1406.263459][ T8344] ? kernfs_fop_open+0xd80/0xd80 [ 1406.268413][ T8344] vfs_write+0x268/0x5d0 [ 1406.272677][ T8344] ksys_write+0x14f/0x290 [ 1406.277008][ T8344] ? __ia32_sys_read+0xb0/0xb0 [ 1406.281776][ T8344] ? do_syscall_64+0x26/0x6a0 [ 1406.286462][ T8344] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1406.292524][ T8344] ? do_syscall_64+0x26/0x6a0 [ 1406.297209][ T8344] __x64_sys_write+0x73/0xb0 [ 1406.301814][ T8344] do_syscall_64+0xfd/0x6a0 [ 1406.306331][ T8344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1406.312227][ T8344] RIP: 0033:0x459829 [ 1406.316128][ T8344] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1406.335745][ T8344] RSP: 002b:00007fd67a9ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1406.344166][ T8344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1406.352142][ T8344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1406.360112][ T8344] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1406.368086][ T8344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd67a9de6d4 [ 1406.376065][ T8344] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1406.384163][ T8344] memory: usage 3376kB, limit 0kB, failcnt 431369 [ 1406.390639][ T8344] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1406.397492][ T8344] Memory cgroup stats for /syz3: [ 1406.397636][ T8344] anon 2056192 [ 1406.397636][ T8344] file 172032 [ 1406.397636][ T8344] kernel_stack 0 [ 1406.397636][ T8344] slab 1101824 [ 1406.397636][ T8344] sock 0 [ 1406.397636][ T8344] shmem 8192 [ 1406.397636][ T8344] file_mapped 0 [ 1406.397636][ T8344] file_dirty 135168 [ 1406.397636][ T8344] file_writeback 0 [ 1406.397636][ T8344] anon_thp 2097152 [ 1406.397636][ T8344] inactive_anon 0 [ 1406.397636][ T8344] active_anon 2056192 [ 1406.397636][ T8344] inactive_file 135168 [ 1406.397636][ T8344] active_file 118784 [ 1406.397636][ T8344] unevictable 0 [ 1406.397636][ T8344] slab_reclaimable 405504 [ 1406.397636][ T8344] slab_unreclaimable 696320 [ 1406.397636][ T8344] pgfault 105567 [ 1406.397636][ T8344] pgmajfault 0 [ 1406.397636][ T8344] workingset_refault 0 [ 1406.397636][ T8344] workingset_activate 0 [ 1406.397636][ T8344] workingset_nodereclaim 0 [ 1406.397636][ T8344] pgrefill 0 [ 1406.397636][ T8344] pgscan 0 [ 1406.397636][ T8344] pgsteal 0 [ 1406.397636][ T8344] pgactivate 0 [ 1406.493174][ T8344] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8343,uid=0 23:11:45 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:45 executing program 0: 23:11:45 executing program 2: 23:11:45 executing program 5: 23:11:45 executing program 4: 23:11:45 executing program 1: [ 1406.508590][ T8344] Memory cgroup out of memory: Killed process 8343 (syz-executor.3) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 1406.529721][ T1057] oom_reaper: reaped process 8343 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 1406.595742][ T8336] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1406.606033][ T8336] CPU: 1 PID: 8336 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1406.613587][ T8336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.623644][ T8336] Call Trace: [ 1406.626970][ T8336] dump_stack+0x16f/0x1f0 [ 1406.631309][ T8336] dump_header+0x10b/0x831 [ 1406.635731][ T8336] ? oom_kill_process+0x94/0x3c0 [ 1406.640675][ T8336] oom_kill_process.cold+0x10/0x15 [ 1406.645794][ T8336] out_of_memory+0x79a/0x12d0 [ 1406.650481][ T8336] ? lock_downgrade+0x920/0x920 [ 1406.655439][ T8336] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1406.661257][ T8336] ? oom_killer_disable+0x280/0x280 [ 1406.666472][ T8336] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1406.672024][ T8336] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1406.677666][ T8336] ? do_raw_spin_unlock+0x57/0x270 [ 1406.682791][ T8336] ? _raw_spin_unlock+0x23/0x30 [ 1406.687657][ T8336] try_charge+0x1053/0x1430 [ 1406.692189][ T8336] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1406.697748][ T8336] ? percpu_ref_tryget_live+0x104/0x270 [ 1406.703317][ T8336] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1406.708877][ T8336] mem_cgroup_try_charge+0x136/0x590 [ 1406.714192][ T8336] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1406.719836][ T8336] wp_page_copy+0x27c/0x1380 [ 1406.724428][ T8336] ? find_held_lock+0x35/0x130 [ 1406.729198][ T8336] ? pmd_pfn+0x1d0/0x1d0 [ 1406.729216][ T8336] ? lock_downgrade+0x920/0x920 [ 1406.729235][ T8336] ? swp_swapcount+0x520/0x520 23:11:45 executing program 0: 23:11:45 executing program 2: 23:11:45 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000180)={'nat\x00'}, &(0x7f0000000200)=0x78) fchdir(r0) mkdir(&(0x7f0000000100)='./control\x00', 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) utimensat(r1, &(0x7f0000000040)='./control\x00', &(0x7f00000000c0)={{0x77359400}, {0x77359400}}, 0x0) 23:11:45 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 23:11:45 executing program 4: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x1050, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10a) close(r0) execve(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', 0x0, 0x0) sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) [ 1406.729251][ T8336] ? __kasan_check_read+0x11/0x20 [ 1406.729264][ T8336] ? do_raw_spin_unlock+0x57/0x270 [ 1406.729282][ T8336] do_wp_page+0x499/0x14d0 [ 1406.729301][ T8336] ? finish_mkwrite_fault+0x570/0x570 [ 1406.729323][ T8336] __handle_mm_fault+0x2120/0x3ce0 [ 1406.729343][ T8336] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1406.729356][ T8336] ? handle_mm_fault+0x294/0xa90 [ 1406.729375][ T8336] ? handle_mm_fault+0x675/0xa90 [ 1406.729389][ T8336] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1406.729407][ T8336] handle_mm_fault+0x3bb/0xa90 [ 1406.729428][ T8336] __do_page_fault+0x536/0xdd0 [ 1406.729450][ T8336] do_page_fault+0x38/0x536 [ 1406.729467][ T8336] page_fault+0x39/0x40 [ 1406.729479][ T8336] RIP: 0033:0x430906 [ 1406.729494][ T8336] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1406.729502][ T8336] RSP: 002b:00007ffe99c9a530 EFLAGS: 00010206 [ 1406.729515][ T8336] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1406.729523][ T8336] RDX: 0000555557346930 RSI: 000055555734e970 RDI: 0000000000000003 [ 1406.729531][ T8336] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557345940 [ 1406.729539][ T8336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1406.729546][ T8336] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1406.729613][ T8336] memory: usage 1048kB, limit 0kB, failcnt 431377 [ 1406.729622][ T8336] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1406.729627][ T8336] Memory cgroup stats for /syz3: [ 1406.729736][ T8336] anon 0 [ 1406.729736][ T8336] file 172032 [ 1406.729736][ T8336] kernel_stack 0 [ 1406.729736][ T8336] slab 1101824 [ 1406.729736][ T8336] sock 0 [ 1406.729736][ T8336] shmem 8192 [ 1406.729736][ T8336] file_mapped 0 [ 1406.729736][ T8336] file_dirty 135168 [ 1406.729736][ T8336] file_writeback 0 [ 1406.729736][ T8336] anon_thp 0 [ 1406.729736][ T8336] inactive_anon 0 [ 1406.729736][ T8336] active_anon 0 [ 1406.729736][ T8336] inactive_file 135168 [ 1406.729736][ T8336] active_file 118784 [ 1406.729736][ T8336] unevictable 0 [ 1406.729736][ T8336] slab_reclaimable 405504 [ 1406.729736][ T8336] slab_unreclaimable 696320 [ 1406.729736][ T8336] pgfault 105600 [ 1406.729736][ T8336] pgmajfault 0 [ 1406.729736][ T8336] workingset_refault 0 [ 1406.729736][ T8336] workingset_activate 0 [ 1406.729736][ T8336] workingset_nodereclaim 0 [ 1406.729736][ T8336] pgrefill 0 [ 1406.729736][ T8336] pgscan 0 [ 1406.729736][ T8336] pgsteal 0 [ 1406.729736][ T8336] pgactivate 0 23:11:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000240)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x210a001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r3 = dup2(r1, r1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) close(r1) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) tkill(r2, 0x1000000000016) ioctl$TIOCLINUX2(r0, 0x541c, 0x0) [ 1406.729756][ T8336] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8336,uid=0 [ 1406.738932][ T8336] Memory cgroup out of memory: Killed process 8336 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1406.860375][ T1057] oom_reaper: reaped process 8336 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:11:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:11:46 executing program 4: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880327fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) 23:11:46 executing program 5: pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000300)=""/11, 0xff85) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)) r2 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x200800000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r3, &(0x7f0000000080), 0x1c) r4 = dup2(r3, r3) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x3103101ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect(r2, 0x0, 0x0) ioctl$RNDCLEARPOOL(r0, 0x5206, 0x0) 23:11:46 executing program 2: clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = getpid() syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x0, 0x0) mknod(&(0x7f00000000c0)='./file0\x00', 0x1042, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, 0x0, 0x0) ptrace(0x11, r0) [ 1407.886453][ T8393] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1407.911753][ T8395] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. 23:11:46 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000200)={0x0, {{0x2, 0x0, @broadcast}}}, 0x88) write$cgroup_type(r2, &(0x7f0000000380)='threaded\x00', 0x20a9d7b6) clone(0x2102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) unlinkat(r1, &(0x7f00000000c0)='./file0\x00', 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='io.bfq.weight\x00', 0x2, 0x0) 23:11:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:11:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1409.939856][ T8423] IPVS: ftp: loaded support on port[0] = 21 [ 1410.367062][ T8423] chnl_net:caif_netlink_parms(): no params data found [ 1410.606467][ T8423] bridge0: port 1(bridge_slave_0) entered blocking state [ 1410.613717][ T8423] bridge0: port 1(bridge_slave_0) entered disabled state [ 1410.621935][ T8423] device bridge_slave_0 entered promiscuous mode [ 1410.639464][ T8423] bridge0: port 2(bridge_slave_1) entered blocking state [ 1410.646564][ T8423] bridge0: port 2(bridge_slave_1) entered disabled state [ 1410.655097][ T8423] device bridge_slave_1 entered promiscuous mode [ 1410.687403][ T8423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1410.697973][ T8423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 23:11:49 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000440)=[{0x0, 0x0, 0x5389}]) 23:11:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:11:49 executing program 2: clone(0x200, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)='./file1\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x1050, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10a) close(r0) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, 0x0) execve(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', 0x0, 0x0) sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 23:11:49 executing program 5: clone(0x100000203, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f00000003c0)='./file0\x00', 0x1044, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000700)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x111) close(r0) execve(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x0) sendmsg$inet6(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 23:11:49 executing program 4: clone(0x207, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x1041, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb) symlink(&(0x7f0000000100)='./file1\x00', &(0x7f0000000280)='./file1\x00') ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000340)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) 23:11:49 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 1410.835922][ T8423] team0: Port device team_slave_0 added [ 1410.856423][ T8423] team0: Port device team_slave_1 added 23:11:49 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000380)=""/245, 0x313}], 0x1, 0x1) 23:11:49 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xc) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r1, 0x200006) sendfile(r0, r1, 0x0, 0x8000fffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getpeername$netlink(0xffffffffffffffff, 0x0, 0x0) 23:11:49 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 23:11:50 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1411.440110][T23434] device bridge_slave_1 left promiscuous mode [ 1411.446387][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1411.490791][T23434] device bridge_slave_0 left promiscuous mode [ 1411.497092][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1411.553160][ T24] audit: type=1800 audit(1563837110.378:103): pid=8478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=16849 res=0 [ 1413.639407][T23434] device hsr_slave_0 left promiscuous mode [ 1413.689226][T23434] device hsr_slave_1 left promiscuous mode [ 1413.746342][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1413.759926][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1413.771992][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1413.842913][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1413.927337][T23434] bond0 (unregistering): Released all slaves [ 1414.042783][ T8423] device hsr_slave_0 entered promiscuous mode [ 1414.079127][ T8423] device hsr_slave_1 entered promiscuous mode [ 1414.108508][ T8423] debugfs: Directory 'hsr0' with parent '/' already present! [ 1414.155360][ T8423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1414.207489][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1414.215542][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1414.233164][ T8423] 8021q: adding VLAN 0 to HW filter on device team0 [ 1414.250423][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1414.259532][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1414.268075][ T9070] bridge0: port 1(bridge_slave_0) entered blocking state [ 1414.275219][ T9070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1414.326101][ T8423] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1414.337865][ T8423] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1414.350441][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1414.360090][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1414.368845][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1414.377300][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1414.384419][ T9070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1414.392220][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1414.401116][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1414.409904][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1414.418705][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1414.427307][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1414.436195][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1414.444859][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1414.453354][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1414.462036][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1414.470459][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1414.480957][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1414.488989][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1414.512281][ T8423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1414.625354][ T8491] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1414.682886][ T8491] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1414.693926][ T8491] CPU: 0 PID: 8491 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1414.701475][ T8491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.711537][ T8491] Call Trace: [ 1414.714847][ T8491] dump_stack+0x16f/0x1f0 [ 1414.719199][ T8491] dump_header+0x10b/0x831 [ 1414.723634][ T8491] oom_kill_process.cold+0x10/0x15 [ 1414.728769][ T8491] out_of_memory+0x79a/0x12d0 [ 1414.733460][ T8491] ? cgroup_file_notify+0x140/0x1b0 [ 1414.738673][ T8491] ? oom_killer_disable+0x280/0x280 [ 1414.743887][ T8491] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1414.749449][ T8491] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1414.755092][ T8491] ? cgroup_file_notify+0x140/0x1b0 [ 1414.760319][ T8491] memory_max_write+0x262/0x3a0 [ 1414.765179][ T8491] ? mem_cgroup_write+0x360/0x360 [ 1414.770208][ T8491] ? lock_acquire+0x190/0x400 [ 1414.774887][ T8491] ? kernfs_fop_write+0x227/0x480 [ 1414.779927][ T8491] cgroup_file_write+0x307/0x790 [ 1414.784872][ T8491] ? mem_cgroup_write+0x360/0x360 [ 1414.789902][ T8491] ? cgroup_show_path+0x590/0x590 [ 1414.794947][ T8491] ? cgroup_show_path+0x590/0x590 [ 1414.799974][ T8491] kernfs_fop_write+0x2b8/0x480 [ 1414.804840][ T8491] __vfs_write+0x8a/0x110 [ 1414.809173][ T8491] ? kernfs_fop_open+0xd80/0xd80 [ 1414.814119][ T8491] vfs_write+0x268/0x5d0 [ 1414.818369][ T8491] ksys_write+0x14f/0x290 [ 1414.822707][ T8491] ? __ia32_sys_read+0xb0/0xb0 [ 1414.827480][ T8491] ? do_syscall_64+0x26/0x6a0 [ 1414.832163][ T8491] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1414.838229][ T8491] ? do_syscall_64+0x26/0x6a0 [ 1414.842915][ T8491] __x64_sys_write+0x73/0xb0 [ 1414.847520][ T8491] do_syscall_64+0xfd/0x6a0 [ 1414.852035][ T8491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1414.857931][ T8491] RIP: 0033:0x459829 [ 1414.861829][ T8491] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1414.881444][ T8491] RSP: 002b:00007f40f19e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1414.889880][ T8491] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1414.897859][ T8491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1414.905841][ T8491] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1414.913823][ T8491] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f40f19e96d4 [ 1414.921805][ T8491] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1414.937480][ T8491] memory: usage 3360kB, limit 0kB, failcnt 431378 [ 1414.944175][ T8491] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1414.954618][ T8491] Memory cgroup stats for /syz3: [ 1414.955086][ T8491] anon 2179072 [ 1414.955086][ T8491] file 172032 [ 1414.955086][ T8491] kernel_stack 65536 [ 1414.955086][ T8491] slab 1101824 [ 1414.955086][ T8491] sock 0 [ 1414.955086][ T8491] shmem 8192 [ 1414.955086][ T8491] file_mapped 0 [ 1414.955086][ T8491] file_dirty 135168 [ 1414.955086][ T8491] file_writeback 0 [ 1414.955086][ T8491] anon_thp 2097152 [ 1414.955086][ T8491] inactive_anon 0 [ 1414.955086][ T8491] active_anon 2179072 [ 1414.955086][ T8491] inactive_file 135168 [ 1414.955086][ T8491] active_file 118784 [ 1414.955086][ T8491] unevictable 0 [ 1414.955086][ T8491] slab_reclaimable 405504 [ 1414.955086][ T8491] slab_unreclaimable 696320 [ 1414.955086][ T8491] pgfault 105666 [ 1414.955086][ T8491] pgmajfault 0 [ 1414.955086][ T8491] workingset_refault 0 [ 1414.955086][ T8491] workingset_activate 0 [ 1414.955086][ T8491] workingset_nodereclaim 0 [ 1414.955086][ T8491] pgrefill 0 [ 1414.955086][ T8491] pgscan 0 [ 1414.955086][ T8491] pgsteal 0 [ 1414.955086][ T8491] pgactivate 0 [ 1415.051093][ T8491] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8490,uid=0 [ 1415.066962][ T8491] Memory cgroup out of memory: Killed process 8490 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1415.082826][ T1057] oom_reaper: reaped process 8490 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 1415.192477][ T8423] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1415.202511][ T8423] CPU: 1 PID: 8423 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1415.210054][ T8423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1415.220691][ T8423] Call Trace: [ 1415.224007][ T8423] dump_stack+0x16f/0x1f0 [ 1415.228386][ T8423] dump_header+0x10b/0x831 [ 1415.232817][ T8423] ? oom_kill_process+0x94/0x3c0 [ 1415.237767][ T8423] oom_kill_process.cold+0x10/0x15 [ 1415.242890][ T8423] out_of_memory+0x79a/0x12d0 [ 1415.248109][ T8423] ? lock_downgrade+0x920/0x920 [ 1415.252971][ T8423] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1415.258790][ T8423] ? oom_killer_disable+0x280/0x280 [ 1415.264010][ T8423] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1415.269563][ T8423] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1415.275208][ T8423] ? do_raw_spin_unlock+0x57/0x270 [ 1415.280326][ T8423] ? _raw_spin_unlock+0x23/0x30 [ 1415.285187][ T8423] try_charge+0x1053/0x1430 [ 1415.289704][ T8423] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1415.295250][ T8423] ? percpu_ref_tryget_live+0x104/0x270 [ 1415.301317][ T8423] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1415.306863][ T8423] mem_cgroup_try_charge+0x136/0x590 [ 1415.312153][ T8423] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1415.317794][ T8423] wp_page_copy+0x27c/0x1380 [ 1415.322387][ T8423] ? find_held_lock+0x35/0x130 [ 1415.327158][ T8423] ? pmd_pfn+0x1d0/0x1d0 [ 1415.331504][ T8423] ? lock_downgrade+0x920/0x920 [ 1415.336358][ T8423] ? swp_swapcount+0x520/0x520 23:11:54 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x0, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:54 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000002b40)=[{{&(0x7f0000000040)=@nl=@proc, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000001780)=""/237, 0xed}, {0x0}], 0x2, &(0x7f0000001d00)=""/250, 0xfa}, 0x20}], 0x2, 0x0, &(0x7f0000002cc0)={0x77359400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ptype\x00\xa8\x19Al\f()\xfb}\xe8+\x89\x90h\xfdY\xc0:\xd9\x11\\?\x14\xe4\xff\x13\xe0$\xa0\xd2|\xd6\x03T\x9a]p\xab\x9d\xbb\xf8\xa0\x8d\xc3\xbb\xe7\x01I\xe8\x04i\x03\xb9K\xb5L[\x14l\xe7') preadv(r0, &(0x7f00000017c0), 0x1fe, 0x0) 23:11:54 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 23:11:54 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:11:54 executing program 1: set_mempolicy(0x0, &(0x7f0000000000)=0x10000000000008f, 0x0) 23:11:54 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xc) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r1, 0x200006) sendfile(r0, r1, 0x0, 0x8000fffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getpeername$netlink(0xffffffffffffffff, 0x0, 0x0) [ 1415.341129][ T8423] ? __kasan_check_read+0x11/0x20 [ 1415.346156][ T8423] ? do_raw_spin_unlock+0x57/0x270 [ 1415.351278][ T8423] do_wp_page+0x499/0x14d0 [ 1415.355710][ T8423] ? finish_mkwrite_fault+0x570/0x570 [ 1415.361104][ T8423] __handle_mm_fault+0x2120/0x3ce0 [ 1415.366234][ T8423] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1415.371790][ T8423] ? handle_mm_fault+0x294/0xa90 [ 1415.376955][ T8423] ? handle_mm_fault+0x675/0xa90 [ 1415.381910][ T8423] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1415.387224][ T8423] handle_mm_fault+0x3bb/0xa90 [ 1415.392010][ T8423] __do_page_fault+0x536/0xdd0 [ 1415.396794][ T8423] do_page_fault+0x38/0x536 [ 1415.401310][ T8423] page_fault+0x39/0x40 [ 1415.405462][ T8423] RIP: 0033:0x4034f2 [ 1415.409354][ T8423] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 1415.428958][ T8423] RSP: 002b:00007ffe397c0c00 EFLAGS: 00010246 [ 1415.435023][ T8423] RAX: 0000000000000000 RBX: 00000000001595e2 RCX: 0000000000413430 [ 1415.442993][ T8423] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe397c1d30 [ 1415.451286][ T8423] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556dc6940 [ 1415.459258][ T8423] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe397c1d30 [ 1415.467233][ T8423] R13: 00007ffe397c1d20 R14: 0000000000000000 R15: 00007ffe397c1d30 [ 1415.475698][ T8423] memory: usage 1032kB, limit 0kB, failcnt 431386 [ 1415.482345][ T8423] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1415.489231][ T8423] Memory cgroup stats for /syz3: [ 1415.489338][ T8423] anon 0 [ 1415.489338][ T8423] file 172032 [ 1415.489338][ T8423] kernel_stack 65536 [ 1415.489338][ T8423] slab 1101824 [ 1415.489338][ T8423] sock 0 [ 1415.489338][ T8423] shmem 8192 [ 1415.489338][ T8423] file_mapped 0 [ 1415.489338][ T8423] file_dirty 135168 [ 1415.489338][ T8423] file_writeback 0 [ 1415.489338][ T8423] anon_thp 0 [ 1415.489338][ T8423] inactive_anon 0 [ 1415.489338][ T8423] active_anon 0 [ 1415.489338][ T8423] inactive_file 135168 [ 1415.489338][ T8423] active_file 118784 [ 1415.489338][ T8423] unevictable 0 23:11:54 executing program 1: timerfd_create(0x0, 0x0) timerfd_create(0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') [ 1415.489338][ T8423] slab_reclaimable 405504 [ 1415.489338][ T8423] slab_unreclaimable 696320 [ 1415.489338][ T8423] pgfault 105666 [ 1415.489338][ T8423] pgmajfault 0 [ 1415.489338][ T8423] workingset_refault 0 [ 1415.489338][ T8423] workingset_activate 0 [ 1415.489338][ T8423] workingset_nodereclaim 0 [ 1415.489338][ T8423] pgrefill 0 [ 1415.489338][ T8423] pgscan 0 [ 1415.489338][ T8423] pgsteal 0 [ 1415.489338][ T8423] pgactivate 0 [ 1415.583845][ T8423] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8423,uid=0 [ 1415.599290][ T8423] Memory cgroup out of memory: Killed process 8423 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1415.619674][ T1057] oom_reaper: reaped process 8423 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 1415.650775][ T24] audit: type=1804 audit(1563837114.478:104): pid=8503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/481/file0/bus" dev="ramfs" ino=157435 res=1 23:11:54 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:11:54 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getpeername$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local}, &(0x7f0000000100)=0x1c) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000140)={{0x0, @multicast1, 0x4e21, 0x2, 'fo\x00', 0x20, 0x81, 0x6b}, {@empty, 0x4e22, 0x10000, 0xee7a, 0xf782}}, 0x44) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000240)="f4954835e4bea59ba3b25bec831f5b257940046d2f1d990474f83cb40ceaeb04ae03b1a6af6493ed689951a8db", 0x2d) r1 = openat$cgroup_subtree(r0, &(0x7f0000000480)='cgroup.subtree_control\x00', 0x2, 0x0) pwritev(r1, 0x0, 0x0, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x0) ioctl$VT_GETMODE(r0, 0x5601, 0x0) 23:11:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1415.676234][ T24] audit: type=1804 audit(1563837114.478:105): pid=8503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/481/file0/file0/bus" dev="ramfs" ino=157438 res=1 23:11:54 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xc) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r1, 0x200006) sendfile(r0, r1, 0x0, 0x8000fffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getpeername$netlink(0xffffffffffffffff, 0x0, 0x0) 23:11:54 executing program 2: sync() getsockname$unix(0xffffffffffffffff, 0x0, 0x0) statfs(0x0, 0x0) creat(0x0, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) chmod(&(0x7f0000000340)='./file0\x00', 0x0) [ 1415.964120][ T24] audit: type=1804 audit(1563837114.788:106): pid=8519 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/482/file0/bus" dev="ramfs" ino=157470 res=1 23:11:55 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x0, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:11:55 executing program 1: prctl$PR_GET_NAME(0x67, 0x0) 23:11:55 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:11:55 executing program 2: socket$inet(0x10, 0x10000000000003, 0x2010000000006) 23:11:55 executing program 5: 23:11:55 executing program 2: 23:11:55 executing program 5: 23:11:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1416.584879][ T24] audit: type=1804 audit(1563837115.408:107): pid=8536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/483/file0/bus" dev="ramfs" ino=156650 res=1 23:11:55 executing program 1: 23:11:55 executing program 5: 23:11:55 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:11:55 executing program 2: 23:11:55 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x0, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:11:55 executing program 1: 23:11:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1417.018566][ T24] audit: type=1804 audit(1563837115.838:108): pid=8556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/484/file0/bus" dev="ramfs" ino=157551 res=1 23:11:55 executing program 2: 23:11:55 executing program 5: 23:11:55 executing program 1: 23:11:55 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 23:11:56 executing program 2: 23:11:56 executing program 5: 23:11:56 executing program 1: 23:11:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1418.679220][T23434] device bridge_slave_1 left promiscuous mode [ 1418.685419][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1418.725431][T23434] device bridge_slave_0 left promiscuous mode [ 1418.731946][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1420.709138][T23434] device hsr_slave_0 left promiscuous mode [ 1420.768700][T23434] device hsr_slave_1 left promiscuous mode [ 1420.816535][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1420.831447][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1420.845403][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1420.883331][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1420.965977][T23434] bond0 (unregistering): Released all slaves [ 1421.067316][ T8582] IPVS: ftp: loaded support on port[0] = 21 [ 1421.140244][ T8582] chnl_net:caif_netlink_parms(): no params data found [ 1421.179267][ T8582] bridge0: port 1(bridge_slave_0) entered blocking state [ 1421.186574][ T8582] bridge0: port 1(bridge_slave_0) entered disabled state [ 1421.194491][ T8582] device bridge_slave_0 entered promiscuous mode [ 1421.202693][ T8582] bridge0: port 2(bridge_slave_1) entered blocking state [ 1421.210511][ T8582] bridge0: port 2(bridge_slave_1) entered disabled state [ 1421.218706][ T8582] device bridge_slave_1 entered promiscuous mode [ 1421.237121][ T8582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1421.248811][ T8582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1421.271943][ T8582] team0: Port device team_slave_0 added [ 1421.316191][ T8582] team0: Port device team_slave_1 added [ 1421.401726][ T8582] device hsr_slave_0 entered promiscuous mode [ 1421.548934][ T8582] device hsr_slave_1 entered promiscuous mode [ 1421.628561][ T8582] debugfs: Directory 'hsr0' with parent '/' already present! [ 1421.655566][ T8582] bridge0: port 2(bridge_slave_1) entered blocking state [ 1421.662699][ T8582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1421.670322][ T8582] bridge0: port 1(bridge_slave_0) entered blocking state [ 1421.677414][ T8582] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1421.746441][ T8582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1421.767767][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1421.781360][ T9484] bridge0: port 1(bridge_slave_0) entered disabled state [ 1421.793827][ T9484] bridge0: port 2(bridge_slave_1) entered disabled state [ 1421.816961][ T8582] 8021q: adding VLAN 0 to HW filter on device team0 [ 1421.836337][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1421.845050][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 1421.852350][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1421.870788][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1421.879414][ T9484] bridge0: port 2(bridge_slave_1) entered blocking state [ 1421.886492][ T9484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1421.905722][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1421.914640][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1421.923405][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1421.938889][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1421.952123][ T8582] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1421.964608][ T8582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1421.975127][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1421.998596][ T8582] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1422.195900][ T8590] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1422.206694][ T8590] CPU: 0 PID: 8590 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1422.214267][ T8590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1422.224356][ T8590] Call Trace: [ 1422.227869][ T8590] dump_stack+0x16f/0x1f0 [ 1422.232270][ T8590] dump_header+0x10b/0x831 [ 1422.236829][ T8590] oom_kill_process.cold+0x10/0x15 [ 1422.241964][ T8590] out_of_memory+0x79a/0x12d0 [ 1422.246803][ T8590] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1422.252472][ T8590] ? cgroup_file_notify+0x140/0x1b0 [ 1422.257821][ T8590] ? oom_killer_disable+0x280/0x280 [ 1422.263232][ T8590] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1422.268811][ T8590] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1422.274940][ T8590] ? cgroup_file_notify+0x140/0x1b0 [ 1422.280312][ T8590] memory_max_write+0x262/0x3a0 [ 1422.285344][ T8590] ? mem_cgroup_write+0x360/0x360 [ 1422.290592][ T8590] ? cgroup_file_write+0x86/0x790 [ 1422.295717][ T8590] cgroup_file_write+0x307/0x790 [ 1422.300684][ T8590] ? mem_cgroup_write+0x360/0x360 [ 1422.305924][ T8590] ? cgroup_show_path+0x590/0x590 [ 1422.310975][ T8590] ? cgroup_show_path+0x590/0x590 [ 1422.316109][ T8590] kernfs_fop_write+0x2b8/0x480 [ 1422.321010][ T8590] __vfs_write+0x8a/0x110 [ 1422.325357][ T8590] ? kernfs_fop_open+0xd80/0xd80 [ 1422.330316][ T8590] vfs_write+0x268/0x5d0 [ 1422.334814][ T8590] ksys_write+0x14f/0x290 [ 1422.339249][ T8590] ? __ia32_sys_read+0xb0/0xb0 [ 1422.344651][ T8590] ? do_syscall_64+0x26/0x6a0 [ 1422.349444][ T8590] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1422.355680][ T8590] ? do_syscall_64+0x26/0x6a0 [ 1422.360506][ T8590] __x64_sys_write+0x73/0xb0 [ 1422.365133][ T8590] do_syscall_64+0xfd/0x6a0 [ 1422.369663][ T8590] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1422.375581][ T8590] RIP: 0033:0x459829 [ 1422.379508][ T8590] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1422.399496][ T8590] RSP: 002b:00007f19ddb16c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1422.407946][ T8590] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1422.416318][ T8590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1422.424318][ T8590] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1422.432627][ T8590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19ddb176d4 [ 1422.440722][ T8590] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1422.454587][ T8590] memory: usage 3340kB, limit 0kB, failcnt 431387 [ 1422.461548][ T8590] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1422.468651][ T8590] Memory cgroup stats for /syz3: [ 1422.469553][ T8590] anon 2060288 [ 1422.469553][ T8590] file 172032 [ 1422.469553][ T8590] kernel_stack 65536 [ 1422.469553][ T8590] slab 1101824 [ 1422.469553][ T8590] sock 0 [ 1422.469553][ T8590] shmem 8192 [ 1422.469553][ T8590] file_mapped 0 [ 1422.469553][ T8590] file_dirty 135168 [ 1422.469553][ T8590] file_writeback 0 [ 1422.469553][ T8590] anon_thp 2097152 [ 1422.469553][ T8590] inactive_anon 0 [ 1422.469553][ T8590] active_anon 2060288 [ 1422.469553][ T8590] inactive_file 135168 [ 1422.469553][ T8590] active_file 118784 [ 1422.469553][ T8590] unevictable 0 [ 1422.469553][ T8590] slab_reclaimable 405504 [ 1422.469553][ T8590] slab_unreclaimable 696320 [ 1422.469553][ T8590] pgfault 105732 [ 1422.469553][ T8590] pgmajfault 0 [ 1422.469553][ T8590] workingset_refault 0 [ 1422.469553][ T8590] workingset_activate 0 [ 1422.469553][ T8590] workingset_nodereclaim 0 [ 1422.469553][ T8590] pgrefill 0 [ 1422.469553][ T8590] pgscan 0 [ 1422.469553][ T8590] pgsteal 0 [ 1422.469553][ T8590] pgactivate 0 [ 1422.568990][ T8590] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8589,uid=0 [ 1422.585065][ T8590] Memory cgroup out of memory: Killed process 8589 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1422.601135][ T1057] oom_reaper: reaped process 8589 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 23:12:01 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:01 executing program 5: 23:12:01 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 23:12:01 executing program 1: 23:12:01 executing program 2: 23:12:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1422.761247][ T8582] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1422.772997][ T8582] CPU: 0 PID: 8582 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1422.780961][ T8582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1422.791738][ T8582] Call Trace: [ 1422.795156][ T8582] dump_stack+0x16f/0x1f0 [ 1422.799523][ T8582] dump_header+0x10b/0x831 [ 1422.804000][ T8582] ? oom_kill_process+0x94/0x3c0 [ 1422.809159][ T8582] oom_kill_process.cold+0x10/0x15 [ 1422.814710][ T8582] out_of_memory+0x79a/0x12d0 [ 1422.819435][ T8582] ? lock_downgrade+0x920/0x920 [ 1422.824709][ T8582] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1422.830717][ T8582] ? oom_killer_disable+0x280/0x280 [ 1422.836198][ T8582] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1422.841796][ T8582] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1422.847485][ T8582] ? do_raw_spin_unlock+0x57/0x270 [ 1422.852808][ T8582] ? _raw_spin_unlock+0x23/0x30 [ 1422.857952][ T8582] try_charge+0x1053/0x1430 [ 1422.862689][ T8582] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1422.868657][ T8582] ? percpu_ref_tryget_live+0x104/0x270 [ 1422.874700][ T8582] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1422.880281][ T8582] mem_cgroup_try_charge+0x136/0x590 [ 1422.885598][ T8582] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1422.891433][ T8582] wp_page_copy+0x27c/0x1380 [ 1422.896149][ T8582] ? find_held_lock+0x35/0x130 [ 1422.900961][ T8582] ? pmd_pfn+0x1d0/0x1d0 [ 1422.906142][ T8582] ? lock_downgrade+0x920/0x920 [ 1422.911027][ T8582] ? swp_swapcount+0x520/0x520 [ 1422.915909][ T8582] ? __kasan_check_read+0x11/0x20 [ 1422.921643][ T8582] ? do_raw_spin_unlock+0x57/0x270 [ 1422.926805][ T8582] do_wp_page+0x499/0x14d0 [ 1422.932777][ T8582] ? finish_mkwrite_fault+0x570/0x570 [ 1422.938234][ T8582] __handle_mm_fault+0x2120/0x3ce0 [ 1422.943644][ T8582] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1422.949623][ T8582] ? handle_mm_fault+0x294/0xa90 [ 1422.954723][ T8582] handle_mm_fault+0x3bb/0xa90 [ 1422.959618][ T8582] __do_page_fault+0x536/0xdd0 [ 1422.964426][ T8582] do_page_fault+0x38/0x536 [ 1422.969315][ T8582] page_fault+0x39/0x40 [ 1422.973525][ T8582] RIP: 0033:0x430906 [ 1422.977444][ T8582] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1422.997460][ T8582] RSP: 002b:00007ffcb312f820 EFLAGS: 00010206 [ 1423.003558][ T8582] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1423.011648][ T8582] RDX: 00005555555c4930 RSI: 00005555555cc970 RDI: 0000000000000003 [ 1423.019831][ T8582] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555555c3940 [ 1423.028261][ T8582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1423.036355][ T8582] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1423.044629][ T8582] memory: usage 1004kB, limit 0kB, failcnt 431395 [ 1423.051142][ T8582] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1423.058214][ T8582] Memory cgroup stats for /syz3: [ 1423.058338][ T8582] anon 0 [ 1423.058338][ T8582] file 172032 [ 1423.058338][ T8582] kernel_stack 65536 [ 1423.058338][ T8582] slab 1101824 [ 1423.058338][ T8582] sock 0 [ 1423.058338][ T8582] shmem 8192 [ 1423.058338][ T8582] file_mapped 0 [ 1423.058338][ T8582] file_dirty 135168 [ 1423.058338][ T8582] file_writeback 0 [ 1423.058338][ T8582] anon_thp 0 [ 1423.058338][ T8582] inactive_anon 0 [ 1423.058338][ T8582] active_anon 0 [ 1423.058338][ T8582] inactive_file 135168 [ 1423.058338][ T8582] active_file 118784 [ 1423.058338][ T8582] unevictable 0 [ 1423.058338][ T8582] slab_reclaimable 405504 [ 1423.058338][ T8582] slab_unreclaimable 696320 [ 1423.058338][ T8582] pgfault 105732 [ 1423.058338][ T8582] pgmajfault 0 [ 1423.058338][ T8582] workingset_refault 0 [ 1423.058338][ T8582] workingset_activate 0 [ 1423.058338][ T8582] workingset_nodereclaim 0 [ 1423.058338][ T8582] pgrefill 0 [ 1423.058338][ T8582] pgscan 0 [ 1423.058338][ T8582] pgsteal 0 [ 1423.058338][ T8582] pgactivate 0 23:12:01 executing program 1: 23:12:01 executing program 5: 23:12:01 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 23:12:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:01 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = open(0x0, 0x0, 0x0) write$P9_RFSYNC(r0, 0x0, 0x0) 23:12:02 executing program 5: socket$kcm(0xa, 0x20000000000003, 0x11) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0xa, 0x1, 0x0) socket$kcm(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x522000000003, 0x11) socket$kcm(0x11, 0x3, 0x300) socket$kcm(0x2b, 0x1, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="b3d91eee2218cee2bfd5cbad176793ae3ea0"], 0xfdef) [ 1423.063380][ T8582] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8582,uid=0 [ 1423.171585][ T8582] Memory cgroup out of memory: Killed process 8582 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1423.186983][ T1057] oom_reaper: reaped process 8582 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:12:02 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:02 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:02 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:02 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:12:02 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x9) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000000)=@routing, 0x8) sendmmsg(r1, &(0x7f00000002c0), 0x400000000000174, 0x0) r2 = dup(r0) write$eventfd(r2, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:12:02 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) 23:12:02 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:02 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:02 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:03 executing program 1: clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 23:12:03 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:03 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, 0x0, 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:03 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:04 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x9) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000000)=@routing, 0x8) sendmmsg(r1, &(0x7f00000002c0), 0x400000000000174, 0x0) r2 = dup(r0) write$eventfd(r2, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:12:04 executing program 1: setuid(0xee01) semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) 23:12:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, 0x0, 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:04 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:04 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) [ 1426.340334][ T8687] IPVS: ftp: loaded support on port[0] = 21 [ 1426.483418][ T8687] chnl_net:caif_netlink_parms(): no params data found [ 1426.514135][ T8687] bridge0: port 1(bridge_slave_0) entered blocking state [ 1426.521307][ T8687] bridge0: port 1(bridge_slave_0) entered disabled state [ 1426.529479][ T8687] device bridge_slave_0 entered promiscuous mode [ 1426.537027][ T8687] bridge0: port 2(bridge_slave_1) entered blocking state [ 1426.544194][ T8687] bridge0: port 2(bridge_slave_1) entered disabled state [ 1426.552016][ T8687] device bridge_slave_1 entered promiscuous mode [ 1426.574812][ T8687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1426.585966][ T8687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1426.607766][T23434] device bridge_slave_1 left promiscuous mode [ 1426.614037][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1426.659969][T23434] device bridge_slave_0 left promiscuous mode [ 1426.666131][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1428.699459][T23434] device hsr_slave_0 left promiscuous mode [ 1428.739669][T23434] device hsr_slave_1 left promiscuous mode [ 1428.816014][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1428.826820][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1428.844638][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1428.882631][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1428.966763][T23434] bond0 (unregistering): Released all slaves [ 1429.066221][ T8687] team0: Port device team_slave_0 added [ 1429.074014][ T8687] team0: Port device team_slave_1 added [ 1429.111867][ T8687] device hsr_slave_0 entered promiscuous mode [ 1429.148772][ T8687] device hsr_slave_1 entered promiscuous mode [ 1429.208465][ T8687] debugfs: Directory 'hsr0' with parent '/' already present! [ 1429.256354][ T8687] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1429.267986][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1429.276199][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1429.287128][ T8687] 8021q: adding VLAN 0 to HW filter on device team0 [ 1429.331198][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1429.340144][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1429.348942][ T9070] bridge0: port 1(bridge_slave_0) entered blocking state [ 1429.356013][ T9070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1429.387321][ T8687] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1429.397801][ T8687] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1429.411057][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1429.419383][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1429.428086][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1429.436601][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1429.443715][ T9070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1429.451478][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1429.460499][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1429.469306][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1429.478056][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1429.486601][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1429.495443][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1429.504220][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1429.512904][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1429.525959][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1429.533783][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1429.558640][ T8687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1429.733050][ T8695] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1429.743764][ T8695] CPU: 1 PID: 8695 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1429.751317][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1429.761378][ T8695] Call Trace: [ 1429.764685][ T8695] dump_stack+0x16f/0x1f0 [ 1429.769030][ T8695] dump_header+0x10b/0x831 [ 1429.773451][ T8695] oom_kill_process.cold+0x10/0x15 [ 1429.778571][ T8695] out_of_memory+0x79a/0x12d0 [ 1429.783257][ T8695] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1429.788899][ T8695] ? cgroup_file_notify+0x140/0x1b0 [ 1429.794106][ T8695] ? oom_killer_disable+0x280/0x280 [ 1429.799326][ T8695] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1429.804882][ T8695] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1429.810618][ T8695] ? cgroup_file_notify+0x140/0x1b0 [ 1429.815826][ T8695] memory_max_write+0x262/0x3a0 [ 1429.820700][ T8695] ? mem_cgroup_write+0x360/0x360 [ 1429.825742][ T8695] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1429.831214][ T8695] cgroup_file_write+0x307/0x790 [ 1429.836171][ T8695] ? mem_cgroup_write+0x360/0x360 [ 1429.841232][ T8695] ? cgroup_show_path+0x590/0x590 [ 1429.846269][ T8695] ? kernfs_ops+0x9f/0x110 [ 1429.850696][ T8695] ? cgroup_show_path+0x590/0x590 [ 1429.855730][ T8695] kernfs_fop_write+0x2b8/0x480 [ 1429.860600][ T8695] __vfs_write+0x8a/0x110 [ 1429.864934][ T8695] ? kernfs_fop_open+0xd80/0xd80 [ 1429.869885][ T8695] vfs_write+0x268/0x5d0 [ 1429.874143][ T8695] ksys_write+0x14f/0x290 [ 1429.878499][ T8695] ? __ia32_sys_read+0xb0/0xb0 [ 1429.883279][ T8695] __x64_sys_write+0x73/0xb0 [ 1429.887875][ T8695] do_syscall_64+0xfd/0x6a0 [ 1429.892392][ T8695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1429.898289][ T8695] RIP: 0033:0x459829 [ 1429.902199][ T8695] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1429.921907][ T8695] RSP: 002b:00007fcb5ac45c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1429.930340][ T8695] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1429.938330][ T8695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1429.946319][ T8695] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1429.954393][ T8695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcb5ac466d4 [ 1429.962381][ T8695] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1429.971260][ T8695] memory: usage 3336kB, limit 0kB, failcnt 431396 [ 1429.977834][ T8695] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1429.984868][ T8695] Memory cgroup stats for /syz3: [ 1429.986075][ T8695] anon 2052096 [ 1429.986075][ T8695] file 172032 [ 1429.986075][ T8695] kernel_stack 65536 [ 1429.986075][ T8695] slab 1101824 [ 1429.986075][ T8695] sock 0 [ 1429.986075][ T8695] shmem 8192 [ 1429.986075][ T8695] file_mapped 0 [ 1429.986075][ T8695] file_dirty 135168 [ 1429.986075][ T8695] file_writeback 0 [ 1429.986075][ T8695] anon_thp 2097152 [ 1429.986075][ T8695] inactive_anon 0 [ 1429.986075][ T8695] active_anon 2052096 [ 1429.986075][ T8695] inactive_file 135168 [ 1429.986075][ T8695] active_file 118784 [ 1429.986075][ T8695] unevictable 0 [ 1429.986075][ T8695] slab_reclaimable 405504 [ 1429.986075][ T8695] slab_unreclaimable 696320 [ 1429.986075][ T8695] pgfault 105798 [ 1429.986075][ T8695] pgmajfault 0 [ 1429.986075][ T8695] workingset_refault 0 [ 1429.986075][ T8695] workingset_activate 0 [ 1429.986075][ T8695] workingset_nodereclaim 0 [ 1429.986075][ T8695] pgrefill 0 [ 1429.986075][ T8695] pgscan 0 [ 1429.986075][ T8695] pgsteal 0 [ 1429.986075][ T8695] pgactivate 0 [ 1430.083918][ T8695] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8694,uid=0 [ 1430.099659][ T8695] Memory cgroup out of memory: Killed process 8694 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1430.116565][ T1057] oom_reaper: reaped process 8694 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 23:12:09 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, 0x0, 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:09 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:09 executing program 1: finit_module(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000001180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xc83) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capget(0x0, 0x0) write$cgroup_pid(r0, &(0x7f0000000000), 0x20000012) 23:12:09 executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) 23:12:09 executing program 5: bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00'}, 0x10) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) [ 1430.252498][ T8687] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1430.262515][ T8687] CPU: 1 PID: 8687 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1430.270065][ T8687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1430.280123][ T8687] Call Trace: [ 1430.283431][ T8687] dump_stack+0x16f/0x1f0 [ 1430.287778][ T8687] dump_header+0x10b/0x831 [ 1430.292208][ T8687] ? oom_kill_process+0x94/0x3c0 [ 1430.297156][ T8687] oom_kill_process.cold+0x10/0x15 [ 1430.302284][ T8687] out_of_memory+0x79a/0x12d0 [ 1430.306970][ T8687] ? lock_downgrade+0x920/0x920 [ 1430.311839][ T8687] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1430.317660][ T8687] ? oom_killer_disable+0x280/0x280 [ 1430.322876][ T8687] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1430.328432][ T8687] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1430.334080][ T8687] ? do_raw_spin_unlock+0x57/0x270 [ 1430.339208][ T8687] ? _raw_spin_unlock+0x23/0x30 [ 1430.344072][ T8687] try_charge+0x1053/0x1430 [ 1430.348594][ T8687] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1430.354150][ T8687] ? percpu_ref_tryget_live+0x104/0x270 [ 1430.359729][ T8687] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1430.365291][ T8687] mem_cgroup_try_charge+0x136/0x590 [ 1430.370601][ T8687] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1430.376260][ T8687] wp_page_copy+0x27c/0x1380 [ 1430.380880][ T8687] ? find_held_lock+0x35/0x130 [ 1430.385846][ T8687] ? pmd_pfn+0x1d0/0x1d0 [ 1430.390108][ T8687] ? lock_downgrade+0x920/0x920 [ 1430.394983][ T8687] ? swp_swapcount+0x520/0x520 [ 1430.399767][ T8687] ? __kasan_check_read+0x11/0x20 [ 1430.404815][ T8687] ? do_raw_spin_unlock+0x57/0x270 [ 1430.409940][ T8687] do_wp_page+0x499/0x14d0 [ 1430.414377][ T8687] ? finish_mkwrite_fault+0x570/0x570 [ 1430.419772][ T8687] __handle_mm_fault+0x2120/0x3ce0 [ 1430.424898][ T8687] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1430.430452][ T8687] ? handle_mm_fault+0x294/0xa90 [ 1430.435404][ T8687] ? handle_mm_fault+0x675/0xa90 [ 1430.440351][ T8687] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1430.445653][ T8687] handle_mm_fault+0x3bb/0xa90 [ 1430.450438][ T8687] __do_page_fault+0x536/0xdd0 [ 1430.455226][ T8687] do_page_fault+0x38/0x536 [ 1430.459744][ T8687] page_fault+0x39/0x40 [ 1430.463904][ T8687] RIP: 0033:0x4034f2 [ 1430.467808][ T8687] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 1430.487425][ T8687] RSP: 002b:00007ffdf4f13c20 EFLAGS: 00010246 [ 1430.493508][ T8687] RAX: 0000000000000000 RBX: 000000000015d0a6 RCX: 0000000000413430 [ 1430.501494][ T8687] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdf4f14d50 [ 1430.509681][ T8687] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555671940 [ 1430.517661][ T8687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf4f14d50 [ 1430.525638][ T8687] R13: 00007ffdf4f14d40 R14: 0000000000000000 R15: 00007ffdf4f14d50 [ 1430.533968][ T8687] memory: usage 1012kB, limit 0kB, failcnt 431404 [ 1430.540445][ T8687] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1430.547306][ T8687] Memory cgroup stats for /syz3: [ 1430.547440][ T8687] anon 0 [ 1430.547440][ T8687] file 172032 [ 1430.547440][ T8687] kernel_stack 0 [ 1430.547440][ T8687] slab 1101824 [ 1430.547440][ T8687] sock 0 [ 1430.547440][ T8687] shmem 8192 [ 1430.547440][ T8687] file_mapped 0 [ 1430.547440][ T8687] file_dirty 135168 [ 1430.547440][ T8687] file_writeback 0 [ 1430.547440][ T8687] anon_thp 0 [ 1430.547440][ T8687] inactive_anon 0 [ 1430.547440][ T8687] active_anon 0 [ 1430.547440][ T8687] inactive_file 135168 [ 1430.547440][ T8687] active_file 118784 [ 1430.547440][ T8687] unevictable 0 [ 1430.547440][ T8687] slab_reclaimable 405504 [ 1430.547440][ T8687] slab_unreclaimable 696320 [ 1430.547440][ T8687] pgfault 105798 [ 1430.547440][ T8687] pgmajfault 0 [ 1430.547440][ T8687] workingset_refault 0 [ 1430.547440][ T8687] workingset_activate 0 [ 1430.547440][ T8687] workingset_nodereclaim 0 [ 1430.547440][ T8687] pgrefill 0 [ 1430.547440][ T8687] pgscan 0 [ 1430.547440][ T8687] pgsteal 0 [ 1430.547440][ T8687] pgactivate 0 23:12:09 executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) 23:12:09 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) 23:12:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1430.641436][ T8687] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8687,uid=0 [ 1430.656900][ T8687] Memory cgroup out of memory: Killed process 8687 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1430.663236][ T1057] oom_reaper: reaped process 8687 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:12:09 executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) 23:12:09 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) mknod(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x2000040000072, 0xffffffffffffffff, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0) 23:12:09 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:10 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:10 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x800, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, 0x0, 0x0) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000100)) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x159) getpgrp(0x0) open(&(0x7f0000000340)='./file0\x00', 0x8000000000044, 0x1) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{}, {0x692, 0x2}]}, 0x18, 0x0) execve(&(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000780)=[0x0]) ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f0000000080)) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x1d3, 0x0}, 0x0) 23:12:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:10 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:10 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:10 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) mknod(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x2000040000072, 0xffffffffffffffff, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0) 23:12:10 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:10 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:10 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:10 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:10 executing program 1: r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0xfffffc41) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) 23:12:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:10 executing program 5: prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x9) 23:12:10 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x0, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:10 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:11 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000011c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getpriority(0x2, 0x0) 23:12:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:11 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x0, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) [ 1432.301868][ T24] audit: type=1804 audit(1563837131.128:109): pid=8775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/497/file0/bus" dev="sda1" ino=17284 res=1 23:12:11 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1432.571498][ T24] audit: type=1804 audit(1563837131.398:110): pid=8787 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/498/file0/bus" dev="sda1" ino=17281 res=1 [ 1433.777072][ T8793] IPVS: ftp: loaded support on port[0] = 21 [ 1433.921311][ T8793] chnl_net:caif_netlink_parms(): no params data found [ 1433.950454][ T8793] bridge0: port 1(bridge_slave_0) entered blocking state [ 1433.957520][ T8793] bridge0: port 1(bridge_slave_0) entered disabled state [ 1433.965318][ T8793] device bridge_slave_0 entered promiscuous mode [ 1433.973609][ T8793] bridge0: port 2(bridge_slave_1) entered blocking state [ 1433.980773][ T8793] bridge0: port 2(bridge_slave_1) entered disabled state [ 1433.988660][ T8793] device bridge_slave_1 entered promiscuous mode [ 1434.001980][T23434] device bridge_slave_1 left promiscuous mode [ 1434.008249][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1434.049924][T23434] device bridge_slave_0 left promiscuous mode [ 1434.056152][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1436.129326][T23434] device hsr_slave_0 left promiscuous mode [ 1436.169219][T23434] device hsr_slave_1 left promiscuous mode [ 1436.220937][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1436.235629][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1436.246585][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1436.275166][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1436.366494][T23434] bond0 (unregistering): Released all slaves [ 1436.472601][ T8793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1436.484028][ T8793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1436.504299][ T8793] team0: Port device team_slave_0 added [ 1436.511756][ T8793] team0: Port device team_slave_1 added [ 1436.571725][ T8793] device hsr_slave_0 entered promiscuous mode [ 1436.628903][ T8793] device hsr_slave_1 entered promiscuous mode [ 1436.668481][ T8793] debugfs: Directory 'hsr0' with parent '/' already present! [ 1436.769820][ T8793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1436.783816][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1436.796374][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1436.804489][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1436.822595][ T8793] 8021q: adding VLAN 0 to HW filter on device team0 [ 1436.850078][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1436.859133][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1436.867752][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 1436.874898][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1436.882934][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1436.891801][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1436.900458][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.907587][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1436.915377][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1436.924321][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1436.949404][ T8793] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1436.960209][ T8793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1436.984970][ T8793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1436.993784][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1437.002301][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1437.013892][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1437.022552][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1437.031218][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1437.044631][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1437.052533][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1437.184920][ T8802] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1437.195335][ T8802] CPU: 0 PID: 8802 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1437.202904][ T8802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.212993][ T8802] Call Trace: [ 1437.216314][ T8802] dump_stack+0x16f/0x1f0 [ 1437.220703][ T8802] dump_header+0x10b/0x831 [ 1437.225150][ T8802] oom_kill_process.cold+0x10/0x15 [ 1437.230284][ T8802] out_of_memory+0x79a/0x12d0 [ 1437.234995][ T8802] ? cgroup_file_notify+0x140/0x1b0 [ 1437.240205][ T8802] ? oom_killer_disable+0x280/0x280 [ 1437.245421][ T8802] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1437.250982][ T8802] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1437.256636][ T8802] ? cgroup_file_notify+0x140/0x1b0 [ 1437.261849][ T8802] memory_max_write+0x262/0x3a0 [ 1437.266717][ T8802] ? mem_cgroup_write+0x360/0x360 [ 1437.271748][ T8802] ? lock_acquire+0x20b/0x400 [ 1437.276441][ T8802] cgroup_file_write+0x307/0x790 [ 1437.281397][ T8802] ? mem_cgroup_write+0x360/0x360 [ 1437.286432][ T8802] ? cgroup_show_path+0x590/0x590 [ 1437.291493][ T8802] ? cgroup_show_path+0x590/0x590 [ 1437.296537][ T8802] kernfs_fop_write+0x2b8/0x480 [ 1437.301415][ T8802] __vfs_write+0x8a/0x110 [ 1437.305758][ T8802] ? kernfs_fop_open+0xd80/0xd80 [ 1437.310720][ T8802] vfs_write+0x268/0x5d0 [ 1437.314977][ T8802] ksys_write+0x14f/0x290 [ 1437.319323][ T8802] ? __ia32_sys_read+0xb0/0xb0 [ 1437.324106][ T8802] ? do_syscall_64+0x26/0x6a0 [ 1437.328814][ T8802] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1437.334908][ T8802] ? do_syscall_64+0x26/0x6a0 [ 1437.339608][ T8802] __x64_sys_write+0x73/0xb0 [ 1437.344203][ T8802] do_syscall_64+0xfd/0x6a0 [ 1437.348731][ T8802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1437.354629][ T8802] RIP: 0033:0x459829 [ 1437.358531][ T8802] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1437.378145][ T8802] RSP: 002b:00007fd326fa6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1437.386577][ T8802] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1437.394559][ T8802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1437.402542][ T8802] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1437.410526][ T8802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd326fa76d4 [ 1437.418506][ T8802] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1437.429133][ T8802] memory: usage 3364kB, limit 0kB, failcnt 431405 [ 1437.435727][ T8802] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1437.442797][ T8802] Memory cgroup stats for /syz3: [ 1437.443884][ T8802] anon 2191360 [ 1437.443884][ T8802] file 172032 [ 1437.443884][ T8802] kernel_stack 65536 [ 1437.443884][ T8802] slab 1101824 [ 1437.443884][ T8802] sock 0 [ 1437.443884][ T8802] shmem 8192 [ 1437.443884][ T8802] file_mapped 0 [ 1437.443884][ T8802] file_dirty 135168 [ 1437.443884][ T8802] file_writeback 0 [ 1437.443884][ T8802] anon_thp 2097152 [ 1437.443884][ T8802] inactive_anon 0 [ 1437.443884][ T8802] active_anon 2191360 [ 1437.443884][ T8802] inactive_file 135168 [ 1437.443884][ T8802] active_file 118784 [ 1437.443884][ T8802] unevictable 0 [ 1437.443884][ T8802] slab_reclaimable 405504 [ 1437.443884][ T8802] slab_unreclaimable 696320 [ 1437.443884][ T8802] pgfault 105864 [ 1437.443884][ T8802] pgmajfault 0 [ 1437.443884][ T8802] workingset_refault 0 [ 1437.443884][ T8802] workingset_activate 0 [ 1437.443884][ T8802] workingset_nodereclaim 0 [ 1437.443884][ T8802] pgrefill 0 [ 1437.443884][ T8802] pgscan 0 [ 1437.443884][ T8802] pgsteal 0 [ 1437.443884][ T8802] pgactivate 0 [ 1437.540405][ T8802] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8800,uid=0 [ 1437.556656][ T8802] Memory cgroup out of memory: Killed process 8800 (syz-executor.3) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 1437.572803][ T1057] oom_reaper: reaped process 8800 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 23:12:16 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:16 executing program 5: syz_mount_image$f2fs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:12:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x161, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 23:12:16 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x0, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:16 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:16 executing program 1: r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0xfffffc41) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) [ 1437.679038][ T8793] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1437.689138][ T8793] CPU: 0 PID: 8793 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1437.696726][ T8793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.706792][ T8793] Call Trace: [ 1437.710095][ T8793] dump_stack+0x16f/0x1f0 [ 1437.714433][ T8793] dump_header+0x10b/0x831 [ 1437.718854][ T8793] ? oom_kill_process+0x94/0x3c0 [ 1437.723796][ T8793] oom_kill_process.cold+0x10/0x15 [ 1437.728915][ T8793] out_of_memory+0x79a/0x12d0 [ 1437.733607][ T8793] ? lock_downgrade+0x920/0x920 [ 1437.738482][ T8793] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1437.744306][ T8793] ? oom_killer_disable+0x280/0x280 [ 1437.749537][ T8793] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1437.755097][ T8793] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1437.760747][ T8793] ? do_raw_spin_unlock+0x57/0x270 [ 1437.765873][ T8793] ? _raw_spin_unlock+0x23/0x30 [ 1437.770744][ T8793] try_charge+0x1053/0x1430 [ 1437.775274][ T8793] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1437.780839][ T8793] ? percpu_ref_tryget_live+0x104/0x270 [ 1437.786420][ T8793] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1437.791996][ T8793] mem_cgroup_try_charge+0x136/0x590 [ 1437.797310][ T8793] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1437.802956][ T8793] wp_page_copy+0x27c/0x1380 [ 1437.807556][ T8793] ? find_held_lock+0x35/0x130 [ 1437.812333][ T8793] ? pmd_pfn+0x1d0/0x1d0 [ 1437.816584][ T8793] ? lock_downgrade+0x920/0x920 [ 1437.821444][ T8793] ? swp_swapcount+0x520/0x520 [ 1437.826216][ T8793] ? __kasan_check_read+0x11/0x20 [ 1437.831263][ T8793] ? do_raw_spin_unlock+0x57/0x270 [ 1437.836407][ T8793] do_wp_page+0x499/0x14d0 [ 1437.840861][ T8793] ? finish_mkwrite_fault+0x570/0x570 [ 1437.846257][ T8793] __handle_mm_fault+0x2120/0x3ce0 [ 1437.851393][ T8793] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1437.856958][ T8793] ? handle_mm_fault+0x294/0xa90 [ 1437.861915][ T8793] ? handle_mm_fault+0x675/0xa90 [ 1437.866863][ T8793] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1437.872156][ T8793] handle_mm_fault+0x3bb/0xa90 [ 1437.876940][ T8793] __do_page_fault+0x536/0xdd0 [ 1437.881741][ T8793] do_page_fault+0x38/0x536 [ 1437.886254][ T8793] page_fault+0x39/0x40 [ 1437.890421][ T8793] RIP: 0033:0x430906 [ 1437.894324][ T8793] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1437.913960][ T8793] RSP: 002b:00007ffe350852f0 EFLAGS: 00010206 [ 1437.920036][ T8793] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1437.928021][ T8793] RDX: 0000555556adb930 RSI: 0000555556ae3970 RDI: 0000000000000003 [ 1437.936018][ T8793] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556ada940 [ 1437.944007][ T8793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1437.951996][ T8793] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1437.960103][ T8793] memory: usage 1036kB, limit 0kB, failcnt 431413 [ 1437.966545][ T8793] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1437.973498][ T8793] Memory cgroup stats for /syz3: [ 1437.973616][ T8793] anon 0 [ 1437.973616][ T8793] file 172032 [ 1437.973616][ T8793] kernel_stack 65536 [ 1437.973616][ T8793] slab 1101824 [ 1437.973616][ T8793] sock 0 [ 1437.973616][ T8793] shmem 8192 [ 1437.973616][ T8793] file_mapped 0 [ 1437.973616][ T8793] file_dirty 135168 [ 1437.973616][ T8793] file_writeback 0 [ 1437.973616][ T8793] anon_thp 0 [ 1437.973616][ T8793] inactive_anon 0 [ 1437.973616][ T8793] active_anon 0 [ 1437.973616][ T8793] inactive_file 135168 [ 1437.973616][ T8793] active_file 118784 [ 1437.973616][ T8793] unevictable 0 [ 1437.973616][ T8793] slab_reclaimable 405504 [ 1437.973616][ T8793] slab_unreclaimable 696320 [ 1437.973616][ T8793] pgfault 105864 [ 1437.973616][ T8793] pgmajfault 0 [ 1437.973616][ T8793] workingset_refault 0 [ 1437.973616][ T8793] workingset_activate 0 [ 1437.973616][ T8793] workingset_nodereclaim 0 [ 1437.973616][ T8793] pgrefill 0 [ 1437.973616][ T8793] pgscan 0 [ 1437.973616][ T8793] pgsteal 0 [ 1437.973616][ T8793] pgactivate 0 [ 1438.069268][ T8793] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) 23:12:16 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r0, 0x0, &(0x7f0000000200)=""/208}, 0x18) [ 1438.069284][ T8793] ,cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8793,uid=0 [ 1438.086995][ T8793] Memory cgroup out of memory: Killed process 8793 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1438.101960][ T1057] oom_reaper: reaped process 8793 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:12:17 executing program 0: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc0145608, &(0x7f0000000100)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8d346394"}, 0x0, 0x0, @offset, 0x4}) [ 1438.157284][ T24] audit: type=1804 audit(1563837136.978:111): pid=8817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/499/file0/bus" dev="sda1" ino=16690 res=1 23:12:17 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:17 executing program 4: mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:17 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = inotify_init1(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() mremap(&(0x7f0000182000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f00000be000/0x2000)=nil) process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x35c}], 0x352, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)) 23:12:17 executing program 4: mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:18 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:18 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 23:12:18 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:18 executing program 4: mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:18 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0xfffffffffffffffc, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x800, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000940)={0x0, @in6={{0xa, 0x0, 0xe, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, 0x0, 0x7, 0x80000000, 0x0, 0xa6}, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000100)=r0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x159) r2 = getpgrp(0x0) setpriority(0x0, r2, 0xffff) open(&(0x7f0000000340)='./file0\x00', 0x8000000000044, 0x1) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692, 0x2}]}, 0x18, 0x0) execve(&(0x7f0000000440)='./file0\x00', &(0x7f00000006c0)=[&(0x7f0000000580)='wlan1\x00', &(0x7f0000000600)='security.capability\x00'], &(0x7f0000000780)=[&(0x7f0000000700)='proc\x00']) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000080)={0xfffffffffffffffc, 0x0, 0x12d}) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000140)={0x0, 0x50, 0x0, 0x0}) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x8) recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x1d3, 0x0}, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f00000001c0)={0x0, "7fbb6cdecbd52e922888eed351eda7f55d2699acc19571d762096904ad5af038", 0x0, 0x1}) 23:12:18 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, 0x0, 0x0) 23:12:18 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:12:18 executing program 4: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:18 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:18 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:18 executing program 0: r0 = socket$inet6(0xa, 0x802200000000003, 0xa) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x800, 0x0, 0xff, 0x8001}, 0x20) 23:12:18 executing program 4: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:18 executing program 1: r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0xfffffc41) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) 23:12:18 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:18 executing program 0: openat(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) 23:12:18 executing program 4: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:18 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0xfffffffffffffffc, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x800, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000940)={0x0, @in6={{0xa, 0x0, 0xe, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, 0x0, 0x7, 0x80000000, 0x0, 0xa6}, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000100)=r0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x159) r2 = getpgrp(0x0) setpriority(0x0, r2, 0xffff) open(&(0x7f0000000340)='./file0\x00', 0x8000000000044, 0x1) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692, 0x2}]}, 0x18, 0x0) execve(&(0x7f0000000440)='./file0\x00', &(0x7f00000006c0)=[&(0x7f0000000580)='wlan1\x00', &(0x7f0000000600)='security.capability\x00'], &(0x7f0000000780)=[&(0x7f0000000700)='proc\x00']) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000080)={0xfffffffffffffffc, 0x0, 0x12d}) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000140)={0x0, 0x50, 0x0, 0x0}) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x8) recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x1d3, 0x0}, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f00000001c0)={0x0, "7fbb6cdecbd52e922888eed351eda7f55d2699acc19571d762096904ad5af038", 0x0, 0x1}) 23:12:18 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:18 executing program 1: bpf$MAP_CREATE(0xd00000000000000, &(0x7f0000000000)={0x6, 0x4, 0x0, 0x7c, 0x0, 0x1, 0x0, [0x0, 0x0, 0x0, 0x400100]}, 0x2c) 23:12:18 executing program 0: r0 = memfd_create(&(0x7f00000004c0)='cgroupnode\xfaQ(%\xf1MH\xf9\x00\x00\x00\f\x00\x00\x00\x03v.\x00\x00n]4^5h\xcd\xa8\b\xb8V\xc0\xee\xb4\x10\xca\xf2A\x98\x95d:S\xadbM\xa5\xa2\xd2$\xdf\xf8\xb3*\xcc\x13\x00\xd8R&\xcf\x89\x1c\xfbdg\xd06Zt$\xcb\'\'J\xf8E\x16H5\xb3\x9bV\xe1\xf1\xd1\xe3r\x91\xf3\x1e\xd6\xdae8\xc1m*\xf37\xf1d\x8b\x84<\xe0\xd1\xfaW\xb7=\xf1\xed_\x8fU\xdeuk\x00\x9cwfY\xafv\xa4@\xdd\x91h\xb7#\xf13h\xd1\x8ew\x18\x03\x1d\xbf#?\"|\xb2\x1c\x89B\xa6\x17\xfc\xce\x01\xde\x9fm\x95]\x81#lKj\xd0\xe7U\xce\x04\xd9\x9fI\x1e\xe6\xd4^\x10\\i\xa1\x0e\xb1$a\x0e\xec\xf4r\x93\xb7#\x1aT\xc3\x00\x00\x00\x00\x00\x00\x00\x00\x05\xce2Ap\xce\x1e\xc6\x02;i\x9e\xf8K\xb1\xd9V\xf3O\xed\xe5\xbcE\x00\xfb\x0e\x0el\xb0\xa6\xe3\x0f\x1d\xed\x9bR\x8eW\x1d\x0e\xb7\tG\xf6\x020\x9ea\x9b8\"b=:i;\xe6!\x99P7\xb8\x99\x9b\xdf\xfcl\x0f\xeaK\xf1\xc0\xb3', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)) 23:12:18 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1440.101216][ T24] audit: type=1804 audit(1563837138.928:112): pid=8906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/506/file0/bus" dev="sda1" ino=17290 res=1 [ 1441.510007][T23434] device bridge_slave_1 left promiscuous mode [ 1441.516317][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1441.549991][T23434] device bridge_slave_0 left promiscuous mode [ 1441.556197][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1443.539266][T23434] device hsr_slave_0 left promiscuous mode [ 1443.599198][T23434] device hsr_slave_1 left promiscuous mode [ 1443.648917][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1443.662677][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1443.674060][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1443.722561][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1443.794736][T23434] bond0 (unregistering): Released all slaves [ 1443.889590][ T8921] IPVS: ftp: loaded support on port[0] = 21 [ 1443.962150][ T8921] chnl_net:caif_netlink_parms(): no params data found [ 1444.006502][ T8921] bridge0: port 1(bridge_slave_0) entered blocking state [ 1444.013708][ T8921] bridge0: port 1(bridge_slave_0) entered disabled state [ 1444.021940][ T8921] device bridge_slave_0 entered promiscuous mode [ 1444.030247][ T8921] bridge0: port 2(bridge_slave_1) entered blocking state [ 1444.037526][ T8921] bridge0: port 2(bridge_slave_1) entered disabled state [ 1444.045913][ T8921] device bridge_slave_1 entered promiscuous mode [ 1444.067703][ T8921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1444.079131][ T8921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1444.100429][ T8921] team0: Port device team_slave_0 added [ 1444.150194][ T8921] team0: Port device team_slave_1 added [ 1444.221730][ T8921] device hsr_slave_0 entered promiscuous mode [ 1444.348947][ T8921] device hsr_slave_1 entered promiscuous mode [ 1444.398535][ T8921] debugfs: Directory 'hsr0' with parent '/' already present! [ 1444.426009][ T8921] bridge0: port 2(bridge_slave_1) entered blocking state [ 1444.433169][ T8921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1444.440631][ T8921] bridge0: port 1(bridge_slave_0) entered blocking state [ 1444.447718][ T8921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1444.503929][ T8921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1444.518230][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1444.535139][ T5291] bridge0: port 1(bridge_slave_0) entered disabled state [ 1444.544286][ T5291] bridge0: port 2(bridge_slave_1) entered disabled state [ 1444.567470][ T8921] 8021q: adding VLAN 0 to HW filter on device team0 [ 1444.587572][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1444.596295][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 1444.603416][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1444.656289][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1444.664847][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 1444.671966][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1444.681025][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1444.689892][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1444.698799][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1444.707279][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1444.717930][ T8921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1444.725871][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1444.766517][ T8921] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1444.907811][ T8933] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1444.918879][ T8933] CPU: 0 PID: 8933 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1444.926454][ T8933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1444.937966][ T8933] Call Trace: [ 1444.941343][ T8933] dump_stack+0x16f/0x1f0 [ 1444.952213][ T8933] dump_header+0x10b/0x831 [ 1444.956654][ T8933] oom_kill_process.cold+0x10/0x15 [ 1444.961788][ T8933] out_of_memory+0x79a/0x12d0 [ 1444.966480][ T8933] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1444.972127][ T8933] ? cgroup_file_notify+0x140/0x1b0 [ 1444.977338][ T8933] ? oom_killer_disable+0x280/0x280 [ 1444.982561][ T8933] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1444.988112][ T8933] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1444.993762][ T8933] ? cgroup_file_notify+0x140/0x1b0 [ 1444.998973][ T8933] memory_max_write+0x262/0x3a0 [ 1445.003836][ T8933] ? mem_cgroup_write+0x360/0x360 [ 1445.008868][ T8933] ? cgroup_file_write+0x2ac/0x790 [ 1445.013989][ T8933] cgroup_file_write+0x307/0x790 [ 1445.018933][ T8933] ? mem_cgroup_write+0x360/0x360 [ 1445.023963][ T8933] ? cgroup_show_path+0x590/0x590 [ 1445.029016][ T8933] ? cgroup_show_path+0x590/0x590 [ 1445.034064][ T8933] kernfs_fop_write+0x2b8/0x480 [ 1445.038935][ T8933] __vfs_write+0x8a/0x110 [ 1445.043271][ T8933] ? kernfs_fop_open+0xd80/0xd80 [ 1445.048216][ T8933] vfs_write+0x268/0x5d0 [ 1445.052468][ T8933] ksys_write+0x14f/0x290 [ 1445.056808][ T8933] ? __ia32_sys_read+0xb0/0xb0 [ 1445.061578][ T8933] ? do_syscall_64+0x26/0x6a0 [ 1445.066286][ T8933] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1445.072391][ T8933] ? do_syscall_64+0x26/0x6a0 [ 1445.077085][ T8933] __x64_sys_write+0x73/0xb0 [ 1445.081698][ T8933] do_syscall_64+0xfd/0x6a0 [ 1445.086260][ T8933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1445.092156][ T8933] RIP: 0033:0x459829 [ 1445.096053][ T8933] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1445.115688][ T8933] RSP: 002b:00007f585c40ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1445.124118][ T8933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1445.132097][ T8933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1445.140077][ T8933] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1445.148060][ T8933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f585c40f6d4 [ 1445.156036][ T8933] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1445.167064][ T8933] memory: usage 3368kB, limit 0kB, failcnt 431414 [ 1445.173734][ T8933] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1445.180789][ T8933] Memory cgroup stats for /syz3: [ 1445.181845][ T8933] anon 2060288 [ 1445.181845][ T8933] file 172032 [ 1445.181845][ T8933] kernel_stack 65536 [ 1445.181845][ T8933] slab 1101824 [ 1445.181845][ T8933] sock 0 [ 1445.181845][ T8933] shmem 8192 [ 1445.181845][ T8933] file_mapped 0 [ 1445.181845][ T8933] file_dirty 135168 [ 1445.181845][ T8933] file_writeback 0 [ 1445.181845][ T8933] anon_thp 2097152 [ 1445.181845][ T8933] inactive_anon 0 [ 1445.181845][ T8933] active_anon 2060288 [ 1445.181845][ T8933] inactive_file 135168 [ 1445.181845][ T8933] active_file 118784 [ 1445.181845][ T8933] unevictable 0 [ 1445.181845][ T8933] slab_reclaimable 405504 [ 1445.181845][ T8933] slab_unreclaimable 696320 [ 1445.181845][ T8933] pgfault 105897 [ 1445.181845][ T8933] pgmajfault 0 [ 1445.181845][ T8933] workingset_refault 0 [ 1445.181845][ T8933] workingset_activate 0 [ 1445.181845][ T8933] workingset_nodereclaim 0 [ 1445.181845][ T8933] pgrefill 0 [ 1445.181845][ T8933] pgscan 0 [ 1445.181845][ T8933] pgsteal 0 [ 1445.181845][ T8933] pgactivate 0 [ 1445.277832][ T8933] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8928,uid=0 [ 1445.293982][ T8933] Memory cgroup out of memory: Killed process 8928 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1445.312081][ T1057] oom_reaper: reaped process 8928 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 23:12:24 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:24 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1f}, 0x3c) 23:12:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r1, 0x0, 0x18, 0x0, &(0x7f0000000340)) 23:12:24 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6b, &(0x7f0000000540), 0x2c7) 23:12:24 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r2, 0x0, 0x0) [ 1445.486745][ T8921] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1445.496846][ T8921] CPU: 0 PID: 8921 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1445.504395][ T8921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1445.514450][ T8921] Call Trace: [ 1445.517750][ T8921] dump_stack+0x16f/0x1f0 [ 1445.522090][ T8921] dump_header+0x10b/0x831 [ 1445.526505][ T8921] ? oom_kill_process+0x94/0x3c0 [ 1445.531454][ T8921] oom_kill_process.cold+0x10/0x15 23:12:24 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x1f}, 0x3c) 23:12:24 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0) [ 1445.536577][ T8921] out_of_memory+0x79a/0x12d0 [ 1445.541264][ T8921] ? lock_downgrade+0x920/0x920 [ 1445.546130][ T8921] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1445.551947][ T8921] ? oom_killer_disable+0x280/0x280 [ 1445.557165][ T8921] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1445.562810][ T8921] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1445.568462][ T8921] ? do_raw_spin_unlock+0x57/0x270 [ 1445.573583][ T8921] ? _raw_spin_unlock+0x23/0x30 [ 1445.578438][ T8921] try_charge+0x1053/0x1430 23:12:24 executing program 0: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c}, 0x24) prctl$PR_SET_THP_DISABLE(0x29, 0x0) [ 1445.582951][ T8921] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1445.588504][ T8921] ? percpu_ref_tryget_live+0x104/0x270 [ 1445.594078][ T8921] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1445.599637][ T8921] mem_cgroup_try_charge+0x136/0x590 [ 1445.604936][ T8921] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1445.610579][ T8921] __handle_mm_fault+0x1c63/0x3ce0 [ 1445.615719][ T8921] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1445.621274][ T8921] ? handle_mm_fault+0x294/0xa90 [ 1445.626223][ T8921] ? handle_mm_fault+0x675/0xa90 [ 1445.631169][ T8921] ? lockdep_hardirqs_on+0x418/0x5d0 23:12:24 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x1f}, 0x3c) [ 1445.636471][ T8921] handle_mm_fault+0x3bb/0xa90 [ 1445.641252][ T8921] __do_page_fault+0x536/0xdd0 [ 1445.646039][ T8921] do_page_fault+0x38/0x536 [ 1445.650558][ T8921] page_fault+0x39/0x40 [ 1445.654724][ T8921] RIP: 0033:0x4577c1 [ 1445.658627][ T8921] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 1445.678239][ T8921] RSP: 002b:00007ffe08dad000 EFLAGS: 00010206 [ 1445.684314][ T8921] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004577a0 [ 1445.692295][ T8921] RDX: 00007ffe08dad000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1445.700277][ T8921] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555570b5940 [ 1445.708260][ T8921] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffe08dae1e0 [ 1445.716242][ T8921] R13: 00007ffe08dae1d0 R14: 0000000000000000 R15: 00007ffe08dae1e0 [ 1445.724830][ T8921] memory: usage 1032kB, limit 0kB, failcnt 431422 23:12:24 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1445.731302][ T8921] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1445.738146][ T8921] Memory cgroup stats for /syz3: [ 1445.738263][ T8921] anon 0 [ 1445.738263][ T8921] file 172032 [ 1445.738263][ T8921] kernel_stack 0 [ 1445.738263][ T8921] slab 1101824 [ 1445.738263][ T8921] sock 0 [ 1445.738263][ T8921] shmem 8192 [ 1445.738263][ T8921] file_mapped 0 [ 1445.738263][ T8921] file_dirty 135168 [ 1445.738263][ T8921] file_writeback 0 [ 1445.738263][ T8921] anon_thp 0 [ 1445.738263][ T8921] inactive_anon 0 [ 1445.738263][ T8921] active_anon 0 [ 1445.738263][ T8921] inactive_file 135168 [ 1445.738263][ T8921] active_file 118784 [ 1445.738263][ T8921] unevictable 0 [ 1445.738263][ T8921] slab_reclaimable 405504 [ 1445.738263][ T8921] slab_unreclaimable 696320 [ 1445.738263][ T8921] pgfault 105897 [ 1445.738263][ T8921] pgmajfault 0 [ 1445.738263][ T8921] workingset_refault 0 [ 1445.738263][ T8921] workingset_activate 0 [ 1445.738263][ T8921] workingset_nodereclaim 0 [ 1445.738263][ T8921] pgrefill 0 [ 1445.738263][ T8921] pgscan 0 [ 1445.738263][ T8921] pgsteal 0 [ 1445.738263][ T8921] pgactivate 0 23:12:24 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x1f}, 0x3c) [ 1445.832353][ T8921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8921,uid=0 [ 1445.832443][ T8921] Memory cgroup out of memory: Killed process 8921 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1445.863404][ T1057] oom_reaper: reaped process 8921 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 1445.973642][ T24] audit: type=1804 audit(1563837144.798:113): pid=8958 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/508/file0/bus" dev="sda1" ino=16716 res=1 23:12:25 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:25 executing program 0: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ftruncate(r0, 0x208200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002012, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000100), 0x0, &(0x7f0000000380)) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}, 0x0, 0x6, 0x0, "cb1c3d568b33ead3b68f0432708874e658a381845ac5e63bb76b3581e5861ba49ebe6e8ad81178f55df24763a08f95865bcc9922eefdb6b433dc56d6577e79bda919fc8ec8a26fd0ffb0d5577d719358"}, 0xd8) 23:12:25 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1}, 0x3c) 23:12:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$read(0xb, 0x0, 0x0, 0x0) 23:12:25 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:25 executing program 5: [ 1446.508860][ T24] audit: type=1804 audit(1563837145.328:114): pid=8971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir228066716/syzkaller.fmk15y/1474/bus" dev="sda1" ino=16593 res=1 23:12:25 executing program 5: 23:12:25 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 1446.622863][ T24] audit: type=1804 audit(1563837145.408:115): pid=8974 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/509/file0/bus" dev="sda1" ino=16785 res=1 23:12:25 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:25 executing program 1: 23:12:25 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1}, 0x3c) 23:12:25 executing program 5: [ 1446.834376][ T24] audit: type=1804 audit(1563837145.638:116): pid=8980 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir228066716/syzkaller.fmk15y/1474/bus" dev="sda1" ino=16593 res=1 [ 1446.859204][ T24] audit: type=1804 audit(1563837145.658:117): pid=8992 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/510/file0/bus" dev="sda1" ino=16708 res=1 23:12:25 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:25 executing program 0: 23:12:25 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x20600) accept4(r0, 0x0, 0x0, 0x0) 23:12:25 executing program 1: 23:12:25 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x18, 0x4, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1}, 0x3c) [ 1447.164954][ T24] audit: type=1804 audit(1563837145.988:118): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/511/file0/bus" dev="sda1" ino=16518 res=1 23:12:26 executing program 1: 23:12:26 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1447.443800][ T24] audit: type=1804 audit(1563837146.268:119): pid=9017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/512/file0/bus" dev="ramfs" ino=158640 res=1 [ 1448.662230][T23434] device bridge_slave_1 left promiscuous mode [ 1448.668610][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1448.709591][T23434] device bridge_slave_0 left promiscuous mode [ 1448.715795][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1450.689467][T23434] device hsr_slave_0 left promiscuous mode [ 1450.748573][T23434] device hsr_slave_1 left promiscuous mode [ 1450.808735][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1450.821355][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1450.833167][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1450.872927][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1450.958033][T23434] bond0 (unregistering): Released all slaves [ 1451.075648][ T9029] IPVS: ftp: loaded support on port[0] = 21 [ 1451.154670][ T9029] chnl_net:caif_netlink_parms(): no params data found [ 1451.190222][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state [ 1451.197303][ T9029] bridge0: port 1(bridge_slave_0) entered disabled state [ 1451.205234][ T9029] device bridge_slave_0 entered promiscuous mode [ 1451.213611][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 1451.220756][ T9029] bridge0: port 2(bridge_slave_1) entered disabled state [ 1451.228446][ T9029] device bridge_slave_1 entered promiscuous mode [ 1451.290205][ T9029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1451.308532][ T9029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1451.337303][ T9029] team0: Port device team_slave_0 added [ 1451.349921][ T9029] team0: Port device team_slave_1 added [ 1451.531817][ T9029] device hsr_slave_0 entered promiscuous mode [ 1451.668895][ T9029] device hsr_slave_1 entered promiscuous mode [ 1451.908603][ T9029] debugfs: Directory 'hsr0' with parent '/' already present! [ 1451.928823][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 1451.935941][ T9029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1451.943422][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state [ 1451.950560][ T9029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1452.003426][ T9029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1452.017289][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1452.026521][ T454] bridge0: port 1(bridge_slave_0) entered disabled state [ 1452.035273][ T454] bridge0: port 2(bridge_slave_1) entered disabled state [ 1452.064798][ T9029] 8021q: adding VLAN 0 to HW filter on device team0 [ 1452.077065][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1452.085628][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 1452.092737][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1452.127075][ T9029] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1452.137866][ T9029] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1452.154340][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1452.163199][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 1452.170323][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1452.179435][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1452.188269][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1452.197026][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1452.205748][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1452.233277][ T9029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1452.242372][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1452.251061][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1452.410656][ T9037] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1452.423563][ T9037] CPU: 0 PID: 9037 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1452.431117][ T9037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.441172][ T9037] Call Trace: [ 1452.444477][ T9037] dump_stack+0x16f/0x1f0 [ 1452.448826][ T9037] dump_header+0x10b/0x831 [ 1452.453326][ T9037] oom_kill_process.cold+0x10/0x15 [ 1452.458464][ T9037] out_of_memory+0x79a/0x12d0 [ 1452.463164][ T9037] ? cgroup_file_notify+0x140/0x1b0 [ 1452.468427][ T9037] ? oom_killer_disable+0x280/0x280 [ 1452.473707][ T9037] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1452.479264][ T9037] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1452.484909][ T9037] ? cgroup_file_notify+0x140/0x1b0 [ 1452.490104][ T9037] memory_max_write+0x262/0x3a0 [ 1452.494947][ T9037] ? mem_cgroup_write+0x360/0x360 [ 1452.499975][ T9037] ? lock_acquire+0x190/0x400 [ 1452.504670][ T9037] ? kernfs_fop_write+0x227/0x480 [ 1452.509708][ T9037] cgroup_file_write+0x307/0x790 [ 1452.514636][ T9037] ? mem_cgroup_write+0x360/0x360 [ 1452.519657][ T9037] ? cgroup_show_path+0x590/0x590 [ 1452.524693][ T9037] ? cgroup_show_path+0x590/0x590 [ 1452.529705][ T9037] kernfs_fop_write+0x2b8/0x480 [ 1452.534546][ T9037] __vfs_write+0x8a/0x110 [ 1452.538870][ T9037] ? kernfs_fop_open+0xd80/0xd80 [ 1452.543817][ T9037] vfs_write+0x268/0x5d0 [ 1452.548064][ T9037] ksys_write+0x14f/0x290 [ 1452.552400][ T9037] ? __ia32_sys_read+0xb0/0xb0 [ 1452.557157][ T9037] __x64_sys_write+0x73/0xb0 [ 1452.561747][ T9037] ? do_syscall_64+0xed/0x6a0 [ 1452.566428][ T9037] do_syscall_64+0xfd/0x6a0 [ 1452.570944][ T9037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1452.576821][ T9037] RIP: 0033:0x459829 [ 1452.580716][ T9037] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1452.600328][ T9037] RSP: 002b:00007f68bd8b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1452.608739][ T9037] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1452.616732][ T9037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1452.624716][ T9037] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1452.632711][ T9037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f68bd8b86d4 [ 1452.640682][ T9037] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1452.654575][ T9037] memory: usage 3380kB, limit 0kB, failcnt 431423 [ 1452.661182][ T9037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1452.668106][ T9037] Memory cgroup stats for /syz3: [ 1452.670160][ T9037] anon 2052096 [ 1452.670160][ T9037] file 172032 [ 1452.670160][ T9037] kernel_stack 65536 [ 1452.670160][ T9037] slab 1101824 [ 1452.670160][ T9037] sock 0 [ 1452.670160][ T9037] shmem 8192 [ 1452.670160][ T9037] file_mapped 0 [ 1452.670160][ T9037] file_dirty 135168 [ 1452.670160][ T9037] file_writeback 0 [ 1452.670160][ T9037] anon_thp 2097152 [ 1452.670160][ T9037] inactive_anon 0 [ 1452.670160][ T9037] active_anon 2052096 [ 1452.670160][ T9037] inactive_file 135168 [ 1452.670160][ T9037] active_file 118784 [ 1452.670160][ T9037] unevictable 0 [ 1452.670160][ T9037] slab_reclaimable 405504 [ 1452.670160][ T9037] slab_unreclaimable 696320 [ 1452.670160][ T9037] pgfault 105996 [ 1452.670160][ T9037] pgmajfault 0 [ 1452.670160][ T9037] workingset_refault 0 [ 1452.670160][ T9037] workingset_activate 0 [ 1452.670160][ T9037] workingset_nodereclaim 0 [ 1452.670160][ T9037] pgrefill 0 [ 1452.670160][ T9037] pgscan 0 [ 1452.670160][ T9037] pgsteal 0 [ 1452.670160][ T9037] pgactivate 0 [ 1452.766219][ T9037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9036,uid=0 [ 1452.782139][ T9037] Memory cgroup out of memory: Killed process 9036 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1452.797984][ T1057] oom_reaper: reaped process 9036 (syz-executor.3), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 23:12:31 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:31 executing program 2: 23:12:31 executing program 5: 23:12:31 executing program 0: 23:12:31 executing program 1: 23:12:31 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1452.989362][ T9029] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1452.999461][ T9029] CPU: 0 PID: 9029 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1453.007004][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1453.017065][ T9029] Call Trace: [ 1453.020362][ T9029] dump_stack+0x16f/0x1f0 [ 1453.020948][ T24] audit: type=1804 audit(1563837151.848:120): pid=9051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/513/file0/bus" dev="ramfs" ino=159522 res=1 [ 1453.024705][ T9029] dump_header+0x10b/0x831 [ 1453.054246][ T9029] ? oom_kill_process+0x94/0x3c0 [ 1453.059205][ T9029] oom_kill_process.cold+0x10/0x15 [ 1453.064337][ T9029] out_of_memory+0x79a/0x12d0 [ 1453.069034][ T9029] ? lock_downgrade+0x920/0x920 [ 1453.073906][ T9029] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1453.079726][ T9029] ? oom_killer_disable+0x280/0x280 [ 1453.084940][ T9029] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1453.090496][ T9029] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1453.096154][ T9029] ? do_raw_spin_unlock+0x57/0x270 [ 1453.101270][ T9029] ? _raw_spin_unlock+0x23/0x30 [ 1453.101289][ T9029] try_charge+0x1053/0x1430 [ 1453.101310][ T9029] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1453.101324][ T9029] ? percpu_ref_tryget_live+0x104/0x270 [ 1453.101350][ T9029] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1453.101369][ T9029] mem_cgroup_try_charge+0x136/0x590 [ 1453.132571][ T9029] mem_cgroup_try_charge_delay+0x1f/0xa0 23:12:31 executing program 0: 23:12:31 executing program 5: 23:12:32 executing program 1: [ 1453.138211][ T9029] wp_page_copy+0x27c/0x1380 [ 1453.142816][ T9029] ? find_held_lock+0x35/0x130 [ 1453.147600][ T9029] ? pmd_pfn+0x1d0/0x1d0 [ 1453.151849][ T9029] ? lock_downgrade+0x920/0x920 [ 1453.156719][ T9029] ? swp_swapcount+0x520/0x520 [ 1453.161497][ T9029] ? __kasan_check_read+0x11/0x20 [ 1453.166540][ T9029] ? do_raw_spin_unlock+0x57/0x270 [ 1453.171670][ T9029] do_wp_page+0x499/0x14d0 [ 1453.176137][ T9029] ? finish_mkwrite_fault+0x570/0x570 [ 1453.181532][ T9029] __handle_mm_fault+0x2120/0x3ce0 [ 1453.186662][ T9029] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1453.192229][ T9029] ? handle_mm_fault+0x294/0xa90 [ 1453.192251][ T9029] ? handle_mm_fault+0x675/0xa90 [ 1453.192270][ T9029] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1453.192291][ T9029] handle_mm_fault+0x3bb/0xa90 [ 1453.192313][ T9029] __do_page_fault+0x536/0xdd0 [ 1453.192336][ T9029] do_page_fault+0x38/0x536 [ 1453.192357][ T9029] page_fault+0x39/0x40 [ 1453.202225][ T9029] RIP: 0033:0x430906 23:12:32 executing program 2: [ 1453.202242][ T9029] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1453.202249][ T9029] RSP: 002b:00007ffe9d4df1f0 EFLAGS: 00010206 [ 1453.202260][ T9029] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1453.202268][ T9029] RDX: 0000555556495930 RSI: 000055555649d970 RDI: 0000000000000003 [ 1453.202275][ T9029] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556494940 [ 1453.202283][ T9029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1453.202290][ T9029] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1453.202548][ T9029] memory: usage 1044kB, limit 0kB, failcnt 431431 [ 1453.279672][ T9029] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1453.279679][ T9029] Memory cgroup stats for /syz3: [ 1453.279799][ T9029] anon 0 [ 1453.279799][ T9029] file 172032 [ 1453.279799][ T9029] kernel_stack 65536 [ 1453.279799][ T9029] slab 1101824 [ 1453.279799][ T9029] sock 0 [ 1453.279799][ T9029] shmem 8192 [ 1453.279799][ T9029] file_mapped 0 [ 1453.279799][ T9029] file_dirty 135168 [ 1453.279799][ T9029] file_writeback 0 [ 1453.279799][ T9029] anon_thp 0 [ 1453.279799][ T9029] inactive_anon 0 [ 1453.279799][ T9029] active_anon 0 [ 1453.279799][ T9029] inactive_file 135168 [ 1453.279799][ T9029] active_file 118784 [ 1453.279799][ T9029] unevictable 0 [ 1453.279799][ T9029] slab_reclaimable 405504 [ 1453.279799][ T9029] slab_unreclaimable 696320 [ 1453.279799][ T9029] pgfault 105996 [ 1453.279799][ T9029] pgmajfault 0 [ 1453.279799][ T9029] workingset_refault 0 [ 1453.279799][ T9029] workingset_activate 0 23:12:32 executing program 2: 23:12:32 executing program 1: [ 1453.279799][ T9029] workingset_nodereclaim 0 [ 1453.279799][ T9029] pgrefill 0 [ 1453.279799][ T9029] pgscan 0 [ 1453.279799][ T9029] pgsteal 0 [ 1453.279799][ T9029] pgactivate 0 [ 1453.279818][ T9029] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9029,uid=0 [ 1453.279897][ T9029] Memory cgroup out of memory: Killed process 9029 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB 23:12:32 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:32 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netstat\x00') preadv(r1, &(0x7f0000000600)=[{&(0x7f0000000380)=""/239, 0xef}], 0x1, 0x0) 23:12:32 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000000002c) fcntl$setstatus(r1, 0x4, 0x42806) 23:12:32 executing program 0: 23:12:32 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x802, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000580)={'syz1\x00', {}, 0x0, [], [0x0, 0x10000]}, 0x45c) 23:12:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:32 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netstat\x00') preadv(r1, &(0x7f0000000600)=[{&(0x7f0000000380)=""/239, 0xef}], 0x1, 0x0) [ 1454.058823][ T24] audit: type=1804 audit(1563837152.878:121): pid=9073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/514/file0/bus" dev="ramfs" ino=159567 res=1 [ 1454.130471][ T9085] input: syz1 as /devices/virtual/input/input111 23:12:33 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(0x0, 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:33 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000040), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r2, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1000000002c) fcntl$setstatus(r2, 0x4, 0x42806) 23:12:33 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:33 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000000002c) fcntl$setstatus(r1, 0x4, 0x42806) [ 1454.260817][ T9093] input: syz1 as /devices/virtual/input/input112 23:12:33 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:33 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(0x0, 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:33 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000000002c) fcntl$setstatus(r1, 0x4, 0x42806) 23:12:33 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:33 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(0x0, 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x802, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000580)={'syz1\x00', {}, 0x0, [], [0x0, 0x10000]}, 0x45c) [ 1455.308297][ T9138] input: syz1 as /devices/virtual/input/input113 [ 1456.276183][ T9142] IPVS: ftp: loaded support on port[0] = 21 [ 1456.354740][T23391] device bridge_slave_1 left promiscuous mode [ 1456.361109][T23391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1456.439871][T23391] device bridge_slave_0 left promiscuous mode [ 1456.446094][T23391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.458811][T23391] device hsr_slave_0 left promiscuous mode [ 1458.518566][T23391] device hsr_slave_1 left promiscuous mode [ 1458.567133][T23391] team0 (unregistering): Port device team_slave_1 removed [ 1458.581576][T23391] team0 (unregistering): Port device team_slave_0 removed [ 1458.592625][T23391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1458.632436][T23391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1458.716208][T23391] bond0 (unregistering): Released all slaves [ 1458.814088][ T9142] chnl_net:caif_netlink_parms(): no params data found [ 1458.848012][ T9142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1458.855319][ T9142] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.863183][ T9142] device bridge_slave_0 entered promiscuous mode [ 1458.872047][ T9142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1458.879203][ T9142] bridge0: port 2(bridge_slave_1) entered disabled state [ 1458.886857][ T9142] device bridge_slave_1 entered promiscuous mode [ 1458.908863][ T9142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1458.921411][ T9142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1458.945239][ T9142] team0: Port device team_slave_0 added [ 1458.952731][ T9142] team0: Port device team_slave_1 added [ 1459.010473][ T9142] device hsr_slave_0 entered promiscuous mode [ 1459.048801][ T9142] device hsr_slave_1 entered promiscuous mode [ 1459.088529][ T9142] debugfs: Directory 'hsr0' with parent '/' already present! [ 1459.138787][ T9142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1459.145897][ T9142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1459.153361][ T9142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1459.160501][ T9142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1459.222976][ T9142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1459.238129][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1459.253706][ T9484] bridge0: port 1(bridge_slave_0) entered disabled state [ 1459.262729][ T9484] bridge0: port 2(bridge_slave_1) entered disabled state [ 1459.277919][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1459.304022][ T9142] 8021q: adding VLAN 0 to HW filter on device team0 [ 1459.323294][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1459.332140][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 1459.339278][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1459.386838][ T9142] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1459.397560][ T9142] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1459.420932][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1459.429509][ T9484] bridge0: port 2(bridge_slave_1) entered blocking state [ 1459.436568][ T9484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1459.445070][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1459.454113][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1459.462647][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1459.471290][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1459.487149][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1459.495353][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1459.517981][ T9142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1459.686375][ T9150] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1459.752865][ T9150] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1459.763509][ T9150] CPU: 1 PID: 9150 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1459.771063][ T9150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1459.781121][ T9150] Call Trace: [ 1459.784428][ T9150] dump_stack+0x16f/0x1f0 [ 1459.788772][ T9150] dump_header+0x10b/0x831 [ 1459.793219][ T9150] oom_kill_process.cold+0x10/0x15 [ 1459.798348][ T9150] out_of_memory+0x79a/0x12d0 [ 1459.803135][ T9150] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1459.808795][ T9150] ? cgroup_file_notify+0x140/0x1b0 [ 1459.814022][ T9150] ? oom_killer_disable+0x280/0x280 [ 1459.819263][ T9150] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1459.824848][ T9150] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1459.830511][ T9150] ? cgroup_file_notify+0x140/0x1b0 [ 1459.835727][ T9150] memory_max_write+0x262/0x3a0 [ 1459.840600][ T9150] ? mem_cgroup_write+0x360/0x360 [ 1459.845633][ T9150] ? lock_acquire+0x190/0x400 [ 1459.850316][ T9150] ? kernfs_fop_write+0x227/0x480 [ 1459.855346][ T9150] cgroup_file_write+0x307/0x790 [ 1459.860295][ T9150] ? mem_cgroup_write+0x360/0x360 [ 1459.865326][ T9150] ? cgroup_show_path+0x590/0x590 [ 1459.870362][ T9150] ? cgroup_show_path+0x590/0x590 [ 1459.875388][ T9150] kernfs_fop_write+0x2b8/0x480 [ 1459.880252][ T9150] __vfs_write+0x8a/0x110 [ 1459.884586][ T9150] ? kernfs_fop_open+0xd80/0xd80 [ 1459.889539][ T9150] vfs_write+0x268/0x5d0 [ 1459.893798][ T9150] ksys_write+0x14f/0x290 [ 1459.898147][ T9150] ? __ia32_sys_read+0xb0/0xb0 [ 1459.902923][ T9150] ? do_syscall_64+0x26/0x6a0 [ 1459.907614][ T9150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1459.913717][ T9150] ? do_syscall_64+0x26/0x6a0 [ 1459.918406][ T9150] __x64_sys_write+0x73/0xb0 [ 1459.923012][ T9150] do_syscall_64+0xfd/0x6a0 [ 1459.927527][ T9150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1459.933427][ T9150] RIP: 0033:0x459829 [ 1459.937324][ T9150] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1459.956940][ T9150] RSP: 002b:00007f71802bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1459.965373][ T9150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1459.973347][ T9150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1459.981332][ T9150] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1459.989312][ T9150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71802c06d4 [ 1459.997294][ T9150] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1460.013528][ T9150] memory: usage 3384kB, limit 0kB, failcnt 431432 [ 1460.020317][ T9150] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1460.027234][ T9150] Memory cgroup stats for /syz3: [ 1460.028080][ T9150] anon 2138112 [ 1460.028080][ T9150] file 172032 [ 1460.028080][ T9150] kernel_stack 65536 [ 1460.028080][ T9150] slab 1101824 [ 1460.028080][ T9150] sock 0 [ 1460.028080][ T9150] shmem 8192 [ 1460.028080][ T9150] file_mapped 0 [ 1460.028080][ T9150] file_dirty 135168 [ 1460.028080][ T9150] file_writeback 0 [ 1460.028080][ T9150] anon_thp 2097152 [ 1460.028080][ T9150] inactive_anon 0 [ 1460.028080][ T9150] active_anon 2138112 [ 1460.028080][ T9150] inactive_file 135168 [ 1460.028080][ T9150] active_file 118784 [ 1460.028080][ T9150] unevictable 0 [ 1460.028080][ T9150] slab_reclaimable 405504 [ 1460.028080][ T9150] slab_unreclaimable 696320 [ 1460.028080][ T9150] pgfault 106029 [ 1460.028080][ T9150] pgmajfault 0 [ 1460.028080][ T9150] workingset_refault 0 [ 1460.028080][ T9150] workingset_activate 0 [ 1460.028080][ T9150] workingset_nodereclaim 0 [ 1460.028080][ T9150] pgrefill 0 [ 1460.028080][ T9150] pgscan 0 [ 1460.028080][ T9150] pgsteal 0 [ 1460.028080][ T9150] pgactivate 0 [ 1460.125589][ T9150] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9149,uid=0 [ 1460.141340][ T9150] Memory cgroup out of memory: Killed process 9149 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1460.157271][ T1057] oom_reaper: reaped process 9149 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 1460.277373][ T9142] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1460.287451][ T9142] CPU: 0 PID: 9142 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1460.295098][ T9142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1460.305167][ T9142] Call Trace: [ 1460.308486][ T9142] dump_stack+0x16f/0x1f0 [ 1460.312831][ T9142] dump_header+0x10b/0x831 [ 1460.317262][ T9142] ? oom_kill_process+0x94/0x3c0 [ 1460.322212][ T9142] oom_kill_process.cold+0x10/0x15 [ 1460.327338][ T9142] out_of_memory+0x79a/0x12d0 [ 1460.332039][ T9142] ? lock_downgrade+0x920/0x920 [ 1460.336919][ T9142] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1460.342753][ T9142] ? oom_killer_disable+0x280/0x280 [ 1460.348020][ T9142] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1460.353595][ T9142] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1460.359261][ T9142] ? do_raw_spin_unlock+0x57/0x270 [ 1460.364397][ T9142] ? _raw_spin_unlock+0x23/0x30 [ 1460.369293][ T9142] try_charge+0x1053/0x1430 23:12:39 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:39 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:39 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000000002c) fcntl$setstatus(r1, 0x4, 0x42806) 23:12:39 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:39 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:39 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x4040, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)={0x0, 0x1, 0x0, &(0x7f00000000c0)=0x57}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1460.373831][ T9142] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1460.379392][ T9142] ? percpu_ref_tryget_live+0x104/0x270 [ 1460.384960][ T9142] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1460.390517][ T9142] mem_cgroup_try_charge+0x136/0x590 [ 1460.395838][ T9142] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1460.401505][ T9142] wp_page_copy+0x27c/0x1380 [ 1460.406161][ T9142] ? find_held_lock+0x35/0x130 [ 1460.410962][ T9142] ? pmd_pfn+0x1d0/0x1d0 [ 1460.415230][ T9142] ? lock_downgrade+0x920/0x920 [ 1460.420110][ T9142] ? swp_swapcount+0x520/0x520 [ 1460.420130][ T9142] ? __kasan_check_read+0x11/0x20 [ 1460.420146][ T9142] ? do_raw_spin_unlock+0x57/0x270 [ 1460.420164][ T9142] do_wp_page+0x499/0x14d0 [ 1460.420191][ T9142] ? finish_mkwrite_fault+0x570/0x570 [ 1460.429990][ T9142] __handle_mm_fault+0x2120/0x3ce0 [ 1460.430009][ T9142] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1460.430024][ T9142] ? handle_mm_fault+0x294/0xa90 [ 1460.430046][ T9142] ? handle_mm_fault+0x675/0xa90 [ 1460.430063][ T9142] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1460.430082][ T9142] handle_mm_fault+0x3bb/0xa90 [ 1460.430106][ T9142] __do_page_fault+0x536/0xdd0 [ 1460.480396][ T9142] do_page_fault+0x38/0x536 [ 1460.484913][ T9142] page_fault+0x39/0x40 [ 1460.489080][ T9142] RIP: 0033:0x430906 [ 1460.492985][ T9142] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1460.512598][ T9142] RSP: 002b:00007fff13b7b890 EFLAGS: 00010206 [ 1460.518681][ T9142] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1460.526665][ T9142] RDX: 0000555556ef7930 RSI: 0000555556eff970 RDI: 0000000000000003 [ 1460.534651][ T9142] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556ef6940 [ 1460.542635][ T9142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1460.550617][ T9142] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1460.558942][ T9142] memory: usage 1048kB, limit 0kB, failcnt 431440 [ 1460.565371][ T9142] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1460.572313][ T9142] Memory cgroup stats for /syz3: [ 1460.572430][ T9142] anon 36864 [ 1460.572430][ T9142] file 172032 [ 1460.572430][ T9142] kernel_stack 65536 [ 1460.572430][ T9142] slab 1101824 [ 1460.572430][ T9142] sock 0 [ 1460.572430][ T9142] shmem 8192 [ 1460.572430][ T9142] file_mapped 0 [ 1460.572430][ T9142] file_dirty 135168 [ 1460.572430][ T9142] file_writeback 0 [ 1460.572430][ T9142] anon_thp 0 [ 1460.572430][ T9142] inactive_anon 0 [ 1460.572430][ T9142] active_anon 36864 [ 1460.572430][ T9142] inactive_file 135168 [ 1460.572430][ T9142] active_file 118784 [ 1460.572430][ T9142] unevictable 0 [ 1460.572430][ T9142] slab_reclaimable 405504 [ 1460.572430][ T9142] slab_unreclaimable 696320 [ 1460.572430][ T9142] pgfault 106029 [ 1460.572430][ T9142] pgmajfault 0 [ 1460.572430][ T9142] workingset_refault 0 [ 1460.572430][ T9142] workingset_activate 0 [ 1460.572430][ T9142] workingset_nodereclaim 0 [ 1460.572430][ T9142] pgrefill 0 [ 1460.572430][ T9142] pgscan 0 [ 1460.572430][ T9142] pgsteal 0 [ 1460.572430][ T9142] pgactivate 0 [ 1460.667456][ T9142] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9142,uid=0 [ 1460.682918][ T9142] Memory cgroup out of memory: Killed process 9142 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1460.706913][ T1057] oom_reaper: reaped process 9142 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:12:39 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) memfd_create(&(0x7f0000000200)='/\xd2\a\xaa(\t0\xedj\\\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\xf8\x03\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bQ\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:39 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:39 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r2, 0x200004) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 23:12:39 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) [ 1461.092005][ T24] audit: type=1804 audit(1563837159.918:122): pid=9174 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/519/file0/bus" dev="ramfs" ino=159871 res=1 23:12:40 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:40 executing program 1: ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) [ 1461.457296][ T24] audit: type=1804 audit(1563837160.278:123): pid=9182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/520/file0/bus" dev="ramfs" ino=160956 res=1 23:12:40 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:40 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000ac0)=@sack_info={0x0, 0x0, 0x22}, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x80001d00c0d0) 23:12:40 executing program 1: ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) 23:12:40 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000000002c) 23:12:40 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:40 executing program 0: rt_sigprocmask(0x0, &(0x7f0000a9a000), 0x0, 0x8) r0 = memfd_create(&(0x7f0000000040)='Et\x00', 0x0) r1 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ashmem\x00', 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r2, r3) io_setup(0x0, 0x0) getsockopt$inet6_dccp_int(r1, 0x21, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000280)='./file0\x00', 0xffffffffffffffff) ioctl$TCSETA(r0, 0x4030582a, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0) gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000029000)) 23:12:40 executing program 1: ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) 23:12:40 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:40 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:41 executing program 1: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:41 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='cpuset.mem_exclusive\x00\xf64[M\b\xc5L\xb0\xe3zLBh\x1a\xe9\f=\x80\b\x8e\xef\x91\xad\xe2\xc3\x12k\xbb\x88\xecau\x90\xc1\xfb+\x1c\xbe\xab\x1d\xdd\xeaw=\xf7\xed\xca9\xd6\xeb\x92\x99w>\xd3$\xcf#`\xc9\x00\x9b\x9a}\xcfX\xe7\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuacct.usage\x00', 0x2, 0x0) sendfile(r1, r2, 0x0, 0x508) 23:12:41 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:41 executing program 1: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:41 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffd, 0x10, 0xffffffffffffffff, 0x0) clone(0x80810c, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0x400c920a, 0x80000000200096c2) 23:12:41 executing program 1: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) 23:12:41 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:41 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) 23:12:41 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='cpuset.mem_exclusive\x00\xf64[M\b\xc5L\xb0\xe3zLBh\x1a\xe9\f=\x80\b\x8e\xef\x91\xad\xe2\xc3\x12k\xbb\x88\xecau\x90\xc1\xfb+\x1c\xbe\xab\x1d\xdd\xeaw=\xf7\xed\xca9\xd6\xeb\x92\x99w>\xd3$\xcf#`\xc9\x00\x9b\x9a}\xcfX\xe7\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuacct.usage\x00', 0x2, 0x0) sendfile(r1, r2, 0x0, 0x508) 23:12:41 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:41 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='cpuset.mem_exclusive\x00\xf64[M\b\xc5L\xb0\xe3zLBh\x1a\xe9\f=\x80\b\x8e\xef\x91\xad\xe2\xc3\x12k\xbb\x88\xecau\x90\xc1\xfb+\x1c\xbe\xab\x1d\xdd\xeaw=\xf7\xed\xca9\xd6\xeb\x92\x99w>\xd3$\xcf#`\xc9\x00\x9b\x9a}\xcfX\xe7\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuacct.usage\x00', 0x2, 0x0) sendfile(r1, r2, 0x0, 0x508) [ 1463.849286][ T9258] IPVS: ftp: loaded support on port[0] = 21 [ 1463.987145][ T9258] chnl_net:caif_netlink_parms(): no params data found [ 1464.018700][ T9258] bridge0: port 1(bridge_slave_0) entered blocking state [ 1464.025777][ T9258] bridge0: port 1(bridge_slave_0) entered disabled state [ 1464.033641][ T9258] device bridge_slave_0 entered promiscuous mode [ 1464.042119][ T9258] bridge0: port 2(bridge_slave_1) entered blocking state [ 1464.049398][ T9258] bridge0: port 2(bridge_slave_1) entered disabled state [ 1464.057214][ T9258] device bridge_slave_1 entered promiscuous mode [ 1464.152040][ T9258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1464.163772][ T9258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1464.183414][ T9258] team0: Port device team_slave_0 added [ 1464.190381][ T9258] team0: Port device team_slave_1 added [ 1464.251027][ T9258] device hsr_slave_0 entered promiscuous mode [ 1464.308768][ T9258] device hsr_slave_1 entered promiscuous mode [ 1464.348477][ T9258] debugfs: Directory 'hsr0' with parent '/' already present! [ 1464.436631][ T9258] bridge0: port 2(bridge_slave_1) entered blocking state [ 1464.443751][ T9258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1464.451143][ T9258] bridge0: port 1(bridge_slave_0) entered blocking state [ 1464.458226][ T9258] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1464.496516][ T9258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1464.584233][ T9258] 8021q: adding VLAN 0 to HW filter on device team0 [ 1464.591582][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1464.600608][ T4577] bridge0: port 1(bridge_slave_0) entered disabled state [ 1464.608265][ T4577] bridge0: port 2(bridge_slave_1) entered disabled state [ 1464.616597][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1464.629650][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1464.638068][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 1464.645206][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1464.654110][T23391] device bridge_slave_1 left promiscuous mode [ 1464.661131][T23391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1464.700439][T23391] device bridge_slave_0 left promiscuous mode [ 1464.706653][T23391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1466.758865][T23391] device hsr_slave_0 left promiscuous mode [ 1466.798577][T23391] device hsr_slave_1 left promiscuous mode [ 1466.846161][T23391] team0 (unregistering): Port device team_slave_1 removed [ 1466.860924][T23391] team0 (unregistering): Port device team_slave_0 removed [ 1466.875436][T23391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1466.902568][T23391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1466.996960][T23391] bond0 (unregistering): Released all slaves [ 1467.080238][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1467.088795][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 1467.096124][ T454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1467.107396][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1467.119877][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1467.129666][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1467.139293][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1467.158239][ T9258] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1467.169321][ T9258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1467.181366][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1467.190089][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1467.198600][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1467.206863][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1467.215478][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1467.223718][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1467.233035][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1467.251522][ T9258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1467.387029][ T9266] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1467.457338][ T9266] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1467.467741][ T9266] CPU: 1 PID: 9266 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1467.475301][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1467.485371][ T9266] Call Trace: [ 1467.488701][ T9266] dump_stack+0x16f/0x1f0 [ 1467.493057][ T9266] dump_header+0x10b/0x831 [ 1467.497499][ T9266] oom_kill_process.cold+0x10/0x15 [ 1467.502638][ T9266] out_of_memory+0x79a/0x12d0 [ 1467.507359][ T9266] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1467.513016][ T9266] ? cgroup_file_notify+0x140/0x1b0 [ 1467.518239][ T9266] ? oom_killer_disable+0x280/0x280 [ 1467.523477][ T9266] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1467.529045][ T9266] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1467.534796][ T9266] ? cgroup_file_notify+0x140/0x1b0 [ 1467.540022][ T9266] memory_max_write+0x262/0x3a0 [ 1467.544901][ T9266] ? mem_cgroup_write+0x360/0x360 [ 1467.549947][ T9266] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1467.555431][ T9266] cgroup_file_write+0x307/0x790 [ 1467.560391][ T9266] ? mem_cgroup_write+0x360/0x360 [ 1467.565427][ T9266] ? cgroup_show_path+0x590/0x590 [ 1467.570469][ T9266] ? cgroup_show_path+0x590/0x590 [ 1467.575502][ T9266] kernfs_fop_write+0x2b8/0x480 [ 1467.580369][ T9266] __vfs_write+0x8a/0x110 [ 1467.584707][ T9266] ? kernfs_fop_open+0xd80/0xd80 [ 1467.589655][ T9266] vfs_write+0x268/0x5d0 [ 1467.593908][ T9266] ksys_write+0x14f/0x290 [ 1467.598247][ T9266] ? __ia32_sys_read+0xb0/0xb0 [ 1467.603021][ T9266] ? do_syscall_64+0x26/0x6a0 [ 1467.607703][ T9266] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1467.613777][ T9266] ? do_syscall_64+0x26/0x6a0 [ 1467.618461][ T9266] __x64_sys_write+0x73/0xb0 [ 1467.623072][ T9266] do_syscall_64+0xfd/0x6a0 [ 1467.627584][ T9266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1467.633473][ T9266] RIP: 0033:0x459829 [ 1467.637368][ T9266] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1467.656979][ T9266] RSP: 002b:00007f4e81a08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1467.665406][ T9266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1467.673392][ T9266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1467.681382][ T9266] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1467.689366][ T9266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e81a096d4 [ 1467.697349][ T9266] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1467.717994][ T9266] memory: usage 3368kB, limit 0kB, failcnt 431441 [ 1467.724562][ T9266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1467.731551][ T9266] Memory cgroup stats for /syz3: [ 1467.732279][ T9266] anon 2134016 [ 1467.732279][ T9266] file 172032 [ 1467.732279][ T9266] kernel_stack 65536 [ 1467.732279][ T9266] slab 1101824 [ 1467.732279][ T9266] sock 0 [ 1467.732279][ T9266] shmem 8192 [ 1467.732279][ T9266] file_mapped 0 [ 1467.732279][ T9266] file_dirty 135168 [ 1467.732279][ T9266] file_writeback 0 [ 1467.732279][ T9266] anon_thp 2097152 [ 1467.732279][ T9266] inactive_anon 0 [ 1467.732279][ T9266] active_anon 2134016 [ 1467.732279][ T9266] inactive_file 135168 [ 1467.732279][ T9266] active_file 118784 [ 1467.732279][ T9266] unevictable 0 [ 1467.732279][ T9266] slab_reclaimable 405504 [ 1467.732279][ T9266] slab_unreclaimable 696320 [ 1467.732279][ T9266] pgfault 106095 [ 1467.732279][ T9266] pgmajfault 0 [ 1467.732279][ T9266] workingset_refault 0 [ 1467.732279][ T9266] workingset_activate 0 [ 1467.732279][ T9266] workingset_nodereclaim 0 [ 1467.732279][ T9266] pgrefill 0 [ 1467.732279][ T9266] pgscan 0 [ 1467.732279][ T9266] pgsteal 0 [ 1467.732279][ T9266] pgactivate 0 [ 1467.830212][ T9266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9265,uid=0 [ 1467.846212][ T9266] Memory cgroup out of memory: Killed process 9265 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1467.862619][ T1057] oom_reaper: reaped process 9265 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:12:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:46 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) 23:12:46 executing program 1: syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) 23:12:46 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) 23:12:46 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:12:46 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='cpuset.mem_exclusive\x00\xf64[M\b\xc5L\xb0\xe3zLBh\x1a\xe9\f=\x80\b\x8e\xef\x91\xad\xe2\xc3\x12k\xbb\x88\xecau\x90\xc1\xfb+\x1c\xbe\xab\x1d\xdd\xeaw=\xf7\xed\xca9\xd6\xeb\x92\x99w>\xd3$\xcf#`\xc9\x00\x9b\x9a}\xcfX\xe7\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuacct.usage\x00', 0x2, 0x0) sendfile(r1, r2, 0x0, 0x508) [ 1468.019772][ T9258] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1468.029857][ T9258] CPU: 1 PID: 9258 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1468.038903][ T9258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1468.048970][ T9258] Call Trace: [ 1468.052283][ T9258] dump_stack+0x16f/0x1f0 [ 1468.056632][ T9258] dump_header+0x10b/0x831 [ 1468.061067][ T9258] ? oom_kill_process+0x94/0x3c0 [ 1468.066028][ T9258] oom_kill_process.cold+0x10/0x15 [ 1468.071161][ T9258] out_of_memory+0x79a/0x12d0 [ 1468.075860][ T9258] ? lock_downgrade+0x920/0x920 [ 1468.080731][ T9258] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1468.086558][ T9258] ? oom_killer_disable+0x280/0x280 [ 1468.091798][ T9258] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1468.097368][ T9258] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1468.103030][ T9258] ? do_raw_spin_unlock+0x57/0x270 [ 1468.108411][ T9258] ? _raw_spin_unlock+0x23/0x30 [ 1468.113281][ T9258] try_charge+0x1053/0x1430 [ 1468.117805][ T9258] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1468.123361][ T9258] ? percpu_ref_tryget_live+0x104/0x270 [ 1468.128936][ T9258] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1468.134492][ T9258] mem_cgroup_try_charge+0x136/0x590 [ 1468.139796][ T9258] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1468.145438][ T9258] wp_page_copy+0x27c/0x1380 [ 1468.150038][ T9258] ? find_held_lock+0x35/0x130 [ 1468.154808][ T9258] ? pmd_pfn+0x1d0/0x1d0 [ 1468.159059][ T9258] ? lock_downgrade+0x920/0x920 [ 1468.163919][ T9258] ? swp_swapcount+0x520/0x520 [ 1468.168684][ T9258] ? __kasan_check_read+0x11/0x20 [ 1468.173714][ T9258] ? do_raw_spin_unlock+0x57/0x270 [ 1468.178832][ T9258] do_wp_page+0x499/0x14d0 [ 1468.183253][ T9258] ? finish_mkwrite_fault+0x570/0x570 [ 1468.188638][ T9258] __handle_mm_fault+0x2120/0x3ce0 [ 1468.193757][ T9258] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1468.199309][ T9258] ? handle_mm_fault+0x294/0xa90 [ 1468.204262][ T9258] ? handle_mm_fault+0x675/0xa90 [ 1468.209226][ T9258] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1468.214531][ T9258] handle_mm_fault+0x3bb/0xa90 23:12:47 executing program 1: syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) [ 1468.219309][ T9258] __do_page_fault+0x536/0xdd0 [ 1468.224094][ T9258] do_page_fault+0x38/0x536 [ 1468.228612][ T9258] page_fault+0x39/0x40 [ 1468.232792][ T9258] RIP: 0033:0x430906 [ 1468.236694][ T9258] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1468.256313][ T9258] RSP: 002b:00007ffe42359800 EFLAGS: 00010206 [ 1468.262397][ T9258] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1468.270380][ T9258] RDX: 0000555556902930 RSI: 000055555690a970 RDI: 0000000000000003 [ 1468.300964][ T9258] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556901940 [ 1468.308989][ T9258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1468.317002][ T9258] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1468.325669][ T9258] memory: usage 1036kB, limit 0kB, failcnt 431449 [ 1468.332173][ T9258] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1468.339093][ T9258] Memory cgroup stats for /syz3: [ 1468.339220][ T9258] anon 32768 [ 1468.339220][ T9258] file 172032 [ 1468.339220][ T9258] kernel_stack 0 [ 1468.339220][ T9258] slab 1101824 [ 1468.339220][ T9258] sock 0 [ 1468.339220][ T9258] shmem 8192 [ 1468.339220][ T9258] file_mapped 0 [ 1468.339220][ T9258] file_dirty 135168 [ 1468.339220][ T9258] file_writeback 0 [ 1468.339220][ T9258] anon_thp 0 [ 1468.339220][ T9258] inactive_anon 0 [ 1468.339220][ T9258] active_anon 32768 [ 1468.339220][ T9258] inactive_file 135168 [ 1468.339220][ T9258] active_file 118784 [ 1468.339220][ T9258] unevictable 0 [ 1468.339220][ T9258] slab_reclaimable 405504 [ 1468.339220][ T9258] slab_unreclaimable 696320 [ 1468.339220][ T9258] pgfault 106128 [ 1468.339220][ T9258] pgmajfault 0 [ 1468.339220][ T9258] workingset_refault 0 [ 1468.339220][ T9258] workingset_activate 0 [ 1468.339220][ T9258] workingset_nodereclaim 0 23:12:47 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) [ 1468.339220][ T9258] pgrefill 0 [ 1468.339220][ T9258] pgscan 0 [ 1468.339220][ T9258] pgsteal 0 [ 1468.339220][ T9258] pgactivate 0 [ 1468.440202][ T9258] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9258,uid=0 [ 1468.455645][ T9258] Memory cgroup out of memory: Killed process 9258 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB 23:12:47 executing program 1: syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) [ 1468.470281][ T1057] oom_reaper: reaped process 9258 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:12:47 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:12:47 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x23e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 23:12:47 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:48 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:48 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, 0x0) 23:12:48 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 23:12:48 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r0, r0) syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00') getsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f00000001c0)={@empty}, &(0x7f0000000200)=0xc) getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000380)={0x0, @local, @dev}, &(0x7f00000003c0)=0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'sit0\x00'}) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000440)={@loopback, @remote}, &(0x7f0000000480)=0x18f) getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000004c0)={@broadcast}, &(0x7f0000000180)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000540)={{{@in=@loopback, @in6=@remote}}, {{@in=@multicast2}, 0x0, @in6=@remote}}, &(0x7f0000000640)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@loopback, @in6=@remote}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000780)=0xe8) getpeername$packet(r0, &(0x7f0000000840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000880)=0x14) accept$packet(0xffffffffffffffff, &(0x7f00000009c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000a00)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000a80)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000b80)={{{@in=@broadcast, @in6=@mcast2}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000000c80)=0xe8) getsockopt$inet_mreqn(r0, 0x0, 0x30, &(0x7f0000006d00)={@initdev, @loopback}, &(0x7f0000006d40)=0xc) 23:12:48 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:12:48 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x23e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 23:12:48 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 23:12:48 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:48 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000005a00)='pagemap\x00\n\xb8\x12\xa0pk\xebLI\x88JB\xd5\x18\xf6\x92\a;\x8b\x04n\xa5\xc2:\n\xe3\x18!J\x06\x80\x14\xb1\"\x8d\xdf\xe8\xb44\x81|\x8a\xb5\xc8?\xa4\x84?RE\x8c\xdb\xfe\xd3q\xd0/\tP\xf6@A\x1b\xce\xb5N\xa9\x8c\xfc\x96?\xb5O\xb0\x94w\x9b\x15%\x1ea\xe4\xf9\x00<\xf7;\n.\xe8H\xb7\x19\xa5') readv(r2, &(0x7f0000002540)=[{&(0x7f0000001540)=""/4096, 0xfffffff5}], 0x1) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x20000031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r1, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$getsig(0x4202, 0x0, 0x0, &(0x7f0000000280)) 23:12:48 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, 0x0) [ 1469.754594][ T24] audit: type=1804 audit(1563837168.578:124): pid=9322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/530/file0/bus" dev="ramfs" ino=161192 res=1 23:12:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, 0x0) 23:12:48 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 23:12:48 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) open(0x0, 0x0, 0x0) 23:12:48 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, 0x0) [ 1470.079688][ T24] audit: type=1804 audit(1563837168.908:125): pid=9339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/531/file0/bus" dev="ramfs" ino=161217 res=1 23:12:49 executing program 0: mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='security.selinux\x00', 0x0, 0x0, 0x0) llistxattr(&(0x7f0000000140)='./file1\x00', &(0x7f00000002c0)=""/136, 0x88) 23:12:49 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 23:12:49 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:12:49 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='gfs2\x00', 0x0, 0x0) [ 1470.363608][ T24] audit: type=1804 audit(1563837169.188:126): pid=9351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir315861266/syzkaller.fiVnX8/532/file0/bus" dev="ramfs" ino=161245 res=1 23:12:49 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, &(0x7f00000000c0)="0800a1695e0bcfe87b0071") r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 1471.720496][ T9370] IPVS: ftp: loaded support on port[0] = 21 [ 1471.858800][ T9370] chnl_net:caif_netlink_parms(): no params data found [ 1471.963172][ T9370] bridge0: port 1(bridge_slave_0) entered blocking state [ 1471.970492][ T9370] bridge0: port 1(bridge_slave_0) entered disabled state [ 1471.978137][ T9370] device bridge_slave_0 entered promiscuous mode [ 1472.059644][ T9370] bridge0: port 2(bridge_slave_1) entered blocking state [ 1472.066710][ T9370] bridge0: port 2(bridge_slave_1) entered disabled state [ 1472.074913][ T9370] device bridge_slave_1 entered promiscuous mode [ 1472.093707][ T9370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1472.105217][ T9370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1472.200215][ T9370] team0: Port device team_slave_0 added [ 1472.206952][ T9370] team0: Port device team_slave_1 added [ 1472.261804][ T9370] device hsr_slave_0 entered promiscuous mode [ 1472.318949][ T9370] device hsr_slave_1 entered promiscuous mode [ 1472.358547][ T9370] debugfs: Directory 'hsr0' with parent '/' already present! [ 1472.442250][ T9370] bridge0: port 2(bridge_slave_1) entered blocking state [ 1472.449351][ T9370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1472.456689][ T9370] bridge0: port 1(bridge_slave_0) entered blocking state [ 1472.464095][ T9370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1472.505170][ T9370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1472.513875][T23391] device bridge_slave_1 left promiscuous mode [ 1472.520222][T23391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1472.549814][T23391] device bridge_slave_0 left promiscuous mode [ 1472.556007][T23391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1474.619396][T23391] device hsr_slave_0 left promiscuous mode [ 1474.668556][T23391] device hsr_slave_1 left promiscuous mode [ 1474.716187][T23391] team0 (unregistering): Port device team_slave_1 removed [ 1474.730714][T23391] team0 (unregistering): Port device team_slave_0 removed [ 1474.743680][T23391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1474.772426][T23391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1474.848624][T23391] bond0 (unregistering): Released all slaves [ 1474.960995][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1474.969588][ T4577] bridge0: port 1(bridge_slave_0) entered disabled state [ 1474.977178][ T4577] bridge0: port 2(bridge_slave_1) entered disabled state [ 1474.985887][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1474.998017][ T9370] 8021q: adding VLAN 0 to HW filter on device team0 [ 1475.009493][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1475.018275][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1475.026813][ T8236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1475.033935][ T8236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1475.056331][ T9370] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1475.066797][ T9370] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1475.079390][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1475.087998][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1475.096556][ T8236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1475.103670][ T8236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1475.111796][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1475.120615][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1475.129446][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1475.137952][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1475.146419][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1475.155944][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1475.164420][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1475.172886][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1475.181364][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1475.189802][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1475.199428][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1475.207352][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1475.269619][ T9370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1475.390174][ T9378] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1475.468283][ T9378] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1475.479539][ T9378] CPU: 1 PID: 9378 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1475.487099][ T9378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1475.497729][ T9378] Call Trace: [ 1475.501041][ T9378] dump_stack+0x16f/0x1f0 [ 1475.505384][ T9378] dump_header+0x10b/0x831 [ 1475.509809][ T9378] oom_kill_process.cold+0x10/0x15 [ 1475.514930][ T9378] out_of_memory+0x79a/0x12d0 [ 1475.520244][ T9378] ? retint_kernel+0x10/0x10 [ 1475.524846][ T9378] ? oom_killer_disable+0x280/0x280 [ 1475.530070][ T9378] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 1475.536189][ T9378] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1475.542077][ T9378] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1475.548176][ T9378] ? cgroup_file_notify+0x140/0x1b0 [ 1475.554410][ T9378] memory_max_write+0x262/0x3a0 [ 1475.559395][ T9378] ? mem_cgroup_write+0x360/0x360 [ 1475.564449][ T9378] ? lock_acquire+0x190/0x400 [ 1475.569250][ T9378] ? kernfs_fop_write+0x227/0x480 [ 1475.574413][ T9378] cgroup_file_write+0x307/0x790 [ 1475.579668][ T9378] ? mem_cgroup_write+0x360/0x360 [ 1475.584866][ T9378] ? cgroup_show_path+0x590/0x590 [ 1475.590114][ T9378] ? cgroup_show_path+0x590/0x590 [ 1475.595286][ T9378] kernfs_fop_write+0x2b8/0x480 [ 1475.600162][ T9378] __vfs_write+0x8a/0x110 [ 1475.604939][ T9378] ? kernfs_fop_open+0xd80/0xd80 [ 1475.609943][ T9378] vfs_write+0x268/0x5d0 [ 1475.614216][ T9378] ksys_write+0x14f/0x290 [ 1475.618565][ T9378] ? __ia32_sys_read+0xb0/0xb0 [ 1475.623346][ T9378] ? do_syscall_64+0x26/0x6a0 [ 1475.628038][ T9378] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1475.634117][ T9378] ? do_syscall_64+0x26/0x6a0 [ 1475.638814][ T9378] __x64_sys_write+0x73/0xb0 [ 1475.643418][ T9378] do_syscall_64+0xfd/0x6a0 [ 1475.647941][ T9378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1475.653836][ T9378] RIP: 0033:0x459829 [ 1475.657740][ T9378] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1475.677354][ T9378] RSP: 002b:00007fa54ce86c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1475.685784][ T9378] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1475.693763][ T9378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1475.701743][ T9378] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1475.709718][ T9378] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa54ce876d4 [ 1475.717694][ T9378] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1475.730168][ T9378] memory: usage 3360kB, limit 0kB, failcnt 431450 [ 1475.736747][ T9378] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1475.743659][ T9378] Memory cgroup stats for /syz3: [ 1475.744566][ T9378] anon 2174976 [ 1475.744566][ T9378] file 172032 [ 1475.744566][ T9378] kernel_stack 0 [ 1475.744566][ T9378] slab 1101824 [ 1475.744566][ T9378] sock 0 [ 1475.744566][ T9378] shmem 8192 [ 1475.744566][ T9378] file_mapped 0 [ 1475.744566][ T9378] file_dirty 135168 [ 1475.744566][ T9378] file_writeback 0 [ 1475.744566][ T9378] anon_thp 2097152 [ 1475.744566][ T9378] inactive_anon 0 [ 1475.744566][ T9378] active_anon 2174976 [ 1475.744566][ T9378] inactive_file 135168 [ 1475.744566][ T9378] active_file 118784 [ 1475.744566][ T9378] unevictable 0 [ 1475.744566][ T9378] slab_reclaimable 405504 [ 1475.744566][ T9378] slab_unreclaimable 696320 [ 1475.744566][ T9378] pgfault 106194 [ 1475.744566][ T9378] pgmajfault 0 [ 1475.744566][ T9378] workingset_refault 0 [ 1475.744566][ T9378] workingset_activate 0 [ 1475.744566][ T9378] workingset_nodereclaim 0 [ 1475.744566][ T9378] pgrefill 0 [ 1475.744566][ T9378] pgscan 0 [ 1475.744566][ T9378] pgsteal 0 [ 1475.744566][ T9378] pgactivate 0 [ 1475.840247][ T9378] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9377,uid=0 [ 1475.855855][ T9378] Memory cgroup out of memory: Killed process 9377 (syz-executor.3) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 1475.877894][ T1057] oom_reaper: reaped process 9377 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:12:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) 23:12:54 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:12:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fb, &(0x7f0000deaff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x2004c000, 0x0, 0x0) 23:12:54 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:12:54 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:54 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3}}, @int]}}, &(0x7f0000000440)=""/214, 0x42, 0xd6, 0x1}, 0x20) [ 1476.032628][ T9370] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1476.043254][ T9370] CPU: 1 PID: 9370 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1476.050800][ T9370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1476.060951][ T9370] Call Trace: [ 1476.064257][ T9370] dump_stack+0x16f/0x1f0 [ 1476.068595][ T9370] dump_header+0x10b/0x831 [ 1476.073012][ T9370] ? oom_kill_process+0x94/0x3c0 [ 1476.077950][ T9370] oom_kill_process.cold+0x10/0x15 [ 1476.083061][ T9370] out_of_memory+0x79a/0x12d0 [ 1476.087741][ T9370] ? lock_downgrade+0x920/0x920 [ 1476.092621][ T9370] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1476.098427][ T9370] ? oom_killer_disable+0x280/0x280 [ 1476.103639][ T9370] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1476.109191][ T9370] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1476.114835][ T9370] ? do_raw_spin_unlock+0x57/0x270 [ 1476.119954][ T9370] ? _raw_spin_unlock+0x23/0x30 [ 1476.124808][ T9370] try_charge+0x1053/0x1430 [ 1476.129315][ T9370] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1476.134851][ T9370] ? percpu_ref_tryget_live+0x104/0x270 [ 1476.140401][ T9370] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1476.145944][ T9370] mem_cgroup_try_charge+0x136/0x590 [ 1476.151234][ T9370] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1476.156867][ T9370] wp_page_copy+0x27c/0x1380 [ 1476.161458][ T9370] ? find_held_lock+0x35/0x130 [ 1476.166245][ T9370] ? pmd_pfn+0x1d0/0x1d0 [ 1476.170491][ T9370] ? lock_downgrade+0x920/0x920 [ 1476.175344][ T9370] ? swp_swapcount+0x520/0x520 [ 1476.180105][ T9370] ? __kasan_check_read+0x11/0x20 [ 1476.185125][ T9370] ? do_raw_spin_unlock+0x57/0x270 [ 1476.190238][ T9370] do_wp_page+0x499/0x14d0 [ 1476.194654][ T9370] ? finish_mkwrite_fault+0x570/0x570 [ 1476.200027][ T9370] __handle_mm_fault+0x2120/0x3ce0 [ 1476.205143][ T9370] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1476.210684][ T9370] ? handle_mm_fault+0x294/0xa90 [ 1476.215630][ T9370] ? handle_mm_fault+0x675/0xa90 [ 1476.220571][ T9370] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1476.225868][ T9370] handle_mm_fault+0x3bb/0xa90 [ 1476.230994][ T9370] __do_page_fault+0x536/0xdd0 [ 1476.235771][ T9370] do_page_fault+0x38/0x536 [ 1476.240279][ T9370] page_fault+0x39/0x40 [ 1476.244437][ T9370] RIP: 0033:0x430906 [ 1476.248335][ T9370] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1476.267954][ T9370] RSP: 002b:00007ffe1f6951f0 EFLAGS: 00010206 [ 1476.274035][ T9370] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1476.282018][ T9370] RDX: 0000555555d41930 RSI: 0000555555d49970 RDI: 0000000000000003 [ 1476.290001][ T9370] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555d40940 [ 1476.297988][ T9370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1476.305965][ T9370] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1476.314051][ T9370] memory: usage 1032kB, limit 0kB, failcnt 431458 [ 1476.320518][ T9370] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1476.327364][ T9370] Memory cgroup stats for /syz3: 23:12:55 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) [ 1476.327485][ T9370] anon 0 [ 1476.327485][ T9370] file 172032 [ 1476.327485][ T9370] kernel_stack 0 [ 1476.327485][ T9370] slab 1101824 [ 1476.327485][ T9370] sock 0 [ 1476.327485][ T9370] shmem 8192 [ 1476.327485][ T9370] file_mapped 0 [ 1476.327485][ T9370] file_dirty 135168 [ 1476.327485][ T9370] file_writeback 0 [ 1476.327485][ T9370] anon_thp 0 [ 1476.327485][ T9370] inactive_anon 0 [ 1476.327485][ T9370] active_anon 0 [ 1476.327485][ T9370] inactive_file 135168 [ 1476.327485][ T9370] active_file 118784 [ 1476.327485][ T9370] unevictable 0 23:12:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) 23:12:55 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) [ 1476.327485][ T9370] slab_reclaimable 405504 [ 1476.327485][ T9370] slab_unreclaimable 696320 [ 1476.327485][ T9370] pgfault 106194 [ 1476.327485][ T9370] pgmajfault 0 [ 1476.327485][ T9370] workingset_refault 0 [ 1476.327485][ T9370] workingset_activate 0 [ 1476.327485][ T9370] workingset_nodereclaim 0 [ 1476.327485][ T9370] pgrefill 0 [ 1476.327485][ T9370] pgscan 0 [ 1476.327485][ T9370] pgsteal 0 [ 1476.327485][ T9370] pgactivate 0 23:12:55 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) setresuid(0x0, 0xee01, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) [ 1476.421693][ T9370] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9370,uid=0 [ 1476.437137][ T9370] Memory cgroup out of memory: Killed process 9370 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1476.451891][ T1057] oom_reaper: reaped process 9370 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:12:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) 23:12:55 executing program 0: chdir(0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) rename(&(0x7f0000000a40)='./file0\x00', &(0x7f0000000a80)='./file1\x00') [ 1476.623068][ T9402] hfs: invalid gid -1 [ 1476.627092][ T9402] hfs: unable to parse mount options 23:12:55 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:12:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:12:56 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:12:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) r1 = dup2(r0, r0) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) [ 1477.357995][ T9425] hfs: invalid gid -1 [ 1477.362135][ T9425] hfs: unable to parse mount options 23:12:56 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:56 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x0) 23:12:56 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:12:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:12:56 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:12:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:12:56 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_buf(r0, 0x29, 0x31, 0x0, 0x0) [ 1477.672951][ T9437] hfs: invalid gid -1 [ 1477.676981][ T9437] hfs: unable to parse mount options 23:12:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000300)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0xfffffffffffffffa}) 23:12:56 executing program 1: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:12:56 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:12:56 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_buf(r0, 0x29, 0x31, 0x0, 0x0) 23:12:56 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:12:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:12:56 executing program 1: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:12:57 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_buf(r0, 0x29, 0x31, 0x0, 0x0) 23:12:57 executing program 0: 23:12:57 executing program 1: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) [ 1478.362066][ T9467] hfs: invalid gid -1 [ 1478.366094][ T9467] hfs: unable to parse mount options 23:12:57 executing program 0: 23:12:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:12:57 executing program 4: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:12:57 executing program 1: r0 = creat(0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) [ 1480.020480][ T9494] IPVS: ftp: loaded support on port[0] = 21 [ 1480.240955][ T9494] chnl_net:caif_netlink_parms(): no params data found [ 1480.269574][ T9494] bridge0: port 1(bridge_slave_0) entered blocking state [ 1480.276678][ T9494] bridge0: port 1(bridge_slave_0) entered disabled state [ 1480.284527][ T9494] device bridge_slave_0 entered promiscuous mode [ 1480.298238][ T9494] bridge0: port 2(bridge_slave_1) entered blocking state [ 1480.305432][ T9494] bridge0: port 2(bridge_slave_1) entered disabled state [ 1480.313736][ T9494] device bridge_slave_1 entered promiscuous mode [ 1480.329747][ T9494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1480.414039][ T9494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1480.434478][ T9494] team0: Port device team_slave_0 added [ 1480.441759][ T9494] team0: Port device team_slave_1 added [ 1480.571869][ T9494] device hsr_slave_0 entered promiscuous mode [ 1480.609012][ T9494] device hsr_slave_1 entered promiscuous mode [ 1480.648516][ T9494] debugfs: Directory 'hsr0' with parent '/' already present! [ 1480.657092][T23391] device bridge_slave_1 left promiscuous mode [ 1480.663420][T23391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1480.709415][T23391] device bridge_slave_0 left promiscuous mode [ 1480.715603][T23391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1482.758952][T23391] device hsr_slave_0 left promiscuous mode [ 1482.808749][T23391] device hsr_slave_1 left promiscuous mode [ 1482.886143][T23391] team0 (unregistering): Port device team_slave_1 removed [ 1482.901152][T23391] team0 (unregistering): Port device team_slave_0 removed [ 1482.914392][T23391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1482.962717][T23391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1483.036679][T23391] bond0 (unregistering): Released all slaves [ 1483.173838][ T9494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1483.185893][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1483.194009][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1483.204161][ T9494] 8021q: adding VLAN 0 to HW filter on device team0 [ 1483.229691][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1483.238335][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1483.247520][ T8236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1483.254662][ T8236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1483.262759][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1483.271652][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1483.280345][ T8236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1483.287395][ T8236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1483.295371][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1483.303999][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1483.312933][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1483.321583][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1483.330312][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1483.339222][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1483.348160][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1483.356633][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1483.371001][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1483.379601][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1483.421356][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1483.430013][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1483.451306][ T9494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1483.489596][ T9494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1483.642862][ T9502] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1483.717197][ T9502] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1483.729147][ T9502] CPU: 0 PID: 9502 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1483.736725][ T9502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1483.746797][ T9502] Call Trace: [ 1483.750113][ T9502] dump_stack+0x16f/0x1f0 [ 1483.754498][ T9502] dump_header+0x10b/0x831 [ 1483.758942][ T9502] oom_kill_process.cold+0x10/0x15 [ 1483.764062][ T9502] out_of_memory+0x79a/0x12d0 [ 1483.768777][ T9502] ? retint_kernel+0x10/0x10 [ 1483.773377][ T9502] ? oom_killer_disable+0x280/0x280 [ 1483.778596][ T9502] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 1483.784331][ T9502] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1483.789891][ T9502] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1483.795553][ T9502] ? cgroup_file_notify+0x140/0x1b0 [ 1483.800767][ T9502] memory_max_write+0x262/0x3a0 [ 1483.805637][ T9502] ? mem_cgroup_write+0x360/0x360 [ 1483.810675][ T9502] ? lock_acquire+0x190/0x400 [ 1483.815364][ T9502] ? kernfs_fop_write+0x227/0x480 [ 1483.820409][ T9502] cgroup_file_write+0x307/0x790 [ 1483.825366][ T9502] ? mem_cgroup_write+0x360/0x360 [ 1483.830405][ T9502] ? cgroup_show_path+0x590/0x590 [ 1483.835451][ T9502] ? cgroup_show_path+0x590/0x590 [ 1483.840489][ T9502] kernfs_fop_write+0x2b8/0x480 [ 1483.845359][ T9502] __vfs_write+0x8a/0x110 [ 1483.849697][ T9502] ? kernfs_fop_open+0xd80/0xd80 [ 1483.854651][ T9502] vfs_write+0x268/0x5d0 [ 1483.858910][ T9502] ksys_write+0x14f/0x290 [ 1483.863246][ T9502] ? __ia32_sys_read+0xb0/0xb0 [ 1483.868017][ T9502] ? do_syscall_64+0x26/0x6a0 [ 1483.872708][ T9502] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1483.878779][ T9502] ? do_syscall_64+0x26/0x6a0 [ 1483.883469][ T9502] __x64_sys_write+0x73/0xb0 [ 1483.888068][ T9502] do_syscall_64+0xfd/0x6a0 [ 1483.892588][ T9502] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1483.898481][ T9502] RIP: 0033:0x459829 [ 1483.902382][ T9502] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1483.921992][ T9502] RSP: 002b:00007fcdaa6b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1483.930902][ T9502] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1483.938881][ T9502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1483.946932][ T9502] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1483.954918][ T9502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcdaa6b86d4 [ 1483.962897][ T9502] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1483.971076][ T9502] memory: usage 3380kB, limit 0kB, failcnt 431459 [ 1483.977569][ T9502] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1483.984546][ T9502] Memory cgroup stats for /syz3: [ 1483.985442][ T9502] anon 2174976 [ 1483.985442][ T9502] file 172032 [ 1483.985442][ T9502] kernel_stack 0 [ 1483.985442][ T9502] slab 1101824 [ 1483.985442][ T9502] sock 0 [ 1483.985442][ T9502] shmem 8192 [ 1483.985442][ T9502] file_mapped 0 [ 1483.985442][ T9502] file_dirty 135168 [ 1483.985442][ T9502] file_writeback 0 [ 1483.985442][ T9502] anon_thp 2097152 [ 1483.985442][ T9502] inactive_anon 0 [ 1483.985442][ T9502] active_anon 2174976 [ 1483.985442][ T9502] inactive_file 135168 [ 1483.985442][ T9502] active_file 118784 [ 1483.985442][ T9502] unevictable 0 [ 1483.985442][ T9502] slab_reclaimable 405504 [ 1483.985442][ T9502] slab_unreclaimable 696320 [ 1483.985442][ T9502] pgfault 106260 [ 1483.985442][ T9502] pgmajfault 0 [ 1483.985442][ T9502] workingset_refault 0 [ 1483.985442][ T9502] workingset_activate 0 [ 1483.985442][ T9502] workingset_nodereclaim 0 [ 1483.985442][ T9502] pgrefill 0 [ 1483.985442][ T9502] pgscan 0 [ 1483.985442][ T9502] pgsteal 0 [ 1483.985442][ T9502] pgactivate 0 [ 1484.082055][ T9502] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9501,uid=0 [ 1484.097998][ T9502] Memory cgroup out of memory: Killed process 9501 (syz-executor.3) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 1484.114862][ T1057] oom_reaper: reaped process 9501 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:13:03 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:03 executing program 0: 23:13:03 executing program 2: syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:03 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:13:03 executing program 4: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:03 executing program 1: r0 = creat(0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) [ 1484.253336][ T9494] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1484.263586][ T9494] CPU: 0 PID: 9494 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1484.271143][ T9494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1484.281733][ T9494] Call Trace: [ 1484.285038][ T9494] dump_stack+0x16f/0x1f0 [ 1484.289386][ T9494] dump_header+0x10b/0x831 [ 1484.293813][ T9494] ? oom_kill_process+0x94/0x3c0 [ 1484.298762][ T9494] oom_kill_process.cold+0x10/0x15 [ 1484.303892][ T9494] out_of_memory+0x79a/0x12d0 [ 1484.308605][ T9494] ? lock_downgrade+0x920/0x920 [ 1484.313485][ T9494] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1484.319317][ T9494] ? oom_killer_disable+0x280/0x280 [ 1484.324548][ T9494] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1484.330114][ T9494] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1484.335758][ T9494] ? do_raw_spin_unlock+0x57/0x270 [ 1484.340877][ T9494] ? _raw_spin_unlock+0x23/0x30 [ 1484.345742][ T9494] try_charge+0x1053/0x1430 [ 1484.350258][ T9494] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1484.355814][ T9494] ? percpu_ref_tryget_live+0x104/0x270 [ 1484.361374][ T9494] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1484.366930][ T9494] mem_cgroup_try_charge+0x136/0x590 [ 1484.372221][ T9494] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1484.377860][ T9494] wp_page_copy+0x27c/0x1380 [ 1484.382455][ T9494] ? find_held_lock+0x35/0x130 [ 1484.387315][ T9494] ? pmd_pfn+0x1d0/0x1d0 [ 1484.391565][ T9494] ? lock_downgrade+0x920/0x920 [ 1484.396424][ T9494] ? swp_swapcount+0x520/0x520 [ 1484.401190][ T9494] ? __kasan_check_read+0x11/0x20 [ 1484.406215][ T9494] ? do_raw_spin_unlock+0x57/0x270 [ 1484.411331][ T9494] do_wp_page+0x499/0x14d0 [ 1484.415757][ T9494] ? finish_mkwrite_fault+0x570/0x570 [ 1484.421148][ T9494] __handle_mm_fault+0x2120/0x3ce0 [ 1484.426269][ T9494] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1484.431815][ T9494] ? handle_mm_fault+0x294/0xa90 [ 1484.436763][ T9494] ? handle_mm_fault+0x675/0xa90 [ 1484.441710][ T9494] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1484.447001][ T9494] handle_mm_fault+0x3bb/0xa90 [ 1484.451885][ T9494] __do_page_fault+0x536/0xdd0 [ 1484.456675][ T9494] do_page_fault+0x38/0x536 [ 1484.461187][ T9494] page_fault+0x39/0x40 [ 1484.465340][ T9494] RIP: 0033:0x430906 [ 1484.469237][ T9494] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1484.488939][ T9494] RSP: 002b:00007ffd8f36b0d0 EFLAGS: 00010206 [ 1484.495018][ T9494] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1484.503000][ T9494] RDX: 0000555555574930 RSI: 000055555557c970 RDI: 0000000000000003 [ 1484.511004][ T9494] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555573940 [ 1484.518986][ T9494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1484.526965][ T9494] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1484.535042][ T9494] memory: usage 1048kB, limit 0kB, failcnt 431467 [ 1484.541503][ T9494] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1484.548387][ T9494] Memory cgroup stats for /syz3: [ 1484.548499][ T9494] anon 0 [ 1484.548499][ T9494] file 172032 [ 1484.548499][ T9494] kernel_stack 0 [ 1484.548499][ T9494] slab 1101824 [ 1484.548499][ T9494] sock 0 [ 1484.548499][ T9494] shmem 8192 [ 1484.548499][ T9494] file_mapped 0 [ 1484.548499][ T9494] file_dirty 135168 [ 1484.548499][ T9494] file_writeback 0 [ 1484.548499][ T9494] anon_thp 0 [ 1484.548499][ T9494] inactive_anon 0 [ 1484.548499][ T9494] active_anon 0 [ 1484.548499][ T9494] inactive_file 135168 [ 1484.548499][ T9494] active_file 118784 [ 1484.548499][ T9494] unevictable 0 [ 1484.548499][ T9494] slab_reclaimable 405504 [ 1484.548499][ T9494] slab_unreclaimable 696320 [ 1484.548499][ T9494] pgfault 106260 [ 1484.548499][ T9494] pgmajfault 0 [ 1484.548499][ T9494] workingset_refault 0 [ 1484.548499][ T9494] workingset_activate 0 [ 1484.548499][ T9494] workingset_nodereclaim 0 [ 1484.548499][ T9494] pgrefill 0 [ 1484.548499][ T9494] pgscan 0 [ 1484.548499][ T9494] pgsteal 0 [ 1484.548499][ T9494] pgactivate 0 23:13:03 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:13:03 executing program 4: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:03 executing program 0: 23:13:03 executing program 1: r0 = creat(0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) [ 1484.642402][ T9494] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9494,uid=0 [ 1484.657850][ T9494] Memory cgroup out of memory: Killed process 9494 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1484.672681][ T1057] oom_reaper: reaped process 9494 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:13:03 executing program 0: 23:13:03 executing program 4: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:04 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:13:04 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:13:04 executing program 2: syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:04 executing program 0: 23:13:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x3}) dup2(r0, r1) 23:13:04 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:13:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:13:04 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:04 executing program 2: syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) setsockopt$inet6_buf(r1, 0x29, 0x31, 0x0, 0x0) 23:13:04 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 23:13:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x0, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:04 executing program 0: r0 = inotify_init1(0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000600)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tgkill(r1, r1, 0x36) ptrace$setregset(0x4209, r1, 0x20800005, 0x0) 23:13:04 executing program 2: mkdir(0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) 23:13:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x0, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) [ 1486.160056][ T9580] ptrace attach of "/root/syz-executor.0"[9060] was attempted by "/root/syz-executor.0"[9580] 23:13:05 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, 0x0) 23:13:05 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) 23:13:05 executing program 2: mkdir(0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) [ 1486.250592][ T9588] ptrace attach of "/root/syz-executor.0"[9060] was attempted by "/root/syz-executor.0"[9588] [ 1487.749681][T23391] device bridge_slave_1 left promiscuous mode [ 1487.755978][T23391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1487.810525][T23391] device bridge_slave_0 left promiscuous mode [ 1487.816766][T23391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1489.808902][T23391] device hsr_slave_0 left promiscuous mode [ 1489.858689][T23391] device hsr_slave_1 left promiscuous mode [ 1489.927301][T23391] team0 (unregistering): Port device team_slave_1 removed [ 1489.941135][T23391] team0 (unregistering): Port device team_slave_0 removed [ 1489.953279][T23391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1490.002546][T23391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1490.076465][T23391] bond0 (unregistering): Released all slaves [ 1490.178052][ T9607] IPVS: ftp: loaded support on port[0] = 21 [ 1490.255895][ T9607] chnl_net:caif_netlink_parms(): no params data found [ 1490.285029][ T9607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1490.292481][ T9607] bridge0: port 1(bridge_slave_0) entered disabled state [ 1490.300311][ T9607] device bridge_slave_0 entered promiscuous mode [ 1490.307919][ T9607] bridge0: port 2(bridge_slave_1) entered blocking state [ 1490.315090][ T9607] bridge0: port 2(bridge_slave_1) entered disabled state [ 1490.323531][ T9607] device bridge_slave_1 entered promiscuous mode [ 1490.343576][ T9607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1490.354786][ T9607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1490.424695][ T9607] team0: Port device team_slave_0 added [ 1490.438501][ T9607] team0: Port device team_slave_1 added [ 1490.631737][ T9607] device hsr_slave_0 entered promiscuous mode [ 1490.798898][ T9607] device hsr_slave_1 entered promiscuous mode [ 1491.018631][ T9607] debugfs: Directory 'hsr0' with parent '/' already present! [ 1491.039870][ T9607] bridge0: port 2(bridge_slave_1) entered blocking state [ 1491.047083][ T9607] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1491.054562][ T9607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1491.061700][ T9607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1491.113305][ T9607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1491.127239][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1491.136490][ T5291] bridge0: port 1(bridge_slave_0) entered disabled state [ 1491.144645][ T5291] bridge0: port 2(bridge_slave_1) entered disabled state [ 1491.166200][ T9607] 8021q: adding VLAN 0 to HW filter on device team0 [ 1491.180053][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1491.188788][T20827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1491.195865][T20827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1491.231204][ T9607] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1491.241680][ T9607] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1491.257279][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1491.265913][T20827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1491.273060][T20827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1491.281482][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1491.290472][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1491.299075][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1491.307480][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1491.316914][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1491.324992][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1491.347560][ T9607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1491.472156][ T9615] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1491.548020][ T9615] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1491.559413][ T9615] CPU: 1 PID: 9615 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1491.566969][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1491.577031][ T9615] Call Trace: [ 1491.580318][ T9615] dump_stack+0x16f/0x1f0 [ 1491.584682][ T9615] dump_header+0x10b/0x831 [ 1491.589117][ T9615] oom_kill_process.cold+0x10/0x15 [ 1491.594228][ T9615] out_of_memory+0x79a/0x12d0 [ 1491.598920][ T9615] ? retint_kernel+0x10/0x10 [ 1491.603530][ T9615] ? oom_killer_disable+0x280/0x280 [ 1491.608734][ T9615] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1491.614314][ T9615] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1491.619949][ T9615] ? cgroup_file_notify+0x140/0x1b0 [ 1491.625158][ T9615] memory_max_write+0x262/0x3a0 [ 1491.630021][ T9615] ? mem_cgroup_write+0x360/0x360 [ 1491.635086][ T9615] ? mem_cgroup_write+0x360/0x360 [ 1491.640110][ T9615] cgroup_file_write+0x307/0x790 [ 1491.645041][ T9615] ? mem_cgroup_write+0x360/0x360 [ 1491.650060][ T9615] ? cgroup_show_path+0x590/0x590 [ 1491.655081][ T9615] ? cgroup_show_path+0x590/0x590 [ 1491.660091][ T9615] kernfs_fop_write+0x2b8/0x480 [ 1491.665034][ T9615] __vfs_write+0x8a/0x110 [ 1491.669361][ T9615] ? kernfs_fop_open+0xd80/0xd80 [ 1491.674282][ T9615] vfs_write+0x268/0x5d0 [ 1491.678520][ T9615] ksys_write+0x14f/0x290 [ 1491.682845][ T9615] ? __ia32_sys_read+0xb0/0xb0 [ 1491.687612][ T9615] ? do_syscall_64+0x26/0x6a0 [ 1491.692274][ T9615] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1491.698324][ T9615] ? do_syscall_64+0x26/0x6a0 [ 1491.703005][ T9615] __x64_sys_write+0x73/0xb0 [ 1491.707592][ T9615] do_syscall_64+0xfd/0x6a0 [ 1491.712112][ T9615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1491.718079][ T9615] RIP: 0033:0x459829 [ 1491.721970][ T9615] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1491.741582][ T9615] RSP: 002b:00007fe557883c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1491.749992][ T9615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1491.757954][ T9615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1491.765913][ T9615] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1491.773878][ T9615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5578846d4 [ 1491.781843][ T9615] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1491.790052][ T9615] memory: usage 3392kB, limit 0kB, failcnt 431468 [ 1491.796605][ T9615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1491.803664][ T9615] Memory cgroup stats for /syz3: [ 1491.804710][ T9615] anon 2076672 [ 1491.804710][ T9615] file 172032 [ 1491.804710][ T9615] kernel_stack 65536 [ 1491.804710][ T9615] slab 962560 [ 1491.804710][ T9615] sock 0 [ 1491.804710][ T9615] shmem 8192 [ 1491.804710][ T9615] file_mapped 0 [ 1491.804710][ T9615] file_dirty 135168 [ 1491.804710][ T9615] file_writeback 0 [ 1491.804710][ T9615] anon_thp 2097152 [ 1491.804710][ T9615] inactive_anon 0 [ 1491.804710][ T9615] active_anon 2076672 [ 1491.804710][ T9615] inactive_file 135168 [ 1491.804710][ T9615] active_file 118784 [ 1491.804710][ T9615] unevictable 0 [ 1491.804710][ T9615] slab_reclaimable 405504 [ 1491.804710][ T9615] slab_unreclaimable 557056 [ 1491.804710][ T9615] pgfault 106326 [ 1491.804710][ T9615] pgmajfault 0 [ 1491.804710][ T9615] workingset_refault 0 [ 1491.804710][ T9615] workingset_activate 0 [ 1491.804710][ T9615] workingset_nodereclaim 0 [ 1491.804710][ T9615] pgrefill 0 [ 1491.804710][ T9615] pgscan 0 [ 1491.804710][ T9615] pgsteal 0 [ 1491.804710][ T9615] pgactivate 0 [ 1491.901078][ T9615] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9614,uid=0 [ 1491.917865][ T9615] Memory cgroup out of memory: Killed process 9614 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1491.934576][ T1057] oom_reaper: reaped process 9614 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:13:10 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, 0x0, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) 23:13:10 executing program 0: creat(&(0x7f0000000240)='./bus\x00', 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1000014103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x4002011, r0, 0x0) ftruncate(r0, 0xac3) prlimit64(0x0, 0x0, &(0x7f00000000c0), 0x0) 23:13:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x0, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:10 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, 0x0) 23:13:10 executing program 2: mkdir(0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) [ 1492.081150][ T9607] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1492.091389][ T9607] CPU: 1 PID: 9607 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1492.099053][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1492.109131][ T9607] Call Trace: [ 1492.112439][ T9607] dump_stack+0x16f/0x1f0 [ 1492.116784][ T9607] dump_header+0x10b/0x831 [ 1492.121218][ T9607] ? oom_kill_process+0x94/0x3c0 [ 1492.126167][ T9607] oom_kill_process.cold+0x10/0x15 [ 1492.131297][ T9607] out_of_memory+0x79a/0x12d0 [ 1492.135992][ T9607] ? lock_downgrade+0x920/0x920 [ 1492.140863][ T9607] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1492.146697][ T9607] ? oom_killer_disable+0x280/0x280 [ 1492.151931][ T9607] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1492.157497][ T9607] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1492.163164][ T9607] ? do_raw_spin_unlock+0x57/0x270 [ 1492.168321][ T9607] ? _raw_spin_unlock+0x23/0x30 [ 1492.173193][ T9607] try_charge+0x1053/0x1430 [ 1492.177733][ T9607] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1492.183294][ T9607] ? percpu_ref_tryget_live+0x104/0x270 [ 1492.188862][ T9607] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1492.194422][ T9607] mem_cgroup_try_charge+0x136/0x590 [ 1492.194442][ T9607] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1492.205457][ T9607] wp_page_copy+0x27c/0x1380 [ 1492.210070][ T9607] ? find_held_lock+0x35/0x130 [ 1492.214857][ T9607] ? pmd_pfn+0x1d0/0x1d0 [ 1492.219231][ T9607] ? lock_downgrade+0x920/0x920 [ 1492.224227][ T9607] ? swp_swapcount+0x520/0x520 [ 1492.229017][ T9607] ? __kasan_check_read+0x11/0x20 [ 1492.234062][ T9607] ? do_raw_spin_unlock+0x57/0x270 [ 1492.239313][ T9607] do_wp_page+0x499/0x14d0 [ 1492.243746][ T9607] ? finish_mkwrite_fault+0x570/0x570 [ 1492.249159][ T9607] __handle_mm_fault+0x2120/0x3ce0 [ 1492.249183][ T9607] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1492.249197][ T9607] ? handle_mm_fault+0x294/0xa90 [ 1492.249227][ T9607] ? handle_mm_fault+0x675/0xa90 [ 1492.249245][ T9607] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1492.249266][ T9607] handle_mm_fault+0x3bb/0xa90 [ 1492.280442][ T9607] __do_page_fault+0x536/0xdd0 [ 1492.285246][ T9607] do_page_fault+0x38/0x536 [ 1492.289769][ T9607] page_fault+0x39/0x40 [ 1492.293965][ T9607] RIP: 0033:0x430906 [ 1492.297897][ T9607] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1492.317522][ T9607] RSP: 002b:00007ffd27050550 EFLAGS: 00010206 [ 1492.323602][ T9607] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 23:13:11 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x0, 0x0, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:11 executing program 0: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = getpid() rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) ptrace(0x10, r0) ptrace$cont(0x9, r0, 0x0, 0x0) 23:13:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_buf(r1, 0x29, 0x0, 0x0, 0x0) [ 1492.331585][ T9607] RDX: 00005555568b7930 RSI: 00005555568bf970 RDI: 0000000000000003 [ 1492.339565][ T9607] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555568b6940 [ 1492.347554][ T9607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1492.355548][ T9607] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1492.363637][ T9607] memory: usage 1064kB, limit 0kB, failcnt 431476 [ 1492.370117][ T9607] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1492.376965][ T9607] Memory cgroup stats for /syz3: [ 1492.377086][ T9607] anon 0 [ 1492.377086][ T9607] file 172032 [ 1492.377086][ T9607] kernel_stack 0 [ 1492.377086][ T9607] slab 962560 [ 1492.377086][ T9607] sock 0 [ 1492.377086][ T9607] shmem 8192 [ 1492.377086][ T9607] file_mapped 0 [ 1492.377086][ T9607] file_dirty 135168 [ 1492.377086][ T9607] file_writeback 0 [ 1492.377086][ T9607] anon_thp 0 [ 1492.377086][ T9607] inactive_anon 0 [ 1492.377086][ T9607] active_anon 0 [ 1492.377086][ T9607] inactive_file 135168 [ 1492.377086][ T9607] active_file 118784 [ 1492.377086][ T9607] unevictable 0 [ 1492.377086][ T9607] slab_reclaimable 405504 [ 1492.377086][ T9607] slab_unreclaimable 557056 [ 1492.377086][ T9607] pgfault 106326 [ 1492.377086][ T9607] pgmajfault 0 [ 1492.377086][ T9607] workingset_refault 0 [ 1492.377086][ T9607] workingset_activate 0 [ 1492.377086][ T9607] workingset_nodereclaim 0 [ 1492.377086][ T9607] pgrefill 0 [ 1492.377086][ T9607] pgscan 0 [ 1492.377086][ T9607] pgsteal 0 [ 1492.377086][ T9607] pgactivate 0 23:13:11 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x0, 0x0, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:11 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, 0x0) [ 1492.471071][ T9607] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9607,uid=0 [ 1492.471171][ T9607] Memory cgroup out of memory: Killed process 9607 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1492.501557][ T1057] oom_reaper: reaped process 9607 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:13:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_buf(r1, 0x29, 0x0, 0x0, 0x0) 23:13:11 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, 0x0, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:11 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 23:13:11 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x0, 0x0, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_buf(r1, 0x29, 0x0, 0x0, 0x0) 23:13:11 executing program 5: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000001140)) 23:13:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000200)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010006081000414900000004fcff", 0x58}], 0x1) 23:13:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 23:13:12 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, 0x0, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:12 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 23:13:12 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x7c2bffaa, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x0, 0x0, @value}) 23:13:12 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') creat(&(0x7f0000000380)='./bus\x00', 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r0, 0x0) 23:13:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:12 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) [ 1493.754094][ T24] audit: type=1804 audit(1563837192.578:127): pid=9702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir228066716/syzkaller.fmk15y/1508/file0/bus" dev="ramfs" ino=161977 res=1 23:13:12 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$smack_current(r0, &(0x7f0000000140)='ramfs\x00', 0x6) ftruncate(r0, 0x8200) r1 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x12, r1, 0x0) readv(r1, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x3b6) mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3) 23:13:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) [ 1493.993687][ T24] audit: type=1804 audit(1563837192.818:128): pid=9709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir418511431/syzkaller.pgA9Cy/257/bus" dev="sda1" ino=17442 res=1 23:13:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:12 executing program 5: perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x400000000000000b, &(0x7f0000000200)=0x3ff, 0x4) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1a) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 1494.493964][ T24] audit: type=1804 audit(1563837193.318:129): pid=9702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir228066716/syzkaller.fmk15y/1508/file0/file0/bus" dev="ramfs" ino=162036 res=1 [ 1495.602040][ T9737] IPVS: ftp: loaded support on port[0] = 21 [ 1495.638735][T23434] device bridge_slave_1 left promiscuous mode [ 1495.645007][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1495.699364][T23434] device bridge_slave_0 left promiscuous mode [ 1495.705535][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1497.719554][T23434] device hsr_slave_0 left promiscuous mode [ 1497.759111][T23434] device hsr_slave_1 left promiscuous mode [ 1497.808683][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1497.824836][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1497.836278][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1497.892571][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1497.995913][T23434] bond0 (unregistering): Released all slaves [ 1498.141201][ T9737] chnl_net:caif_netlink_parms(): no params data found [ 1498.181574][ T9737] bridge0: port 1(bridge_slave_0) entered blocking state [ 1498.188781][ T9737] bridge0: port 1(bridge_slave_0) entered disabled state [ 1498.196464][ T9737] device bridge_slave_0 entered promiscuous mode [ 1498.204186][ T9737] bridge0: port 2(bridge_slave_1) entered blocking state [ 1498.211341][ T9737] bridge0: port 2(bridge_slave_1) entered disabled state [ 1498.219679][ T9737] device bridge_slave_1 entered promiscuous mode [ 1498.241952][ T9737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1498.252829][ T9737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1498.276270][ T9737] team0: Port device team_slave_0 added [ 1498.283934][ T9737] team0: Port device team_slave_1 added [ 1498.391758][ T9737] device hsr_slave_0 entered promiscuous mode [ 1498.428846][ T9737] device hsr_slave_1 entered promiscuous mode [ 1498.578503][ T9737] debugfs: Directory 'hsr0' with parent '/' already present! [ 1498.605068][ T9737] bridge0: port 2(bridge_slave_1) entered blocking state [ 1498.612218][ T9737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1498.619678][ T9737] bridge0: port 1(bridge_slave_0) entered blocking state [ 1498.626757][ T9737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1498.695954][ T9737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1498.718158][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1498.735032][ T454] bridge0: port 1(bridge_slave_0) entered disabled state [ 1498.743272][ T454] bridge0: port 2(bridge_slave_1) entered disabled state [ 1498.764783][ T9737] 8021q: adding VLAN 0 to HW filter on device team0 [ 1498.783624][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1498.792362][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 1498.799487][ T454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1498.849483][ T9737] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1498.860202][ T9737] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1498.876188][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1498.884888][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 1498.892022][ T454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1498.900990][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1498.909833][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1498.918350][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1498.926904][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1498.941426][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1498.950259][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1498.979605][ T9737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1499.113626][ T9745] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1499.190878][ T9745] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1499.201662][ T9745] CPU: 0 PID: 9745 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1499.209225][ T9745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1499.219296][ T9745] Call Trace: [ 1499.222619][ T9745] dump_stack+0x16f/0x1f0 [ 1499.226968][ T9745] dump_header+0x10b/0x831 [ 1499.231402][ T9745] oom_kill_process.cold+0x10/0x15 [ 1499.236529][ T9745] out_of_memory+0x79a/0x12d0 [ 1499.241218][ T9745] ? mark_held_locks+0xa4/0xf0 [ 1499.245992][ T9745] ? cgroup_file_notify+0x140/0x1b0 [ 1499.251204][ T9745] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1499.256670][ T9745] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1499.262140][ T9745] ? oom_killer_disable+0x280/0x280 [ 1499.267350][ T9745] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1499.273111][ T9745] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1499.278666][ T9745] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1499.284305][ T9745] ? retint_kernel+0x10/0x10 [ 1499.288919][ T9745] memory_max_write+0x262/0x3a0 [ 1499.293783][ T9745] ? mem_cgroup_write+0x360/0x360 [ 1499.298816][ T9745] ? lock_acquire+0x190/0x400 [ 1499.303501][ T9745] ? kernfs_fop_write+0x227/0x480 [ 1499.308541][ T9745] cgroup_file_write+0x307/0x790 [ 1499.313489][ T9745] ? mem_cgroup_write+0x360/0x360 [ 1499.318521][ T9745] ? cgroup_show_path+0x590/0x590 [ 1499.323563][ T9745] ? cgroup_show_path+0x590/0x590 [ 1499.328597][ T9745] kernfs_fop_write+0x2b8/0x480 [ 1499.333471][ T9745] __vfs_write+0x8a/0x110 [ 1499.337806][ T9745] ? kernfs_fop_open+0xd80/0xd80 [ 1499.342745][ T9745] vfs_write+0x268/0x5d0 [ 1499.346971][ T9745] ksys_write+0x14f/0x290 [ 1499.351294][ T9745] ? __ia32_sys_read+0xb0/0xb0 [ 1499.356054][ T9745] ? do_syscall_64+0x26/0x6a0 [ 1499.360728][ T9745] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1499.366784][ T9745] ? do_syscall_64+0x26/0x6a0 [ 1499.371473][ T9745] __x64_sys_write+0x73/0xb0 [ 1499.376072][ T9745] do_syscall_64+0xfd/0x6a0 [ 1499.380583][ T9745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1499.386467][ T9745] RIP: 0033:0x459829 [ 1499.390358][ T9745] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1499.409975][ T9745] RSP: 002b:00007f1a8d7fac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1499.418399][ T9745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1499.426373][ T9745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1499.434336][ T9745] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1499.442303][ T9745] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1a8d7fb6d4 [ 1499.450290][ T9745] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1499.458745][ T9745] memory: usage 3380kB, limit 0kB, failcnt 431477 [ 1499.465287][ T9745] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1499.472494][ T9745] Memory cgroup stats for /syz3: [ 1499.473391][ T9745] anon 2174976 [ 1499.473391][ T9745] file 172032 [ 1499.473391][ T9745] kernel_stack 0 [ 1499.473391][ T9745] slab 962560 [ 1499.473391][ T9745] sock 0 [ 1499.473391][ T9745] shmem 8192 [ 1499.473391][ T9745] file_mapped 0 [ 1499.473391][ T9745] file_dirty 135168 [ 1499.473391][ T9745] file_writeback 0 [ 1499.473391][ T9745] anon_thp 2097152 [ 1499.473391][ T9745] inactive_anon 0 [ 1499.473391][ T9745] active_anon 2174976 [ 1499.473391][ T9745] inactive_file 135168 [ 1499.473391][ T9745] active_file 118784 [ 1499.473391][ T9745] unevictable 0 [ 1499.473391][ T9745] slab_reclaimable 405504 [ 1499.473391][ T9745] slab_unreclaimable 557056 [ 1499.473391][ T9745] pgfault 106425 [ 1499.473391][ T9745] pgmajfault 0 [ 1499.473391][ T9745] workingset_refault 0 [ 1499.473391][ T9745] workingset_activate 0 [ 1499.473391][ T9745] workingset_nodereclaim 0 [ 1499.473391][ T9745] pgrefill 0 [ 1499.473391][ T9745] pgscan 0 [ 1499.473391][ T9745] pgsteal 0 [ 1499.473391][ T9745] pgactivate 0 [ 1499.569119][ T9745] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9744,uid=0 [ 1499.585018][ T9745] Memory cgroup out of memory: Killed process 9744 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1499.601089][ T1057] oom_reaper: reaped process 9744 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:13:18 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:18 executing program 1: ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000040)) 23:13:18 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:18 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_int(r0, 0x101, 0x0, &(0x7f0000000000), 0x4) 23:13:18 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) shutdown(r0, 0x1) recvmsg(r0, &(0x7f0000000140)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475}, 0x100) [ 1499.795412][ T9737] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1499.805737][ T9737] CPU: 1 PID: 9737 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1499.813286][ T9737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1499.823345][ T9737] Call Trace: [ 1499.826659][ T9737] dump_stack+0x16f/0x1f0 [ 1499.831001][ T9737] dump_header+0x10b/0x831 [ 1499.835426][ T9737] ? oom_kill_process+0x94/0x3c0 [ 1499.840375][ T9737] oom_kill_process.cold+0x10/0x15 23:13:18 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_int(r0, 0x101, 0x0, &(0x7f0000000000), 0x4) [ 1499.845497][ T9737] out_of_memory+0x79a/0x12d0 [ 1499.850182][ T9737] ? lock_downgrade+0x920/0x920 [ 1499.855053][ T9737] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1499.860874][ T9737] ? oom_killer_disable+0x280/0x280 [ 1499.866091][ T9737] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1499.871643][ T9737] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1499.877306][ T9737] ? do_raw_spin_unlock+0x57/0x270 [ 1499.882431][ T9737] ? _raw_spin_unlock+0x23/0x30 [ 1499.887292][ T9737] try_charge+0x1053/0x1430 23:13:18 executing program 1: ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000040)) [ 1499.891812][ T9737] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1499.897360][ T9737] ? percpu_ref_tryget_live+0x104/0x270 [ 1499.897386][ T9737] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1499.908462][ T9737] mem_cgroup_try_charge+0x136/0x590 [ 1499.908480][ T9737] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1499.908499][ T9737] __handle_mm_fault+0x1c63/0x3ce0 [ 1499.908519][ T9737] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1499.908539][ T9737] ? handle_mm_fault+0x294/0xa90 [ 1499.935012][ T9737] ? handle_mm_fault+0x675/0xa90 [ 1499.939967][ T9737] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1499.945362][ T9737] handle_mm_fault+0x3bb/0xa90 [ 1499.953793][ T9737] __do_page_fault+0x536/0xdd0 [ 1499.958576][ T9737] do_page_fault+0x38/0x536 [ 1499.963102][ T9737] page_fault+0x39/0x40 [ 1499.967257][ T9737] RIP: 0033:0x4034f2 [ 1499.971151][ T9737] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 1499.971159][ T9737] RSP: 002b:00007fff8cdd6ee0 EFLAGS: 00010246 [ 1499.971171][ T9737] RAX: 0000000000000000 RBX: 000000000016dff9 RCX: 0000000000413430 [ 1499.971179][ T9737] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff8cdd8010 [ 1499.971187][ T9737] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555561d0940 [ 1499.971204][ T9737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8cdd8010 [ 1500.028714][ T9737] R13: 00007fff8cdd8000 R14: 0000000000000000 R15: 00007fff8cdd8010 [ 1500.037318][ T9737] memory: usage 1052kB, limit 0kB, failcnt 431485 23:13:18 executing program 5: syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x0) memfd_create(0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x313}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x210c00, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x1) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x6c, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) [ 1500.043794][ T9737] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1500.050704][ T9737] Memory cgroup stats for /syz3: [ 1500.050822][ T9737] anon 0 [ 1500.050822][ T9737] file 172032 [ 1500.050822][ T9737] kernel_stack 0 [ 1500.050822][ T9737] slab 962560 [ 1500.050822][ T9737] sock 0 [ 1500.050822][ T9737] shmem 8192 [ 1500.050822][ T9737] file_mapped 0 [ 1500.050822][ T9737] file_dirty 135168 [ 1500.050822][ T9737] file_writeback 0 [ 1500.050822][ T9737] anon_thp 0 [ 1500.050822][ T9737] inactive_anon 0 [ 1500.050822][ T9737] active_anon 0 [ 1500.050822][ T9737] inactive_file 135168 23:13:18 executing program 1: ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000040)) [ 1500.050822][ T9737] active_file 118784 [ 1500.050822][ T9737] unevictable 0 [ 1500.050822][ T9737] slab_reclaimable 405504 [ 1500.050822][ T9737] slab_unreclaimable 557056 [ 1500.050822][ T9737] pgfault 106425 [ 1500.050822][ T9737] pgmajfault 0 [ 1500.050822][ T9737] workingset_refault 0 [ 1500.050822][ T9737] workingset_activate 0 [ 1500.050822][ T9737] workingset_nodereclaim 0 [ 1500.050822][ T9737] pgrefill 0 [ 1500.050822][ T9737] pgscan 0 [ 1500.050822][ T9737] pgsteal 0 [ 1500.050822][ T9737] pgactivate 0 [ 1500.144614][ T9737] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9737,uid=0 [ 1500.160060][ T9737] Memory cgroup out of memory: Killed process 9737 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1500.162271][ T1057] oom_reaper: reaped process 9737 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:13:19 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:19 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0185647, &(0x7f0000000180)={0x980004, 0x0, 0x0, [], 0x0}) 23:13:19 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:19 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) 23:13:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 23:13:19 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:20 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 23:13:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:20 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d", @ANYRESHEX]) 23:13:20 executing program 5: syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x0) memfd_create(0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x313}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x210c00, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x1) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x6c, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) 23:13:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 23:13:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:20 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:20 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:13:20 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) 23:13:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:20 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000040)) 23:13:20 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) 23:13:20 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000040)) [ 1501.928901][ T9822] hfs: can't find a HFS filesystem on dev loop2 23:13:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:21 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:13:21 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000040)) 23:13:21 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, 0x0) [ 1502.406918][ T9847] hfs: can't find a HFS filesystem on dev loop2 [ 1503.767530][ T9863] IPVS: ftp: loaded support on port[0] = 21 [ 1503.915522][ T9863] chnl_net:caif_netlink_parms(): no params data found [ 1504.017218][ T9863] bridge0: port 1(bridge_slave_0) entered blocking state [ 1504.024503][ T9863] bridge0: port 1(bridge_slave_0) entered disabled state [ 1504.032469][ T9863] device bridge_slave_0 entered promiscuous mode [ 1504.040708][ T9863] bridge0: port 2(bridge_slave_1) entered blocking state [ 1504.047752][ T9863] bridge0: port 2(bridge_slave_1) entered disabled state [ 1504.055682][ T9863] device bridge_slave_1 entered promiscuous mode [ 1504.073956][ T9863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1504.085529][ T9863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1504.095039][T23434] device bridge_slave_1 left promiscuous mode [ 1504.101471][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1504.159259][T23434] device bridge_slave_0 left promiscuous mode [ 1504.165447][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1506.239418][T23434] device hsr_slave_0 left promiscuous mode [ 1506.299253][T23434] device hsr_slave_1 left promiscuous mode [ 1506.346126][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1506.360618][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1506.373992][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1506.403239][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1506.486950][T23434] bond0 (unregistering): Released all slaves [ 1506.602683][ T9863] team0: Port device team_slave_0 added [ 1506.609795][ T9863] team0: Port device team_slave_1 added [ 1506.662221][ T9863] device hsr_slave_0 entered promiscuous mode [ 1506.718735][ T9863] device hsr_slave_1 entered promiscuous mode [ 1506.758495][ T9863] debugfs: Directory 'hsr0' with parent '/' already present! [ 1506.804976][ T9863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1506.856759][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1506.864671][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1506.875525][ T9863] 8021q: adding VLAN 0 to HW filter on device team0 [ 1506.889542][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1506.898195][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1506.907024][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 1506.914154][ T454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1506.921923][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1506.931887][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1506.940387][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 1506.947454][ T454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1506.957838][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1506.966173][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1506.981106][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1506.995884][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1507.006259][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1507.016949][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1507.030291][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1507.054086][ T9863] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1507.065169][ T9863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1507.078175][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1507.087094][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1507.095991][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1507.118829][ T9863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1507.234822][ T9871] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1507.333662][ T9871] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1507.344448][ T9871] CPU: 0 PID: 9871 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1507.352002][ T9871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1507.362060][ T9871] Call Trace: [ 1507.365364][ T9871] dump_stack+0x16f/0x1f0 [ 1507.369702][ T9871] dump_header+0x10b/0x831 [ 1507.374132][ T9871] oom_kill_process.cold+0x10/0x15 [ 1507.379259][ T9871] out_of_memory+0x79a/0x12d0 [ 1507.383947][ T9871] ? cgroup_file_notify+0x140/0x1b0 [ 1507.389158][ T9871] ? oom_killer_disable+0x280/0x280 [ 1507.394376][ T9871] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1507.399939][ T9871] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1507.405588][ T9871] ? cgroup_file_notify+0x140/0x1b0 [ 1507.410807][ T9871] memory_max_write+0x262/0x3a0 [ 1507.415703][ T9871] ? mem_cgroup_write+0x360/0x360 [ 1507.420760][ T9871] ? lock_acquire+0x190/0x400 [ 1507.425447][ T9871] ? kernfs_fop_write+0x227/0x480 [ 1507.430493][ T9871] cgroup_file_write+0x307/0x790 [ 1507.435461][ T9871] ? mem_cgroup_write+0x360/0x360 [ 1507.440508][ T9871] ? cgroup_show_path+0x590/0x590 [ 1507.445559][ T9871] ? cgroup_show_path+0x590/0x590 [ 1507.450774][ T9871] kernfs_fop_write+0x2b8/0x480 [ 1507.455905][ T9871] __vfs_write+0x8a/0x110 [ 1507.460244][ T9871] ? kernfs_fop_open+0xd80/0xd80 [ 1507.465201][ T9871] vfs_write+0x268/0x5d0 [ 1507.469463][ T9871] ksys_write+0x14f/0x290 [ 1507.473802][ T9871] ? __ia32_sys_read+0xb0/0xb0 [ 1507.478575][ T9871] ? do_syscall_64+0x26/0x6a0 [ 1507.483264][ T9871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1507.489342][ T9871] ? do_syscall_64+0x26/0x6a0 [ 1507.494048][ T9871] __x64_sys_write+0x73/0xb0 [ 1507.498649][ T9871] do_syscall_64+0xfd/0x6a0 [ 1507.503165][ T9871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1507.509061][ T9871] RIP: 0033:0x459829 [ 1507.512964][ T9871] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1507.532582][ T9871] RSP: 002b:00007f3d0af90c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1507.541009][ T9871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1507.548995][ T9871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1507.556988][ T9871] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1507.564998][ T9871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d0af916d4 [ 1507.573004][ T9871] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1507.586636][ T9871] memory: usage 3340kB, limit 0kB, failcnt 431486 [ 1507.593333][ T9871] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1507.600317][ T9871] Memory cgroup stats for /syz3: [ 1507.601684][ T9871] anon 2142208 [ 1507.601684][ T9871] file 172032 [ 1507.601684][ T9871] kernel_stack 65536 [ 1507.601684][ T9871] slab 827392 [ 1507.601684][ T9871] sock 0 [ 1507.601684][ T9871] shmem 8192 [ 1507.601684][ T9871] file_mapped 0 [ 1507.601684][ T9871] file_dirty 135168 [ 1507.601684][ T9871] file_writeback 0 [ 1507.601684][ T9871] anon_thp 2097152 [ 1507.601684][ T9871] inactive_anon 0 [ 1507.601684][ T9871] active_anon 2142208 [ 1507.601684][ T9871] inactive_file 135168 [ 1507.601684][ T9871] active_file 118784 [ 1507.601684][ T9871] unevictable 0 [ 1507.601684][ T9871] slab_reclaimable 270336 [ 1507.601684][ T9871] slab_unreclaimable 557056 [ 1507.601684][ T9871] pgfault 106491 [ 1507.601684][ T9871] pgmajfault 0 [ 1507.601684][ T9871] workingset_refault 0 [ 1507.601684][ T9871] workingset_activate 0 [ 1507.601684][ T9871] workingset_nodereclaim 0 [ 1507.601684][ T9871] pgrefill 0 [ 1507.601684][ T9871] pgscan 0 [ 1507.601684][ T9871] pgsteal 0 [ 1507.601684][ T9871] pgactivate 0 [ 1507.697692][ T9871] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9869,uid=0 [ 1507.713895][ T9871] Memory cgroup out of memory: Killed process 9869 (syz-executor.3) total-vm:72576kB, anon-rss:2180kB, file-rss:35804kB, shmem-rss:0kB [ 1507.735769][ T1057] oom_reaper: reaped process 9869 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:13:26 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:26 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:13:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 23:13:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, 0x0) 23:13:26 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) 23:13:26 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) [ 1507.867004][ T9863] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1507.877244][ T9863] CPU: 1 PID: 9863 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1507.884832][ T9863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1507.894901][ T9863] Call Trace: [ 1507.898214][ T9863] dump_stack+0x16f/0x1f0 [ 1507.902568][ T9863] dump_header+0x10b/0x831 [ 1507.907000][ T9863] ? oom_kill_process+0x94/0x3c0 [ 1507.911967][ T9863] oom_kill_process.cold+0x10/0x15 23:13:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, 0x0) [ 1507.917098][ T9863] out_of_memory+0x79a/0x12d0 [ 1507.921790][ T9863] ? lock_downgrade+0x920/0x920 [ 1507.926662][ T9863] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1507.932487][ T9863] ? oom_killer_disable+0x280/0x280 [ 1507.937705][ T9863] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1507.943347][ T9863] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1507.948995][ T9863] ? do_raw_spin_unlock+0x57/0x270 [ 1507.954121][ T9863] ? _raw_spin_unlock+0x23/0x30 [ 1507.958989][ T9863] try_charge+0x1053/0x1430 [ 1507.963506][ T9863] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1507.969060][ T9863] ? percpu_ref_tryget_live+0x104/0x270 [ 1507.974631][ T9863] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1507.980884][ T9863] mem_cgroup_try_charge+0x136/0x590 [ 1507.986185][ T9863] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1507.991849][ T9863] wp_page_copy+0x27c/0x1380 [ 1507.996459][ T9863] ? find_held_lock+0x35/0x130 [ 1508.001244][ T9863] ? pmd_pfn+0x1d0/0x1d0 [ 1508.005502][ T9863] ? lock_downgrade+0x920/0x920 [ 1508.010363][ T9863] ? swp_swapcount+0x520/0x520 [ 1508.015135][ T9863] ? __kasan_check_read+0x11/0x20 [ 1508.020158][ T9863] ? do_raw_spin_unlock+0x57/0x270 [ 1508.025270][ T9863] do_wp_page+0x499/0x14d0 [ 1508.029738][ T9863] ? finish_mkwrite_fault+0x570/0x570 [ 1508.035135][ T9863] __handle_mm_fault+0x2120/0x3ce0 [ 1508.041157][ T9863] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1508.046803][ T9863] ? handle_mm_fault+0x294/0xa90 [ 1508.051756][ T9863] ? handle_mm_fault+0x675/0xa90 [ 1508.056695][ T9863] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1508.061987][ T9863] handle_mm_fault+0x3bb/0xa90 [ 1508.066762][ T9863] __do_page_fault+0x536/0xdd0 [ 1508.071539][ T9863] do_page_fault+0x38/0x536 [ 1508.076143][ T9863] page_fault+0x39/0x40 [ 1508.080299][ T9863] RIP: 0033:0x430906 [ 1508.084193][ T9863] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1508.103837][ T9863] RSP: 002b:00007ffefdf765f0 EFLAGS: 00010206 [ 1508.109911][ T9863] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1508.117887][ T9863] RDX: 0000555555b67930 RSI: 0000555555b6f970 RDI: 0000000000000003 [ 1508.125862][ T9863] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555b66940 [ 1508.133833][ T9863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1508.141806][ T9863] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1508.150299][ T9863] memory: usage 1008kB, limit 0kB, failcnt 431494 [ 1508.156735][ T9863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1508.163635][ T9863] Memory cgroup stats for /syz3: [ 1508.163764][ T9863] anon 0 [ 1508.163764][ T9863] file 172032 [ 1508.163764][ T9863] kernel_stack 0 [ 1508.163764][ T9863] slab 827392 [ 1508.163764][ T9863] sock 0 [ 1508.163764][ T9863] shmem 8192 [ 1508.163764][ T9863] file_mapped 0 [ 1508.163764][ T9863] file_dirty 135168 [ 1508.163764][ T9863] file_writeback 0 [ 1508.163764][ T9863] anon_thp 0 [ 1508.163764][ T9863] inactive_anon 0 [ 1508.163764][ T9863] active_anon 0 [ 1508.163764][ T9863] inactive_file 135168 [ 1508.163764][ T9863] active_file 118784 [ 1508.163764][ T9863] unevictable 0 [ 1508.163764][ T9863] slab_reclaimable 270336 [ 1508.163764][ T9863] slab_unreclaimable 557056 [ 1508.163764][ T9863] pgfault 106491 [ 1508.163764][ T9863] pgmajfault 0 [ 1508.163764][ T9863] workingset_refault 0 [ 1508.163764][ T9863] workingset_activate 0 [ 1508.163764][ T9863] workingset_nodereclaim 0 [ 1508.163764][ T9863] pgrefill 0 [ 1508.163764][ T9863] pgscan 0 [ 1508.163764][ T9863] pgsteal 0 [ 1508.163764][ T9863] pgactivate 0 [ 1508.257637][ T9863] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9863,uid=0 [ 1508.257724][ T9863] Memory cgroup out of memory: Killed process 9863 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1508.258756][ T1057] oom_reaper: reaped process 9863 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:13:27 executing program 1: r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000003d00)={&(0x7f0000000380)=@can, 0x80, 0x0}, 0x0) 23:13:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) [ 1508.430704][ T9880] hfs: can't find a HFS filesystem on dev loop2 23:13:27 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000003c0), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) 23:13:27 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d"]) 23:13:27 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1508.875540][ T9905] hfs: unable to parse mount options 23:13:28 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 23:13:28 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:28 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d"]) 23:13:28 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) 23:13:28 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) [ 1509.415136][ T9920] hfs: unable to parse mount options 23:13:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:28 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:28 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:28 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769643d"]) 23:13:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:28 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1509.739987][ T9941] hfs: unable to parse mount options 23:13:28 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX]) 23:13:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0, 0x10000}, 0x28) 23:13:28 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1510.080888][ T9955] hfs: unable to parse mount options 23:13:29 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x28) 23:13:29 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000000180)='stat\x00') ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f00000000c0)="74ccae28c625e50a154c03adf3129cafb86c02456689eaac6ec3894ef4319891f388332d80f96f8e953f62ac90621c442d9f13cb914000944690f24344ca1bd9eb2da8fa1526a650270105e88a08113ea1aab123460f04fd7839975ff6e1d84f878e791a4cbb8e94acd65def7d50560130d978ba577ec2cf03d80d7585bb9e65a7e60e19f3bd6906fbb699d2e1e6a7f10759c6e8e4e7d218c7c0b7b823a2d6d58da5fc423acd8c8e78") preadv(r1, &(0x7f0000000700), 0x31f, 0x0) 23:13:29 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) 23:13:29 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX]) 23:13:29 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1510.780735][ T9973] hfs: unable to parse mount options [ 1511.732220][ T9988] IPVS: ftp: loaded support on port[0] = 21 [ 1511.881461][ T9988] chnl_net:caif_netlink_parms(): no params data found [ 1511.910075][ T9988] bridge0: port 1(bridge_slave_0) entered blocking state [ 1511.917140][ T9988] bridge0: port 1(bridge_slave_0) entered disabled state [ 1511.925310][ T9988] device bridge_slave_0 entered promiscuous mode [ 1512.006192][ T9988] bridge0: port 2(bridge_slave_1) entered blocking state [ 1512.013320][ T9988] bridge0: port 2(bridge_slave_1) entered disabled state [ 1512.021469][ T9988] device bridge_slave_1 entered promiscuous mode [ 1512.037631][ T9988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1512.050750][ T9988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1512.144608][ T9988] team0: Port device team_slave_0 added [ 1512.152297][ T9988] team0: Port device team_slave_1 added [ 1512.200646][ T9988] device hsr_slave_0 entered promiscuous mode [ 1512.238850][ T9988] device hsr_slave_1 entered promiscuous mode [ 1512.318647][ T9988] debugfs: Directory 'hsr0' with parent '/' already present! [ 1512.407618][ T9988] bridge0: port 2(bridge_slave_1) entered blocking state [ 1512.414753][ T9988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1512.422152][ T9988] bridge0: port 1(bridge_slave_0) entered blocking state [ 1512.429230][ T9988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1512.465744][ T9988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1512.559539][ T9988] 8021q: adding VLAN 0 to HW filter on device team0 [ 1512.567163][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1512.576847][ T454] bridge0: port 1(bridge_slave_0) entered disabled state [ 1512.584548][ T454] bridge0: port 2(bridge_slave_1) entered disabled state [ 1512.594826][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1512.606952][T23434] device bridge_slave_1 left promiscuous mode [ 1512.613284][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1512.649657][T23434] device bridge_slave_0 left promiscuous mode [ 1512.655993][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1514.688834][T23434] device hsr_slave_0 left promiscuous mode [ 1514.748591][T23434] device hsr_slave_1 left promiscuous mode [ 1514.796048][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1514.807378][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1514.821515][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1514.865233][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1514.936679][T23434] bond0 (unregistering): Released all slaves [ 1515.037315][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1515.045945][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 1515.053066][ T454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1515.068932][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1515.077555][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1515.086342][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1515.093490][ T9070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1515.101069][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1515.109990][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1515.127877][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1515.136591][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1515.145373][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1515.157461][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1515.166664][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1515.177759][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1515.186965][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1515.200151][ T9988] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1515.211235][ T9988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1515.219891][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1515.228531][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1515.298530][ T9988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1515.443950][ T9996] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1515.520420][ T9996] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1515.530920][ T9996] CPU: 1 PID: 9996 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1515.538484][ T9996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1515.548559][ T9996] Call Trace: [ 1515.551878][ T9996] dump_stack+0x16f/0x1f0 [ 1515.556241][ T9996] dump_header+0x10b/0x831 [ 1515.560682][ T9996] oom_kill_process.cold+0x10/0x15 [ 1515.565838][ T9996] out_of_memory+0x79a/0x12d0 [ 1515.570532][ T9996] ? cgroup_file_notify+0x140/0x1b0 [ 1515.575749][ T9996] ? oom_killer_disable+0x280/0x280 [ 1515.580974][ T9996] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1515.586540][ T9996] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1515.592195][ T9996] ? cgroup_file_notify+0x140/0x1b0 [ 1515.598206][ T9996] memory_max_write+0x262/0x3a0 [ 1515.603087][ T9996] ? mem_cgroup_write+0x360/0x360 [ 1515.608131][ T9996] ? cgroup_file_write+0x86/0x790 [ 1515.613203][ T9996] cgroup_file_write+0x307/0x790 [ 1515.618181][ T9996] ? mem_cgroup_write+0x360/0x360 [ 1515.623252][ T9996] ? cgroup_show_path+0x590/0x590 [ 1515.628308][ T9996] ? cgroup_show_path+0x590/0x590 [ 1515.633357][ T9996] kernfs_fop_write+0x2b8/0x480 [ 1515.638243][ T9996] __vfs_write+0x8a/0x110 [ 1515.642593][ T9996] ? kernfs_fop_open+0xd80/0xd80 [ 1515.647564][ T9996] vfs_write+0x268/0x5d0 [ 1515.651830][ T9996] ksys_write+0x14f/0x290 [ 1515.656169][ T9996] ? __ia32_sys_read+0xb0/0xb0 [ 1515.660950][ T9996] ? do_syscall_64+0x26/0x6a0 [ 1515.665649][ T9996] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1515.671737][ T9996] ? do_syscall_64+0x26/0x6a0 [ 1515.676433][ T9996] __x64_sys_write+0x73/0xb0 [ 1515.681041][ T9996] do_syscall_64+0xfd/0x6a0 [ 1515.685615][ T9996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1515.691510][ T9996] RIP: 0033:0x459829 [ 1515.695409][ T9996] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1515.715280][ T9996] RSP: 002b:00007fe2deae5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1515.723697][ T9996] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1515.731672][ T9996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1515.739646][ T9996] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1515.747626][ T9996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2deae66d4 [ 1515.755600][ T9996] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1515.765749][ T9996] memory: usage 3324kB, limit 0kB, failcnt 431495 [ 1515.774574][ T9996] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1515.781596][ T9996] Memory cgroup stats for /syz3: [ 1515.782633][ T9996] anon 2162688 [ 1515.782633][ T9996] file 172032 [ 1515.782633][ T9996] kernel_stack 0 [ 1515.782633][ T9996] slab 827392 [ 1515.782633][ T9996] sock 0 [ 1515.782633][ T9996] shmem 8192 [ 1515.782633][ T9996] file_mapped 0 [ 1515.782633][ T9996] file_dirty 135168 [ 1515.782633][ T9996] file_writeback 0 [ 1515.782633][ T9996] anon_thp 2097152 [ 1515.782633][ T9996] inactive_anon 0 [ 1515.782633][ T9996] active_anon 2162688 [ 1515.782633][ T9996] inactive_file 135168 [ 1515.782633][ T9996] active_file 118784 [ 1515.782633][ T9996] unevictable 0 [ 1515.782633][ T9996] slab_reclaimable 270336 [ 1515.782633][ T9996] slab_unreclaimable 557056 [ 1515.782633][ T9996] pgfault 106524 [ 1515.782633][ T9996] pgmajfault 0 [ 1515.782633][ T9996] workingset_refault 0 [ 1515.782633][ T9996] workingset_activate 0 [ 1515.782633][ T9996] workingset_nodereclaim 0 [ 1515.782633][ T9996] pgrefill 0 [ 1515.782633][ T9996] pgscan 0 [ 1515.782633][ T9996] pgsteal 0 [ 1515.782633][ T9996] pgactivate 0 [ 1515.878414][ T9996] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9995,uid=0 [ 1515.894301][ T9996] Memory cgroup out of memory: Killed process 9995 (syz-executor.3) total-vm:72576kB, anon-rss:2180kB, file-rss:35804kB, shmem-rss:0kB [ 1515.912347][ T1057] oom_reaper: reaped process 9995 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:13:34 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:34 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x28) 23:13:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:34 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x51}], 0x133, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)="74ccae28c625e50a154c03adf3129cafb86c02456689eaac6ec3894ef4319891f388332d80f96f8e953f62ac90621c442d9f13cb914000944690f24344ca1bd9eb2da8fa1526a650270105e88a08113ea1aab123460f04fd7839975ff6e1d84f878e791a4cbb8e94acd65def7d50560130d978ba577ec2cf03d80d7585bb9e65a7e60e19f3bd6906fbb699d2e1e6a7f10759c6e8e4e7d218c7c0b7b823a2d6d58da5fc423acd8c8e78") preadv(r0, &(0x7f0000000700), 0x31f, 0x0) 23:13:34 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX]) 23:13:34 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) [ 1516.052421][ T9988] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1516.062638][ T9988] CPU: 1 PID: 9988 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1516.070195][ T9988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1516.080266][ T9988] Call Trace: [ 1516.083567][ T9988] dump_stack+0x16f/0x1f0 [ 1516.087904][ T9988] dump_header+0x10b/0x831 [ 1516.092324][ T9988] ? oom_kill_process+0x94/0x3c0 [ 1516.097268][ T9988] oom_kill_process.cold+0x10/0x15 [ 1516.102387][ T9988] out_of_memory+0x79a/0x12d0 [ 1516.107064][ T9988] ? lock_downgrade+0x920/0x920 [ 1516.111919][ T9988] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1516.117723][ T9988] ? oom_killer_disable+0x280/0x280 [ 1516.122954][ T9988] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1516.128507][ T9988] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1516.134147][ T9988] ? do_raw_spin_unlock+0x57/0x270 [ 1516.139267][ T9988] ? _raw_spin_unlock+0x23/0x30 [ 1516.144118][ T9988] try_charge+0x1053/0x1430 [ 1516.148627][ T9988] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1516.154178][ T9988] ? percpu_ref_tryget_live+0x104/0x270 [ 1516.159743][ T9988] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1516.165295][ T9988] mem_cgroup_try_charge+0x136/0x590 [ 1516.170593][ T9988] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1516.176243][ T9988] wp_page_copy+0x27c/0x1380 [ 1516.180831][ T9988] ? find_held_lock+0x35/0x130 [ 1516.185596][ T9988] ? pmd_pfn+0x1d0/0x1d0 [ 1516.189835][ T9988] ? lock_downgrade+0x920/0x920 [ 1516.194687][ T9988] ? swp_swapcount+0x520/0x520 [ 1516.199456][ T9988] ? __kasan_check_read+0x11/0x20 [ 1516.204492][ T9988] ? do_raw_spin_unlock+0x57/0x270 [ 1516.209612][ T9988] do_wp_page+0x499/0x14d0 [ 1516.214050][ T9988] ? finish_mkwrite_fault+0x570/0x570 [ 1516.219445][ T9988] __handle_mm_fault+0x2120/0x3ce0 [ 1516.224578][ T9988] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1516.230136][ T9988] ? handle_mm_fault+0x294/0xa90 [ 1516.235119][ T9988] ? handle_mm_fault+0x675/0xa90 [ 1516.240072][ T9988] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1516.245380][ T9988] handle_mm_fault+0x3bb/0xa90 [ 1516.250165][ T9988] __do_page_fault+0x536/0xdd0 [ 1516.254953][ T9988] do_page_fault+0x38/0x536 [ 1516.259492][ T9988] page_fault+0x39/0x40 [ 1516.263654][ T9988] RIP: 0033:0x430906 [ 1516.267555][ T9988] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1516.287408][ T9988] RSP: 002b:00007ffee6913120 EFLAGS: 00010206 [ 1516.293490][ T9988] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1516.301485][ T9988] RDX: 0000555555a1d930 RSI: 0000555555a25970 RDI: 0000000000000003 [ 1516.309466][ T9988] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555a1c940 [ 1516.317457][ T9988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1516.325449][ T9988] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1516.333980][ T9988] memory: usage 992kB, limit 0kB, failcnt 431503 [ 1516.340372][ T9988] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1516.347238][ T9988] Memory cgroup stats for /syz3: 23:13:35 executing program 1: bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1516.347353][ T9988] anon 0 [ 1516.347353][ T9988] file 172032 [ 1516.347353][ T9988] kernel_stack 0 [ 1516.347353][ T9988] slab 827392 [ 1516.347353][ T9988] sock 0 [ 1516.347353][ T9988] shmem 8192 [ 1516.347353][ T9988] file_mapped 0 [ 1516.347353][ T9988] file_dirty 135168 [ 1516.347353][ T9988] file_writeback 0 [ 1516.347353][ T9988] anon_thp 0 [ 1516.347353][ T9988] inactive_anon 0 [ 1516.347353][ T9988] active_anon 0 [ 1516.347353][ T9988] inactive_file 135168 [ 1516.347353][ T9988] active_file 118784 [ 1516.347353][ T9988] unevictable 0 [ 1516.347353][ T9988] slab_reclaimable 270336 [ 1516.347353][ T9988] slab_unreclaimable 557056 [ 1516.347353][ T9988] pgfault 106524 [ 1516.347353][ T9988] pgmajfault 0 [ 1516.347353][ T9988] workingset_refault 0 [ 1516.347353][ T9988] workingset_activate 0 [ 1516.347353][ T9988] workingset_nodereclaim 0 [ 1516.347353][ T9988] pgrefill 0 [ 1516.347353][ T9988] pgscan 0 [ 1516.347353][ T9988] pgsteal 0 [ 1516.347353][ T9988] pgactivate 0 23:13:35 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(aes)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) [ 1516.441228][ T9988] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9988,uid=0 [ 1516.456678][ T9988] Memory cgroup out of memory: Killed process 9988 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1516.478999][ T1057] oom_reaper: reaped process 9988 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:13:35 executing program 1: bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1516.508177][T10010] hfs: unable to parse mount options 23:13:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) 23:13:35 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRESHEX]) 23:13:35 executing program 1: bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1516.913503][T10037] hfs: unable to parse mount options 23:13:36 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:36 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:36 executing program 0: 23:13:36 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRESHEX]) 23:13:36 executing program 5: 23:13:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x28) 23:13:36 executing program 0: [ 1517.531006][T10054] hfs: unable to parse mount options 23:13:36 executing program 5: 23:13:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x10000}, 0x28) 23:13:36 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRESHEX]) 23:13:36 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:36 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:36 executing program 5: 23:13:36 executing program 0: [ 1517.911898][T10072] hfs: unable to parse mount options 23:13:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x10000}, 0x28) 23:13:36 executing program 5: openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x8142, 0x0) 23:13:36 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030", @ANYRESHEX]) 23:13:36 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xa536b678) link(&(0x7f0000000380)='./file0\x00', &(0x7f00000007c0)='./file1/file0\x00') 23:13:37 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x10000}, 0x28) 23:13:37 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1518.303728][T10098] hfs: unable to parse mount options 23:13:37 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000180)={[], 0x0, 0x6, 0x7}) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, 0x0) 23:13:37 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030", @ANYRESHEX]) [ 1518.704417][T10121] hfs: unable to parse mount options [ 1519.948053][T10128] IPVS: ftp: loaded support on port[0] = 21 [ 1520.089669][T10128] chnl_net:caif_netlink_parms(): no params data found [ 1520.193268][T10128] bridge0: port 1(bridge_slave_0) entered blocking state [ 1520.202436][T10128] bridge0: port 1(bridge_slave_0) entered disabled state [ 1520.210652][T10128] device bridge_slave_0 entered promiscuous mode [ 1520.218285][T10128] bridge0: port 2(bridge_slave_1) entered blocking state [ 1520.225441][T10128] bridge0: port 2(bridge_slave_1) entered disabled state [ 1520.233209][T10128] device bridge_slave_1 entered promiscuous mode [ 1520.253523][T10128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1520.338830][T10128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1520.360855][T10128] team0: Port device team_slave_0 added [ 1520.367502][T10128] team0: Port device team_slave_1 added [ 1520.421794][T10128] device hsr_slave_0 entered promiscuous mode [ 1520.459839][T10128] device hsr_slave_1 entered promiscuous mode [ 1520.498822][T10128] debugfs: Directory 'hsr0' with parent '/' already present! [ 1520.583484][T10128] bridge0: port 2(bridge_slave_1) entered blocking state [ 1520.590610][T10128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1520.597987][T10128] bridge0: port 1(bridge_slave_0) entered blocking state [ 1520.605106][T10128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1520.643390][T10128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1520.654026][T23434] device bridge_slave_1 left promiscuous mode [ 1520.660350][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1520.679411][T23434] device bridge_slave_0 left promiscuous mode [ 1520.685571][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1522.728806][T23434] device hsr_slave_0 left promiscuous mode [ 1522.778614][T23434] device hsr_slave_1 left promiscuous mode [ 1522.829612][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1522.842998][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1522.854320][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1522.884905][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1522.957115][T23434] bond0 (unregistering): Released all slaves [ 1523.059089][T10128] 8021q: adding VLAN 0 to HW filter on device team0 [ 1523.066171][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1523.077189][T20827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1523.085348][T20827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1523.097621][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1523.118475][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1523.127249][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1523.136313][ T4577] bridge0: port 1(bridge_slave_0) entered blocking state [ 1523.143485][ T4577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1523.154347][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1523.163265][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1523.172078][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 1523.179220][ T454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1523.231176][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1523.259372][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1523.268153][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1523.277012][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1523.285580][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1523.294625][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1523.303293][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1523.311819][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1523.320264][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1523.328959][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1523.350549][T10128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1523.371605][T10128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1523.379367][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1523.495970][T10136] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1523.572910][T10137] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1523.583455][T10137] CPU: 0 PID: 10137 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1523.591099][T10137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1523.601160][T10137] Call Trace: [ 1523.604473][T10137] dump_stack+0x16f/0x1f0 [ 1523.608822][T10137] dump_header+0x10b/0x831 [ 1523.613247][T10137] oom_kill_process.cold+0x10/0x15 [ 1523.618372][T10137] out_of_memory+0x79a/0x12d0 [ 1523.623063][T10137] ? cgroup_file_notify+0x140/0x1b0 [ 1523.628270][T10137] ? oom_killer_disable+0x280/0x280 [ 1523.633492][T10137] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1523.639057][T10137] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1523.644714][T10137] ? cgroup_file_notify+0x140/0x1b0 [ 1523.649939][T10137] memory_max_write+0x262/0x3a0 [ 1523.654807][T10137] ? mem_cgroup_write+0x360/0x360 [ 1523.659841][T10137] ? lock_acquire+0x190/0x400 [ 1523.664519][T10137] ? kernfs_fop_write+0x227/0x480 [ 1523.669560][T10137] cgroup_file_write+0x307/0x790 [ 1523.674516][T10137] ? mem_cgroup_write+0x360/0x360 [ 1523.679554][T10137] ? cgroup_show_path+0x590/0x590 [ 1523.684617][T10137] ? cgroup_show_path+0x590/0x590 [ 1523.690099][T10137] kernfs_fop_write+0x2b8/0x480 [ 1523.694967][T10137] __vfs_write+0x8a/0x110 [ 1523.699297][T10137] ? kernfs_fop_open+0xd80/0xd80 [ 1523.704242][T10137] vfs_write+0x268/0x5d0 [ 1523.708496][T10137] ksys_write+0x14f/0x290 [ 1523.712829][T10137] ? __ia32_sys_read+0xb0/0xb0 [ 1523.717599][T10137] ? do_syscall_64+0x26/0x6a0 [ 1523.722288][T10137] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1523.728360][T10137] ? do_syscall_64+0x26/0x6a0 [ 1523.733051][T10137] __x64_sys_write+0x73/0xb0 [ 1523.737652][T10137] do_syscall_64+0xfd/0x6a0 [ 1523.742181][T10137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1523.748080][T10137] RIP: 0033:0x459829 [ 1523.751987][T10137] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1523.771777][T10137] RSP: 002b:00007f5e471c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1523.780202][T10137] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1523.788177][T10137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1523.796150][T10137] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1523.804129][T10137] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e471c96d4 [ 1523.812105][T10137] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1523.820209][T10137] memory: usage 3344kB, limit 0kB, failcnt 431504 [ 1523.826628][T10137] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1523.833527][T10137] Memory cgroup stats for /syz3: [ 1523.833660][T10137] anon 2191360 [ 1523.833660][T10137] file 172032 [ 1523.833660][T10137] kernel_stack 65536 [ 1523.833660][T10137] slab 827392 [ 1523.833660][T10137] sock 0 [ 1523.833660][T10137] shmem 8192 [ 1523.833660][T10137] file_mapped 0 [ 1523.833660][T10137] file_dirty 135168 [ 1523.833660][T10137] file_writeback 0 [ 1523.833660][T10137] anon_thp 2097152 [ 1523.833660][T10137] inactive_anon 0 [ 1523.833660][T10137] active_anon 2191360 [ 1523.833660][T10137] inactive_file 135168 [ 1523.833660][T10137] active_file 118784 [ 1523.833660][T10137] unevictable 0 [ 1523.833660][T10137] slab_reclaimable 270336 [ 1523.833660][T10137] slab_unreclaimable 557056 [ 1523.833660][T10137] pgfault 106590 [ 1523.833660][T10137] pgmajfault 0 [ 1523.833660][T10137] workingset_refault 0 [ 1523.833660][T10137] workingset_activate 0 [ 1523.833660][T10137] workingset_nodereclaim 0 [ 1523.833660][T10137] pgrefill 0 [ 1523.833660][T10137] pgscan 0 23:13:42 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:42 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x1b, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504", 0x0, 0x10000}, 0x28) 23:13:42 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:42 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fff}, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='nfs\x00', 0x0, &(0x7f000000a000)) [ 1523.833660][T10137] pgsteal 0 [ 1523.833660][T10137] pgactivate 0 [ 1523.929483][T10137] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10135,uid=0 [ 1523.945031][T10137] Memory cgroup out of memory: Killed process 10135 (syz-executor.3) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1523.960612][ T1057] oom_reaper: reaped process 10135 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:13:42 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030", @ANYRESHEX]) 23:13:42 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x1000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCDELDLCI(r1, 0x8982, 0x0) [ 1524.033435][T10128] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1524.044023][T10128] CPU: 1 PID: 10128 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1524.051760][T10128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1524.061840][T10128] Call Trace: [ 1524.065146][T10128] dump_stack+0x16f/0x1f0 [ 1524.069484][T10128] dump_header+0x10b/0x831 [ 1524.073899][T10128] ? oom_kill_process+0x94/0x3c0 [ 1524.078837][T10128] oom_kill_process.cold+0x10/0x15 [ 1524.083954][T10128] out_of_memory+0x79a/0x12d0 [ 1524.088636][T10128] ? lock_downgrade+0x920/0x920 [ 1524.093506][T10128] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1524.099334][T10128] ? oom_killer_disable+0x280/0x280 [ 1524.104566][T10128] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1524.110128][T10128] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1524.115778][T10128] ? do_raw_spin_unlock+0x57/0x270 [ 1524.120903][T10128] ? _raw_spin_unlock+0x23/0x30 [ 1524.125766][T10128] try_charge+0x1053/0x1430 [ 1524.130286][T10128] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1524.135843][T10128] ? percpu_ref_tryget_live+0x104/0x270 [ 1524.141409][T10128] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1524.146963][T10128] mem_cgroup_try_charge+0x136/0x590 [ 1524.152275][T10128] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1524.157917][T10128] wp_page_copy+0x27c/0x1380 [ 1524.162507][T10128] ? find_held_lock+0x35/0x130 [ 1524.167276][T10128] ? pmd_pfn+0x1d0/0x1d0 [ 1524.171527][T10128] ? lock_downgrade+0x920/0x920 [ 1524.176390][T10128] ? swp_swapcount+0x520/0x520 [ 1524.181156][T10128] ? __kasan_check_read+0x11/0x20 [ 1524.186181][T10128] ? do_raw_spin_unlock+0x57/0x270 [ 1524.191295][T10128] do_wp_page+0x499/0x14d0 [ 1524.195716][T10128] ? finish_mkwrite_fault+0x570/0x570 [ 1524.201098][T10128] __handle_mm_fault+0x2120/0x3ce0 [ 1524.206215][T10128] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1524.211765][T10128] ? handle_mm_fault+0x294/0xa90 [ 1524.216709][T10128] ? handle_mm_fault+0x675/0xa90 [ 1524.221645][T10128] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1524.226939][T10128] handle_mm_fault+0x3bb/0xa90 [ 1524.231707][T10128] __do_page_fault+0x536/0xdd0 [ 1524.236480][T10128] do_page_fault+0x38/0x536 [ 1524.241070][T10128] page_fault+0x39/0x40 [ 1524.245218][T10128] RIP: 0033:0x430906 [ 1524.249120][T10128] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1524.268733][T10128] RSP: 002b:00007fffb53334c0 EFLAGS: 00010206 [ 1524.274812][T10128] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1524.282790][T10128] RDX: 0000555555f41930 RSI: 0000555555f49970 RDI: 0000000000000003 [ 1524.290780][T10128] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555f40940 [ 1524.298758][T10128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1524.306744][T10128] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1524.315398][T10128] memory: usage 964kB, limit 0kB, failcnt 431516 [ 1524.321799][T10128] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1524.328772][T10128] Memory cgroup stats for /syz3: [ 1524.328876][T10128] anon 45056 [ 1524.328876][T10128] file 172032 [ 1524.328876][T10128] kernel_stack 0 [ 1524.328876][T10128] slab 827392 [ 1524.328876][T10128] sock 0 [ 1524.328876][T10128] shmem 8192 [ 1524.328876][T10128] file_mapped 0 [ 1524.328876][T10128] file_dirty 135168 [ 1524.328876][T10128] file_writeback 0 [ 1524.328876][T10128] anon_thp 0 [ 1524.328876][T10128] inactive_anon 0 [ 1524.328876][T10128] active_anon 45056 [ 1524.328876][T10128] inactive_file 135168 [ 1524.328876][T10128] active_file 118784 [ 1524.328876][T10128] unevictable 0 [ 1524.328876][T10128] slab_reclaimable 270336 [ 1524.328876][T10128] slab_unreclaimable 557056 [ 1524.328876][T10128] pgfault 106623 [ 1524.328876][T10128] pgmajfault 0 [ 1524.328876][T10128] workingset_refault 0 [ 1524.328876][T10128] workingset_activate 0 [ 1524.328876][T10128] workingset_nodereclaim 0 [ 1524.328876][T10128] pgrefill 0 [ 1524.328876][T10128] pgscan 0 [ 1524.328876][T10128] pgsteal 0 [ 1524.328876][T10128] pgactivate 0 23:13:43 executing program 5: ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000000)={'ip6_vti0\x00', 0x4}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000040)={0x0, 0x0, 0x401}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x0, {0x0, 0x0, 0x1, 0x0, 0x9}}, 0xe) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) 23:13:43 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:43 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000340)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000400)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1, [{{0xa, 0x0, 0x0, @rand_addr="6f10ba9f1b5529f027dce0794c5ea4f9"}}]}, 0x10c) [ 1524.423421][T10128] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10128,uid=0 [ 1524.438917][T10128] Memory cgroup out of memory: Killed process 10128 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1524.456665][ T1057] oom_reaper: reaped process 10128 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 1524.501938][T10145] hfs: unable to parse mount options 23:13:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/241, 0x10}], 0x20000000000002f4) write$uinput_user_dev(r0, &(0x7f0000000dc0)={'syz1\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 23:13:43 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x1b, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504", 0x0, 0x10000}, 0x28) 23:13:43 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c75", @ANYRESHEX]) [ 1524.685410][T10174] input: syz1 as /devices/virtual/input/input116 [ 1524.932135][T10186] hfs: unable to parse mount options 23:13:44 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:44 executing program 5: ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000000)={'ip6_vti0\x00', 0x4}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000040)={0x0, 0x0, 0x401}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x0, {0x0, 0x0, 0x1, 0x0, 0x9}}, 0xe) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) 23:13:44 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x1b, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504", 0x0, 0x10000}, 0x28) 23:13:44 executing program 0: ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000000)={'ip6_vti0\x00', 0x4}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000040)={0x0, 0x0, 0x401}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x0, {0x0, 0x0, 0x1, 0x0, 0x9}}, 0xe) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) 23:13:44 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c75", @ANYRESHEX]) 23:13:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:44 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000040)=""/11, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$TCSETX(r1, 0x5433, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000013) [ 1525.406915][T10199] hfs: unable to parse mount options 23:13:44 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:44 executing program 5: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x4000001, 0x182) r1 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f00000000c0)) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x20000000) read(0xffffffffffffffff, &(0x7f0000000080)=""/63, 0x3f) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0xfffffffffffffe65) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) 23:13:44 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x29, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf2439", 0x0, 0x10000}, 0x28) 23:13:44 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c75", @ANYRESHEX]) 23:13:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 1525.800609][ T2510] blk_update_request: I/O error, dev loop5, sector 1032 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 23:13:44 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x29, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf2439", 0x0, 0x10000}, 0x28) [ 1525.841047][T10223] hfs: unable to parse mount options 23:13:44 executing program 5: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x4000001, 0x182) r1 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f00000000c0)) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x20000000) read(0xffffffffffffffff, &(0x7f0000000080)=""/63, 0x3f) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0xfffffffffffffe65) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) 23:13:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:44 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) 23:13:44 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d303030303030303030303030", @ANYRESHEX]) 23:13:45 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x29, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf2439", 0x0, 0x10000}, 0x28) 23:13:45 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) [ 1526.308952][T10254] hfs: unable to parse mount options [ 1527.824909][T10269] IPVS: ftp: loaded support on port[0] = 21 [ 1528.043372][T10269] chnl_net:caif_netlink_parms(): no params data found [ 1528.074691][T10269] bridge0: port 1(bridge_slave_0) entered blocking state [ 1528.081851][T10269] bridge0: port 1(bridge_slave_0) entered disabled state [ 1528.089917][T10269] device bridge_slave_0 entered promiscuous mode [ 1528.097623][T10269] bridge0: port 2(bridge_slave_1) entered blocking state [ 1528.104782][T10269] bridge0: port 2(bridge_slave_1) entered disabled state [ 1528.112609][T10269] device bridge_slave_1 entered promiscuous mode [ 1528.205856][T10269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1528.217183][T10269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1528.315671][T10269] team0: Port device team_slave_0 added [ 1528.323091][T10269] team0: Port device team_slave_1 added [ 1528.370395][T10269] device hsr_slave_0 entered promiscuous mode [ 1528.408967][T10269] device hsr_slave_1 entered promiscuous mode [ 1528.468565][T10269] debugfs: Directory 'hsr0' with parent '/' already present! [ 1528.477044][T23434] device bridge_slave_1 left promiscuous mode [ 1528.483410][T23434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1528.519956][T23434] device bridge_slave_0 left promiscuous mode [ 1528.526142][T23434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1530.588862][T23434] device hsr_slave_0 left promiscuous mode [ 1530.628611][T23434] device hsr_slave_1 left promiscuous mode [ 1530.676123][T23434] team0 (unregistering): Port device team_slave_1 removed [ 1530.690785][T23434] team0 (unregistering): Port device team_slave_0 removed [ 1530.703761][T23434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1530.744697][T23434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1530.816875][T23434] bond0 (unregistering): Released all slaves [ 1530.931372][T10269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1530.947293][T10269] 8021q: adding VLAN 0 to HW filter on device team0 [ 1530.955523][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1530.963343][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1530.976033][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1530.984907][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1530.993342][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 1531.000589][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1531.083643][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1531.091780][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1531.100538][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1531.109382][ T8236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1531.116448][ T8236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1531.124199][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1531.133159][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1531.141962][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1531.150745][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1531.159310][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1531.168050][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1531.181643][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1531.189906][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1531.198293][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1531.206680][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1531.215514][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1531.226501][T10269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1531.264368][T10269] 8021q: adding VLAN 0 to HW filter on device batadv0 23:13:50 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:50 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:50 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) 23:13:50 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d303030303030303030303030", @ANYRESHEX]) 23:13:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x30, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08", 0x0, 0x10000}, 0x28) 23:13:50 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") sendto$inet(r0, 0x0, 0x2ec, 0x20000003, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendmsg$inet(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000140)="1a", 0x1}], 0x1, &(0x7f0000000500)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8}}], 0x18}, 0x0) [ 1531.428719][T10278] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1531.550184][T10285] hfs: unable to parse mount options 23:13:50 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d303030303030303030303030", @ANYRESHEX]) 23:13:50 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) 23:13:50 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x30, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08", 0x0, 0x10000}, 0x28) 23:13:50 executing program 5: [ 1531.754410][T10294] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1531.765052][T10294] CPU: 1 PID: 10294 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1531.772691][T10294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1531.772699][T10294] Call Trace: [ 1531.772727][T10294] dump_stack+0x16f/0x1f0 [ 1531.772753][T10294] dump_header+0x10b/0x831 [ 1531.772775][T10294] oom_kill_process.cold+0x10/0x15 [ 1531.772794][T10294] out_of_memory+0x79a/0x12d0 [ 1531.772814][T10294] ? cgroup_file_notify+0x140/0x1b0 [ 1531.772834][T10294] ? oom_killer_disable+0x280/0x280 [ 1531.772866][T10294] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1531.786196][T10294] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1531.826198][T10294] ? cgroup_file_notify+0x140/0x1b0 [ 1531.831417][T10294] memory_max_write+0x262/0x3a0 [ 1531.836282][T10294] ? mem_cgroup_write+0x360/0x360 [ 1531.841322][T10294] ? lock_acquire+0x190/0x400 [ 1531.846009][T10294] ? kernfs_fop_write+0x227/0x480 [ 1531.851048][T10294] cgroup_file_write+0x307/0x790 [ 1531.856000][T10294] ? mem_cgroup_write+0x360/0x360 [ 1531.861035][T10294] ? cgroup_show_path+0x590/0x590 [ 1531.866079][T10294] ? cgroup_show_path+0x590/0x590 [ 1531.871108][T10294] kernfs_fop_write+0x2b8/0x480 [ 1531.875983][T10294] __vfs_write+0x8a/0x110 [ 1531.880321][T10294] ? kernfs_fop_open+0xd80/0xd80 [ 1531.885271][T10294] vfs_write+0x268/0x5d0 [ 1531.889532][T10294] ksys_write+0x14f/0x290 [ 1531.893873][T10294] ? __ia32_sys_read+0xb0/0xb0 [ 1531.898646][T10294] ? do_syscall_64+0x26/0x6a0 [ 1531.903333][T10294] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1531.909411][T10294] ? do_syscall_64+0x26/0x6a0 [ 1531.914107][T10294] __x64_sys_write+0x73/0xb0 [ 1531.918713][T10294] do_syscall_64+0xfd/0x6a0 [ 1531.923242][T10294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1531.929142][T10294] RIP: 0033:0x459829 [ 1531.933059][T10294] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1531.952677][T10294] RSP: 002b:00007f7ad920ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1531.961112][T10294] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1531.969100][T10294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1531.977084][T10294] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1531.985070][T10294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7ad920f6d4 [ 1531.993043][T10294] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1532.007625][T10294] memory: usage 3392kB, limit 0kB, failcnt 431517 [ 1532.014205][T10294] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1532.021216][T10294] Memory cgroup stats for /syz3: [ 1532.022346][T10294] anon 2252800 [ 1532.022346][T10294] file 172032 [ 1532.022346][T10294] kernel_stack 0 [ 1532.022346][T10294] slab 827392 [ 1532.022346][T10294] sock 0 [ 1532.022346][T10294] shmem 8192 [ 1532.022346][T10294] file_mapped 0 [ 1532.022346][T10294] file_dirty 135168 [ 1532.022346][T10294] file_writeback 0 [ 1532.022346][T10294] anon_thp 2097152 [ 1532.022346][T10294] inactive_anon 0 [ 1532.022346][T10294] active_anon 2187264 [ 1532.022346][T10294] inactive_file 135168 [ 1532.022346][T10294] active_file 118784 [ 1532.022346][T10294] unevictable 0 [ 1532.022346][T10294] slab_reclaimable 270336 [ 1532.022346][T10294] slab_unreclaimable 557056 [ 1532.022346][T10294] pgfault 106755 [ 1532.022346][T10294] pgmajfault 0 [ 1532.022346][T10294] workingset_refault 0 [ 1532.022346][T10294] workingset_activate 0 [ 1532.022346][T10294] workingset_nodereclaim 0 [ 1532.022346][T10294] pgrefill 0 [ 1532.022346][T10294] pgscan 0 [ 1532.022346][T10294] pgsteal 0 [ 1532.022346][T10294] pgactivate 0 [ 1532.119121][T10294] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10292,uid=0 [ 1532.135108][T10294] Memory cgroup out of memory: Killed process 10292 (syz-executor.3) total-vm:72572kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1532.152514][ T1057] oom_reaper: reaped process 10292 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 23:13:51 executing program 5: [ 1532.202190][T10305] hfs: unable to parse mount options 23:13:51 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:13:51 executing program 0: syz_emit_ethernet(0x0, 0x0, 0x0) 23:13:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 23:13:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x30, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08", 0x0, 0x10000}, 0x28) 23:13:51 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d3030303030303030303030303030303030303030", @ANYRESHEX]) 23:13:51 executing program 5: [ 1532.596175][T10325] hfs: unable to parse mount options 23:13:51 executing program 0: syz_emit_ethernet(0x0, 0x0, 0x0) 23:13:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x33, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42", 0x0, 0x10000}, 0x28) 23:13:51 executing program 5: 23:13:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, 0x0, 0x0) 23:13:51 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d3030303030303030303030303030303030303030", @ANYRESHEX]) 23:13:51 executing program 0: syz_emit_ethernet(0x0, 0x0, 0x0) [ 1533.105527][T10348] hfs: unable to parse mount options 23:14:51 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:14:51 executing program 5: 23:14:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, 0x0, 0x0) 23:14:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x33, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42", 0x0, 0x10000}, 0x28) 23:14:51 executing program 0: syz_emit_ethernet(0x0, &(0x7f0000000200)=ANY=[], 0x0) 23:14:51 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d3030303030303030303030303030303030303030", @ANYRESHEX]) 23:14:51 executing program 5: [ 1592.905882][T10362] hfs: unable to parse mount options 23:14:51 executing program 0: syz_emit_ethernet(0x0, &(0x7f0000000200)=ANY=[], 0x0) 23:14:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, 0x0, 0x0) 23:14:51 executing program 5: 23:14:51 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c", @ANYRESHEX]) 23:14:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x33, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42", 0x0, 0x10000}, 0x28) [ 1593.321975][T10385] hfs: unable to parse mount options [ 1594.609211][T23426] device bridge_slave_1 left promiscuous mode [ 1594.615427][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1594.669338][T23426] device bridge_slave_0 left promiscuous mode [ 1594.675498][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1596.668924][T23426] device hsr_slave_0 left promiscuous mode [ 1596.708601][T23426] device hsr_slave_1 left promiscuous mode [ 1596.769886][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1596.782996][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1596.794419][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1596.822893][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1596.908568][T23426] bond0 (unregistering): Released all slaves [ 1597.019122][T10392] IPVS: ftp: loaded support on port[0] = 21 [ 1597.097557][T10392] chnl_net:caif_netlink_parms(): no params data found [ 1597.127122][T10392] bridge0: port 1(bridge_slave_0) entered blocking state [ 1597.134331][T10392] bridge0: port 1(bridge_slave_0) entered disabled state [ 1597.142401][T10392] device bridge_slave_0 entered promiscuous mode [ 1597.150322][T10392] bridge0: port 2(bridge_slave_1) entered blocking state [ 1597.157358][T10392] bridge0: port 2(bridge_slave_1) entered disabled state [ 1597.165353][T10392] device bridge_slave_1 entered promiscuous mode [ 1597.188221][T10392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1597.199459][T10392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1597.270254][T10392] team0: Port device team_slave_0 added [ 1597.277790][T10392] team0: Port device team_slave_1 added [ 1597.331762][T10392] device hsr_slave_0 entered promiscuous mode [ 1597.368966][T10392] device hsr_slave_1 entered promiscuous mode [ 1597.518521][T10392] debugfs: Directory 'hsr0' with parent '/' already present! [ 1597.556460][T10392] bridge0: port 2(bridge_slave_1) entered blocking state [ 1597.563633][T10392] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1597.571122][T10392] bridge0: port 1(bridge_slave_0) entered blocking state [ 1597.578220][T10392] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1597.632626][T10392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1597.647315][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1597.656855][ T9070] bridge0: port 1(bridge_slave_0) entered disabled state [ 1597.672428][ T9070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1597.690788][T10392] 8021q: adding VLAN 0 to HW filter on device team0 [ 1597.702843][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1597.711558][ T9070] bridge0: port 1(bridge_slave_0) entered blocking state [ 1597.718692][ T9070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1597.750491][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1597.759052][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1597.766123][ T9070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1597.774844][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1597.783834][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1597.792571][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1597.804042][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1597.812042][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1597.830622][T10392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1597.854793][T10392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1598.004393][T10400] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1598.080930][T10400] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1598.091627][T10400] CPU: 1 PID: 10400 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1598.099275][T10400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1598.109338][T10400] Call Trace: [ 1598.112646][T10400] dump_stack+0x16f/0x1f0 [ 1598.116988][T10400] dump_header+0x10b/0x831 [ 1598.121420][T10400] oom_kill_process.cold+0x10/0x15 [ 1598.126552][T10400] out_of_memory+0x79a/0x12d0 [ 1598.131263][T10400] ? cgroup_file_notify+0x140/0x1b0 [ 1598.136492][T10400] ? oom_killer_disable+0x280/0x280 [ 1598.141720][T10400] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1598.147292][T10400] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1598.152954][T10400] ? cgroup_file_notify+0x140/0x1b0 [ 1598.158176][T10400] memory_max_write+0x262/0x3a0 [ 1598.163052][T10400] ? mem_cgroup_write+0x360/0x360 [ 1598.168093][T10400] ? mem_cgroup_write+0x360/0x360 [ 1598.173141][T10400] cgroup_file_write+0x307/0x790 [ 1598.178106][T10400] ? mem_cgroup_write+0x360/0x360 [ 1598.183148][T10400] ? cgroup_show_path+0x590/0x590 [ 1598.188186][T10400] ? lock_is_held_type+0x27f/0x320 [ 1598.193327][T10400] ? cgroup_show_path+0x590/0x590 [ 1598.198368][T10400] kernfs_fop_write+0x2b8/0x480 [ 1598.203419][T10400] __vfs_write+0x8a/0x110 [ 1598.207762][T10400] ? kernfs_fop_open+0xd80/0xd80 [ 1598.212728][T10400] vfs_write+0x268/0x5d0 [ 1598.217005][T10400] ksys_write+0x14f/0x290 [ 1598.221884][T10400] ? __ia32_sys_read+0xb0/0xb0 [ 1598.226677][T10400] ? do_syscall_64+0x26/0x6a0 [ 1598.231381][T10400] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.237474][T10400] ? do_syscall_64+0x26/0x6a0 [ 1598.242182][T10400] __x64_sys_write+0x73/0xb0 [ 1598.246803][T10400] do_syscall_64+0xfd/0x6a0 [ 1598.251345][T10400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.257249][T10400] RIP: 0033:0x459829 [ 1598.261175][T10400] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1598.280889][T10400] RSP: 002b:00007f985e93ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1598.289316][T10400] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1598.297310][T10400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1598.305318][T10400] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1598.313310][T10400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f985e93b6d4 [ 1598.321300][T10400] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1598.331002][T10400] memory: usage 3356kB, limit 0kB, failcnt 647419 [ 1598.337516][T10400] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1598.344462][T10400] Memory cgroup stats for /syz3: [ 1598.344955][T10400] anon 2195456 [ 1598.344955][T10400] file 172032 [ 1598.344955][T10400] kernel_stack 65536 [ 1598.344955][T10400] slab 827392 [ 1598.344955][T10400] sock 0 [ 1598.344955][T10400] shmem 8192 [ 1598.344955][T10400] file_mapped 0 [ 1598.344955][T10400] file_dirty 135168 [ 1598.344955][T10400] file_writeback 0 [ 1598.344955][T10400] anon_thp 2097152 [ 1598.344955][T10400] inactive_anon 0 [ 1598.344955][T10400] active_anon 2195456 [ 1598.344955][T10400] inactive_file 135168 [ 1598.344955][T10400] active_file 118784 [ 1598.344955][T10400] unevictable 0 [ 1598.344955][T10400] slab_reclaimable 270336 [ 1598.344955][T10400] slab_unreclaimable 557056 [ 1598.344955][T10400] pgfault 106821 [ 1598.344955][T10400] pgmajfault 0 [ 1598.344955][T10400] workingset_refault 0 [ 1598.344955][T10400] workingset_activate 0 [ 1598.344955][T10400] workingset_nodereclaim 0 [ 1598.344955][T10400] pgrefill 0 [ 1598.344955][T10400] pgscan 0 [ 1598.344955][T10400] pgsteal 0 [ 1598.344955][T10400] pgactivate 0 [ 1598.440882][T10400] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10399,uid=0 [ 1598.456963][T10400] Memory cgroup out of memory: Killed process 10399 (syz-executor.3) total-vm:72576kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1598.474548][ T1057] oom_reaper: reaped process 10399 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:14:57 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:14:57 executing program 5: 23:14:57 executing program 1: 23:14:57 executing program 0: syz_emit_ethernet(0x0, &(0x7f0000000200)=ANY=[], 0x0) 23:14:57 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c", @ANYRESHEX]) 23:14:57 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x35, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc", 0x0, 0x10000}, 0x28) [ 1598.655130][T10392] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1598.665187][T10392] CPU: 0 PID: 10392 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1598.672828][T10392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1598.682893][T10392] Call Trace: [ 1598.686215][T10392] dump_stack+0x16f/0x1f0 [ 1598.690663][T10392] dump_header+0x10b/0x831 [ 1598.695093][T10392] ? oom_kill_process+0x94/0x3c0 [ 1598.700125][T10392] oom_kill_process.cold+0x10/0x15 [ 1598.705250][T10392] out_of_memory+0x79a/0x12d0 [ 1598.709937][T10392] ? lock_downgrade+0x920/0x920 [ 1598.714810][T10392] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.720626][T10392] ? oom_killer_disable+0x280/0x280 [ 1598.725840][T10392] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1598.731388][T10392] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1598.737028][T10392] ? do_raw_spin_unlock+0x57/0x270 [ 1598.742145][T10392] ? _raw_spin_unlock+0x23/0x30 [ 1598.747026][T10392] try_charge+0x1053/0x1430 [ 1598.751536][T10392] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1598.757079][T10392] ? percpu_ref_tryget_live+0x104/0x270 [ 1598.762635][T10392] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1598.768286][T10392] mem_cgroup_try_charge+0x136/0x590 [ 1598.773574][T10392] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1598.779206][T10392] wp_page_copy+0x27c/0x1380 [ 1598.783795][T10392] ? find_held_lock+0x35/0x130 [ 1598.788572][T10392] ? pmd_pfn+0x1d0/0x1d0 [ 1598.792809][T10392] ? lock_downgrade+0x920/0x920 [ 1598.797661][T10392] ? swp_swapcount+0x520/0x520 [ 1598.802433][T10392] ? __kasan_check_read+0x11/0x20 [ 1598.807456][T10392] ? do_raw_spin_unlock+0x57/0x270 [ 1598.812574][T10392] do_wp_page+0x499/0x14d0 [ 1598.816993][T10392] ? finish_mkwrite_fault+0x570/0x570 [ 1598.822373][T10392] __handle_mm_fault+0x2120/0x3ce0 [ 1598.827485][T10392] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1598.833030][T10392] ? handle_mm_fault+0x294/0xa90 [ 1598.837992][T10392] ? handle_mm_fault+0x675/0xa90 [ 1598.842947][T10392] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1598.848257][T10392] handle_mm_fault+0x3bb/0xa90 [ 1598.853037][T10392] __do_page_fault+0x536/0xdd0 [ 1598.857816][T10392] do_page_fault+0x38/0x536 [ 1598.862355][T10392] page_fault+0x39/0x40 [ 1598.866509][T10392] RIP: 0033:0x430906 [ 1598.870425][T10392] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1598.890040][T10392] RSP: 002b:00007ffcc7472900 EFLAGS: 00010206 [ 1598.896112][T10392] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1598.904090][T10392] RDX: 0000555556060930 RSI: 0000555556068970 RDI: 0000000000000003 [ 1598.912070][T10392] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555605f940 [ 1598.920045][T10392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1598.928035][T10392] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1598.938985][T10392] memory: usage 1024kB, limit 0kB, failcnt 647427 [ 1598.946117][T10392] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1598.953029][T10392] Memory cgroup stats for /syz3: [ 1598.953137][T10392] anon 0 [ 1598.953137][T10392] file 172032 [ 1598.953137][T10392] kernel_stack 65536 [ 1598.953137][T10392] slab 827392 [ 1598.953137][T10392] sock 0 [ 1598.953137][T10392] shmem 8192 [ 1598.953137][T10392] file_mapped 0 [ 1598.953137][T10392] file_dirty 135168 [ 1598.953137][T10392] file_writeback 0 [ 1598.953137][T10392] anon_thp 0 [ 1598.953137][T10392] inactive_anon 0 [ 1598.953137][T10392] active_anon 0 [ 1598.953137][T10392] inactive_file 135168 [ 1598.953137][T10392] active_file 118784 [ 1598.953137][T10392] unevictable 0 [ 1598.953137][T10392] slab_reclaimable 270336 [ 1598.953137][T10392] slab_unreclaimable 557056 [ 1598.953137][T10392] pgfault 106821 [ 1598.953137][T10392] pgmajfault 0 [ 1598.953137][T10392] workingset_refault 0 [ 1598.953137][T10392] workingset_activate 0 [ 1598.953137][T10392] workingset_nodereclaim 0 [ 1598.953137][T10392] pgrefill 0 [ 1598.953137][T10392] pgscan 0 [ 1598.953137][T10392] pgsteal 0 [ 1598.953137][T10392] pgactivate 0 [ 1598.956090][T10408] hfs: unable to parse mount options 23:14:57 executing program 5: 23:14:57 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) [ 1598.958099][T10392] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10392,uid=0 [ 1599.074459][T10392] Memory cgroup out of memory: Killed process 10392 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1599.089191][ T1057] oom_reaper: reaped process 10392 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:14:57 executing program 1: 23:14:58 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c", @ANYRESHEX]) 23:14:58 executing program 5: 23:14:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x35, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc", 0x0, 0x10000}, 0x28) [ 1599.439002][T10425] hfs: unable to parse mount options 23:14:58 executing program 1: 23:14:58 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) 23:14:58 executing program 5: 23:14:58 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769", @ANYRESHEX]) 23:14:58 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r2, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:14:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x35, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc", 0x0, 0x10000}, 0x28) 23:14:58 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) 23:14:58 executing program 5: [ 1599.998589][T10441] hfs: unable to parse mount options 23:14:58 executing program 1: 23:14:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x36, 0x0, &(0x7f00000000c0)="5c71f905cac413551b2ac06c86dde096f96fbd6e1cdfd27d7fb504df5028210520ffff2c8961cf243915fece7af1af08a29a42f2fc3e", 0x0}, 0x28) 23:14:58 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r2, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:14:59 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769", @ANYRESHEX]) 23:14:59 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd00"], 0x0) 23:14:59 executing program 5: 23:14:59 executing program 1: 23:14:59 executing program 4: perf_event_open(&(0x7f00000006c0)={0x2, 0x70, 0x85a, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15}, &(0x7f0000000080)) [ 1600.407672][T10462] hfs: unable to parse mount options 23:14:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") clone(0x1fffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 23:14:59 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c6769", @ANYRESHEX]) 23:14:59 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd00"], 0x0) 23:14:59 executing program 5: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="d3d2b93c38f19c0400cd8034"], 0xc}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYBLOB="90048b1769bddd3186c76aea56c2a39727b975d7979bdfb49f6e68dadd7b0b35cf6453007a00b16543b6e9ccb93d85dd781d19eb72e7bbacb4560a5823951cb40cc14611739c58ba8588ba1a998a9783497cbda850350a256800bed304bb6e9f1cfd72128ff9231a20d0e85f10079c9ae44972f3d1f22a5d0ffd5b219b6a5f7886b0426a0a380fb348c855b3", @ANYRESOCT, @ANYRES64], 0x0, 0xc5, 0x25}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 23:14:59 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) ioctl$void(r0, 0x5450) [ 1600.764072][T10477] hfs: unable to parse mount options 23:14:59 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) [ 1600.818534][T10486] ptrace attach of "/root/syz-executor.5"[10485] was attempted by "/root/syz-executor.5"[10486] [ 1602.329688][T23426] device bridge_slave_1 left promiscuous mode [ 1602.335941][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1602.379490][T23426] device bridge_slave_0 left promiscuous mode [ 1602.385763][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1604.438977][T23426] device hsr_slave_0 left promiscuous mode [ 1604.478584][T23426] device hsr_slave_1 left promiscuous mode [ 1604.526666][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1604.540480][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1604.553395][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1604.585213][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1604.656563][T23426] bond0 (unregistering): Released all slaves [ 1604.766081][T10500] IPVS: ftp: loaded support on port[0] = 21 [ 1604.839161][T10500] chnl_net:caif_netlink_parms(): no params data found [ 1604.875735][T10500] bridge0: port 1(bridge_slave_0) entered blocking state [ 1604.882907][T10500] bridge0: port 1(bridge_slave_0) entered disabled state [ 1604.890992][T10500] device bridge_slave_0 entered promiscuous mode [ 1604.898978][T10500] bridge0: port 2(bridge_slave_1) entered blocking state [ 1604.906045][T10500] bridge0: port 2(bridge_slave_1) entered disabled state [ 1604.914151][T10500] device bridge_slave_1 entered promiscuous mode [ 1604.930498][T10500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1604.941255][T10500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1604.965937][T10500] team0: Port device team_slave_0 added [ 1604.973316][T10500] team0: Port device team_slave_1 added [ 1605.021838][T10500] device hsr_slave_0 entered promiscuous mode [ 1605.068795][T10500] device hsr_slave_1 entered promiscuous mode [ 1605.138508][T10500] debugfs: Directory 'hsr0' with parent '/' already present! [ 1605.205997][T10500] bridge0: port 2(bridge_slave_1) entered blocking state [ 1605.213130][T10500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1605.220592][T10500] bridge0: port 1(bridge_slave_0) entered blocking state [ 1605.227696][T10500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1605.297373][T10500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1605.322724][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1605.334737][ T8236] bridge0: port 1(bridge_slave_0) entered disabled state [ 1605.346368][ T8236] bridge0: port 2(bridge_slave_1) entered disabled state [ 1605.370379][T10500] 8021q: adding VLAN 0 to HW filter on device team0 [ 1605.407394][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1605.415962][ T8236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1605.423079][ T8236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1605.431072][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1605.439586][ T8236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1605.446639][ T8236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1605.470603][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1605.493034][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1605.501309][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1605.523748][T10500] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1605.534419][T10500] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1605.547446][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1605.556248][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1605.577777][T10500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1605.588259][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1605.712406][T10508] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 23:15:04 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r2, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:15:04 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd00"], 0x0) 23:15:04 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c676964", @ANYRESHEX]) 23:15:04 executing program 4: 23:15:04 executing program 5: close(0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='auxv\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000280), 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 23:15:04 executing program 1: close(0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='auxv\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000280)=0x1000000032, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 23:15:04 executing program 4: close(0xffffffffffffffff) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) [ 1605.851851][T10517] hfs: unable to parse mount options 23:15:04 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb000000"], 0x0) 23:15:04 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c676964", @ANYRESHEX]) 23:15:05 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x301c81, 0x0) close(r0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='auxv\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r1 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3f, &(0x7f0000000280)=0x1000000032, 0x4) connect$inet(r1, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 23:15:05 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb000000"], 0x0) [ 1606.232060][T10540] hfs: unable to parse mount options 23:15:05 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x301c81, 0x0) close(r0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='auxv\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000280)=0x1000000032, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 23:15:05 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, 0x0, 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:15:05 executing program 4: openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000340)='trusted.overlay.redirect\x00', &(0x7f00000003c0)='./file0\x00', 0x8, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x800) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 23:15:05 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c676964", @ANYRESHEX]) 23:15:05 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb000000"], 0x0) 23:15:05 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, 0x0, 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:15:05 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) [ 1606.744334][T10569] hfs: unable to parse mount options 23:15:05 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(r0, 0x0) 23:15:05 executing program 4: openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000340)='trusted.overlay.redirect\x00', &(0x7f00000003c0)='./file0\x00', 0x8, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x800) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 23:15:05 executing program 2: socket(0x10, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) unshare(0x20600) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0xfffffffffffffed8) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(&(0x7f0000000100)=""/59, 0x3b, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) accept4(r0, &(0x7f0000000200)=@ipx, &(0x7f00000000c0)=0x80, 0x80000) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1bf4e12a8bf51cd7ce23b9a62878309917bff853c25a047c7b32084b9039814e3d17fe60a055413d0c6ab4548190dbdb34c"]) 23:15:05 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x20, 0x1) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0x0, 0x0, "70b534d96435e4b370c9aa7a2a0165b85b8b835831b4b4b75036740bcc40b23c10d153cd24be2bcb9a6f717fe0996593633da6df610a7c77aaa69a93d6ea05f9884f41f7ce3a8a4ffb542979b706fc7ec6240bc0d6339c6ecce6aa083c9076c09954bcf92e3bc22e65c2ae5b55380f8f7703e9b31b8d9b7ee0aaf9e7cf5eb10a0ae1899de32567a4b2626306957ca21f0115d85dc5b6b49cef2af16a30b07768b17a7dc094f73e4dc09cd1781afcc2921f064f1892b9c4269f9fcac32f050df5de7a22da259faa8fbc790414b05e133b19eeb52aab47bf01f12bafc5ae3562e4f1539dae1023a293564acef670259bffba28d9c6432e6335c68a449c2e7c168f"}}}, 0x120) 23:15:05 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, 0x0, 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:15:05 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) 23:15:06 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(r0, 0x0) 23:15:06 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:15:06 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x20, 0x1) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0x0, 0x0, "70b534d96435e4b370c9aa7a2a0165b85b8b835831b4b4b75036740bcc40b23c10d153cd24be2bcb9a6f717fe0996593633da6df610a7c77aaa69a93d6ea05f9884f41f7ce3a8a4ffb542979b706fc7ec6240bc0d6339c6ecce6aa083c9076c09954bcf92e3bc22e65c2ae5b55380f8f7703e9b31b8d9b7ee0aaf9e7cf5eb10a0ae1899de32567a4b2626306957ca21f0115d85dc5b6b49cef2af16a30b07768b17a7dc094f73e4dc09cd1781afcc2921f064f1892b9c4269f9fcac32f050df5de7a22da259faa8fbc790414b05e133b19eeb52aab47bf01f12bafc5ae3562e4f1539dae1023a293564acef670259bffba28d9c6432e6335c68a449c2e7c168f"}}}, 0x120) 23:15:06 executing program 2: socket(0x10, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) unshare(0x20600) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0xfffffffffffffed8) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(&(0x7f0000000100)=""/59, 0x3b, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) accept4(r0, &(0x7f0000000200)=@ipx, &(0x7f00000000c0)=0x80, 0x80000) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1bf4e12a8bf51cd7ce23b9a62878309917bff853c25a047c7b32084b9039814e3d17fe60a055413d0c6ab4548190dbdb34c"]) 23:15:06 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(r0, 0x0) 23:15:06 executing program 4: openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000340)='trusted.overlay.redirect\x00', &(0x7f00000003c0)='./file0\x00', 0x8, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x800) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 23:15:06 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) [ 1607.654110][T10614] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1607.667065][T10614] CPU: 1 PID: 10614 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1607.674715][T10614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1607.684778][T10614] Call Trace: [ 1607.688089][T10614] dump_stack+0x16f/0x1f0 [ 1607.692447][T10614] dump_header+0x10b/0x831 [ 1607.696891][T10614] oom_kill_process.cold+0x10/0x15 23:15:06 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) [ 1607.702199][T10614] out_of_memory+0x79a/0x12d0 [ 1607.706899][T10614] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1607.712549][T10614] ? cgroup_file_notify+0x140/0x1b0 [ 1607.717770][T10614] ? oom_killer_disable+0x280/0x280 [ 1607.722997][T10614] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1607.728564][T10614] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1607.734317][T10614] ? cgroup_file_notify+0x140/0x1b0 [ 1607.739535][T10614] memory_max_write+0x262/0x3a0 [ 1607.744507][T10614] ? mem_cgroup_write+0x360/0x360 [ 1607.749554][T10614] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1607.755039][T10614] cgroup_file_write+0x307/0x790 [ 1607.760002][T10614] ? mem_cgroup_write+0x360/0x360 [ 1607.765043][T10614] ? cgroup_show_path+0x590/0x590 [ 1607.770082][T10614] ? kernfs_ops+0x9f/0x110 [ 1607.770102][T10614] ? __sanitizer_cov_trace_pc+0x20/0x50 [ 1607.770120][T10614] ? cgroup_show_path+0x590/0x590 [ 1607.770135][T10614] kernfs_fop_write+0x2b8/0x480 [ 1607.770160][T10614] __vfs_write+0x8a/0x110 [ 1607.794311][T10614] ? kernfs_fop_open+0xd80/0xd80 [ 1607.799260][T10614] vfs_write+0x268/0x5d0 23:15:06 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800"], 0x0) [ 1607.803515][T10614] ksys_write+0x14f/0x290 [ 1607.807853][T10614] ? __ia32_sys_read+0xb0/0xb0 [ 1607.812630][T10614] ? do_syscall_64+0x26/0x6a0 [ 1607.817315][T10614] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1607.823384][T10614] ? do_syscall_64+0x26/0x6a0 [ 1607.828077][T10614] __x64_sys_write+0x73/0xb0 [ 1607.832678][T10614] do_syscall_64+0xfd/0x6a0 [ 1607.837195][T10614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1607.837209][T10614] RIP: 0033:0x459829 [ 1607.837233][T10614] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1607.847001][T10614] RSP: 002b:00007eff4e1b3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1607.875079][T10614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1607.883064][T10614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1607.891050][T10614] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:15:06 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(r0, 0x0) [ 1607.899815][T10614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff4e1b46d4 [ 1607.899824][T10614] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1607.899975][T10614] memory: usage 3748kB, limit 0kB, failcnt 647428 [ 1607.922677][T10614] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1607.929623][T10614] Memory cgroup stats for /syz3: [ 1607.930398][T10614] anon 2289664 [ 1607.930398][T10614] file 172032 [ 1607.930398][T10614] kernel_stack 65536 [ 1607.930398][T10614] slab 1236992 [ 1607.930398][T10614] sock 0 [ 1607.930398][T10614] shmem 8192 [ 1607.930398][T10614] file_mapped 0 [ 1607.930398][T10614] file_dirty 135168 [ 1607.930398][T10614] file_writeback 0 [ 1607.930398][T10614] anon_thp 2097152 [ 1607.930398][T10614] inactive_anon 0 [ 1607.930398][T10614] active_anon 2215936 [ 1607.930398][T10614] inactive_file 135168 [ 1607.930398][T10614] active_file 118784 [ 1607.930398][T10614] unevictable 0 [ 1607.930398][T10614] slab_reclaimable 405504 [ 1607.930398][T10614] slab_unreclaimable 831488 [ 1607.930398][T10614] pgfault 107250 [ 1607.930398][T10614] pgmajfault 0 [ 1607.930398][T10614] workingset_refault 0 [ 1607.930398][T10614] workingset_activate 0 [ 1607.930398][T10614] workingset_nodereclaim 0 [ 1607.930398][T10614] pgrefill 0 [ 1607.930398][T10614] pgscan 0 [ 1607.930398][T10614] pgsteal 0 [ 1607.930398][T10614] pgactivate 0 [ 1608.026780][T10614] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10610,uid=0 [ 1608.044587][T10614] Memory cgroup out of memory: Killed process 10610 (syz-executor.3) total-vm:72572kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 1608.063080][ T1057] oom_reaper: reaped process 10610 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 23:15:06 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800"], 0x0) [ 1608.135868][T10629] gfs2: not a GFS2 filesystem 23:15:07 executing program 2: socket(0x10, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) unshare(0x20600) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) fstat(0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) getsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0xfffffffffffffed8) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(&(0x7f0000000100)=""/59, 0x3b, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1bf4e12a8bf51cd7ce23b9a62878309917bff853c25a047c7b32084b9039814e3d17fe60a055413d0c6ab4548190dbdb34c5c50e54b45e863f9f2258ebd340afaae39015a395f7526"]) [ 1608.236990][T10629] gfs2: not a GFS2 filesystem 23:15:07 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:15:07 executing program 4: openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000340)='trusted.overlay.redirect\x00', &(0x7f00000003c0)='./file0\x00', 0x8, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x800) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 23:15:07 executing program 1: ftruncate(0xffffffffffffffff, 0x0) 23:15:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800"], 0x0) 23:15:07 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:15:07 executing program 1: ftruncate(0xffffffffffffffff, 0x0) 23:15:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800"], 0x0) [ 1608.590023][T10658] gfs2: not a GFS2 filesystem 23:15:07 executing program 1: ftruncate(0xffffffffffffffff, 0x0) 23:15:07 executing program 2: socket(0x10, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) unshare(0x20600) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) fstat(0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) getsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0xfffffffffffffed8) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(&(0x7f0000000100)=""/59, 0x3b, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1bf4e12a8bf51cd7ce23b9a62878309917bff853c25a047c7b32084b9039814e3d17fe60a055413d0c6ab4548190dbdb34c5c50e54b45e863f9f2258ebd340afaae39015a395f7526"]) 23:15:07 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:15:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800"], 0x0) 23:15:07 executing program 4: socket(0x10, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) unshare(0x20600) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) fstat(0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0xfffffffffffffed8) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(&(0x7f0000000100)=""/59, 0x3b, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f00000000c0)=0x80, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1"]) [ 1609.028191][T10678] gfs2: not a GFS2 filesystem 23:16:07 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:16:07 executing program 4: socket(0x10, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) unshare(0x20600) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) fstat(0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0xfffffffffffffed8) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(&(0x7f0000000100)=""/59, 0x3b, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000200)=@ipx, &(0x7f00000000c0)=0x80, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1"]) 23:16:07 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ftruncate(r0, 0x0) 23:16:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) connect$inet6(r0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x800010b, 0x18) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) getgid() getgroups(0xfffffffffffffd2d, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e6661", 0xa}], 0x0, 0x0) r1 = open(0x0, 0x0, 0x0) fchdir(r1) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0xfffffef6) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) 23:16:07 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800"], 0x0) 23:16:07 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ftruncate(r0, 0x0) [ 1668.678509][T10698] gfs2: not a GFS2 filesystem 23:16:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb000000002000000002000000000000000000000008006558000000"], 0x0) 23:16:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb000000002000000002000000000000000000000008006558000000"], 0x0) 23:16:07 executing program 5: syz_mount_image$gfs2(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:07 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ftruncate(r0, 0x0) 23:16:07 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500005800000000002f9078ac14ffaafdffffffb401880b0000000000000800000086dd0000005700000000100000000100000000000000080022eb000000002000000002000000000000000000000008006558000000"], 0x0) [ 1670.499760][T23426] device bridge_slave_1 left promiscuous mode [ 1670.506074][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1670.570645][T23426] device bridge_slave_0 left promiscuous mode [ 1670.576852][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1672.589332][T23426] device hsr_slave_0 left promiscuous mode [ 1672.628573][T23426] device hsr_slave_1 left promiscuous mode [ 1672.676184][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1672.687069][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1672.700241][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1672.762462][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1672.846993][T23426] bond0 (unregistering): Released all slaves [ 1672.926873][T10739] IPVS: ftp: loaded support on port[0] = 21 [ 1673.002616][T10739] chnl_net:caif_netlink_parms(): no params data found [ 1673.039708][T10739] bridge0: port 1(bridge_slave_0) entered blocking state [ 1673.046785][T10739] bridge0: port 1(bridge_slave_0) entered disabled state [ 1673.054624][T10739] device bridge_slave_0 entered promiscuous mode [ 1673.062328][T10739] bridge0: port 2(bridge_slave_1) entered blocking state [ 1673.069469][T10739] bridge0: port 2(bridge_slave_1) entered disabled state [ 1673.077215][T10739] device bridge_slave_1 entered promiscuous mode [ 1673.157972][T10739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1673.169739][T10739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1673.205770][T10739] team0: Port device team_slave_0 added [ 1673.213267][T10739] team0: Port device team_slave_1 added [ 1673.391670][T10739] device hsr_slave_0 entered promiscuous mode [ 1673.629202][T10739] device hsr_slave_1 entered promiscuous mode [ 1673.788588][T10739] debugfs: Directory 'hsr0' with parent '/' already present! [ 1673.808144][T10739] bridge0: port 2(bridge_slave_1) entered blocking state [ 1673.815289][T10739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1673.822696][T10739] bridge0: port 1(bridge_slave_0) entered blocking state [ 1673.829813][T10739] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1673.876882][T10739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1673.890437][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1673.901805][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state [ 1673.910636][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state [ 1673.935148][T10739] 8021q: adding VLAN 0 to HW filter on device team0 [ 1673.946131][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1673.955072][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1673.963652][ T4577] bridge0: port 1(bridge_slave_0) entered blocking state [ 1673.970789][ T4577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1674.001408][T10739] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1674.012129][T10739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1674.024937][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1674.033976][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1674.043477][ T4577] bridge0: port 2(bridge_slave_1) entered blocking state [ 1674.050596][ T4577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1674.058333][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1674.067191][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1674.076081][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1674.084623][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1674.093165][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1674.102052][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1674.110795][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1674.119370][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1674.127731][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1674.136216][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1674.148182][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1674.156374][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1674.175051][T10739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1674.292935][T10748] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1674.370758][T10748] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1674.381366][T10748] CPU: 0 PID: 10748 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1674.389010][T10748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1674.399248][T10748] Call Trace: [ 1674.402562][T10748] dump_stack+0x16f/0x1f0 [ 1674.406896][T10748] dump_header+0x10b/0x831 [ 1674.411334][T10748] oom_kill_process.cold+0x10/0x15 [ 1674.416519][T10748] out_of_memory+0x79a/0x12d0 [ 1674.421208][T10748] ? retint_kernel+0x10/0x10 [ 1674.425816][T10748] ? oom_killer_disable+0x280/0x280 [ 1674.431061][T10748] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1674.436615][T10748] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1674.442246][T10748] ? cgroup_file_notify+0x140/0x1b0 [ 1674.447441][T10748] memory_max_write+0x262/0x3a0 [ 1674.452284][T10748] ? mem_cgroup_write+0x360/0x360 [ 1674.457295][T10748] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1674.462749][T10748] cgroup_file_write+0x307/0x790 [ 1674.467678][T10748] ? mem_cgroup_write+0x360/0x360 [ 1674.472694][T10748] ? cgroup_show_path+0x590/0x590 [ 1674.477706][T10748] ? kernfs_fop_write+0x235/0x480 [ 1674.482740][T10748] ? cgroup_show_path+0x590/0x590 [ 1674.487762][T10748] kernfs_fop_write+0x2b8/0x480 [ 1674.492620][T10748] __vfs_write+0x8a/0x110 [ 1674.496944][T10748] ? kernfs_fop_open+0xd80/0xd80 [ 1674.501883][T10748] vfs_write+0x268/0x5d0 [ 1674.506139][T10748] ksys_write+0x14f/0x290 [ 1674.510472][T10748] ? __ia32_sys_read+0xb0/0xb0 [ 1674.515234][T10748] ? do_syscall_64+0x26/0x6a0 [ 1674.519909][T10748] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1674.525975][T10748] ? do_syscall_64+0x26/0x6a0 [ 1674.530655][T10748] __x64_sys_write+0x73/0xb0 [ 1674.535241][T10748] do_syscall_64+0xfd/0x6a0 [ 1674.539754][T10748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1674.545642][T10748] RIP: 0033:0x459829 [ 1674.549615][T10748] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1674.569224][T10748] RSP: 002b:00007ffa717dec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1674.577639][T10748] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1674.585651][T10748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1674.593619][T10748] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1674.601611][T10748] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffa717df6d4 [ 1674.609585][T10748] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1674.641406][T10748] memory: usage 3692kB, limit 0kB, failcnt 863966 [ 1674.647935][T10748] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1674.654933][T10748] Memory cgroup stats for /syz3: [ 1674.656642][T10748] anon 2183168 [ 1674.656642][T10748] file 172032 [ 1674.656642][T10748] kernel_stack 65536 [ 1674.656642][T10748] slab 1236992 [ 1674.656642][T10748] sock 0 [ 1674.656642][T10748] shmem 8192 [ 1674.656642][T10748] file_mapped 0 [ 1674.656642][T10748] file_dirty 135168 [ 1674.656642][T10748] file_writeback 0 [ 1674.656642][T10748] anon_thp 2097152 [ 1674.656642][T10748] inactive_anon 0 [ 1674.656642][T10748] active_anon 2183168 [ 1674.656642][T10748] inactive_file 135168 [ 1674.656642][T10748] active_file 118784 [ 1674.656642][T10748] unevictable 0 [ 1674.656642][T10748] slab_reclaimable 405504 [ 1674.656642][T10748] slab_unreclaimable 831488 [ 1674.656642][T10748] pgfault 107316 [ 1674.656642][T10748] pgmajfault 0 [ 1674.656642][T10748] workingset_refault 0 [ 1674.656642][T10748] workingset_activate 0 [ 1674.656642][T10748] workingset_nodereclaim 0 [ 1674.656642][T10748] pgrefill 0 [ 1674.656642][T10748] pgscan 0 [ 1674.656642][T10748] pgsteal 0 [ 1674.656642][T10748] pgactivate 0 [ 1674.752744][T10748] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10747,uid=0 [ 1674.768995][T10748] Memory cgroup out of memory: Killed process 10747 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1674.785530][ T1057] oom_reaper: reaped process 10747 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:16:13 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:16:13 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(0xffffffffffffffff, 0x0) 23:16:13 executing program 0: syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000280)=0x1000000032, 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 23:16:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e", 0x8}], 0x0, 0x0) 23:16:13 executing program 5: syz_mount_image$gfs2(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:13 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000300)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2, 0x4}}) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) write$binfmt_aout(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="11c5504f92e971251c060000006281fcba044fedecec0df2e5c986529e0fa7bfc3242c8c9020c504afd44c4f7982bb8dc9abc6297c42235fe93f9d4493ff69bd0c1430f6fee0ab8a5379b8e0fa1f6d6c74119fe28630a860757c11fcd8c3361a0ea0e401bfd02fea597134ee9064ef80a0fa000000000000000000abdc7adfac7742c341646eef87f31fbc1cf8e9ed51e74a9c262287bb3dc3ecab2ae047659d45760356002c0c2377cb5675be3ecd6a2a19546e266a526db4fab5b4dc50d8c82bae58e7395ef86d5c56e5e9dbe566cbdb21347af2479be8f470c8e2b8bad52ea0c3ce30fd8368a86c98", @ANYRES16], 0xec) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) sendmsg$key(r0, 0x0, 0x0) sendmsg$key(r0, 0x0, 0x0) [ 1674.933682][T10739] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 1674.950472][T10739] CPU: 1 PID: 10739 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1674.958120][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1674.968187][T10739] Call Trace: [ 1674.971492][T10739] dump_stack+0x16f/0x1f0 [ 1674.975839][T10739] dump_header+0x10b/0x831 [ 1674.980258][T10739] ? oom_kill_process+0x94/0x3c0 [ 1674.985206][T10739] oom_kill_process.cold+0x10/0x15 [ 1674.990342][T10739] out_of_memory+0x79a/0x12d0 [ 1674.995030][T10739] ? lock_downgrade+0x920/0x920 [ 1674.999894][T10739] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1675.005712][T10739] ? oom_killer_disable+0x280/0x280 [ 1675.010931][T10739] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1675.016491][T10739] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1675.022133][T10739] ? do_raw_spin_unlock+0x57/0x270 [ 1675.027251][T10739] ? _raw_spin_unlock+0x23/0x30 [ 1675.032110][T10739] try_charge+0x1053/0x1430 [ 1675.036631][T10739] ? __lock_acquire+0x7b0/0x4c30 [ 1675.042071][T10739] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1675.047620][T10739] ? cache_grow_begin+0x124/0xc90 [ 1675.052647][T10739] ? find_held_lock+0x35/0x130 [ 1675.057411][T10739] ? cache_grow_begin+0x124/0xc90 [ 1675.062450][T10739] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1675.067917][T10739] ? memcg_kmem_put_cache+0x1b0/0x1b0 [ 1675.073299][T10739] cache_grow_begin+0x601/0xc90 [ 1675.078156][T10739] ? write_comp_data+0x31/0x70 [ 1675.082922][T10739] ? mempolicy_slab_node+0x139/0x390 [ 1675.088212][T10739] fallback_alloc+0x1fd/0x2d0 [ 1675.092895][T10739] ____cache_alloc_node+0x1bc/0x1d0 [ 1675.098094][T10739] ? trace_hardirqs_off+0x62/0x210 [ 1675.103211][T10739] kmem_cache_alloc+0x1e8/0x700 [ 1675.108076][T10739] __alloc_file+0x27/0x300 [ 1675.112500][T10739] alloc_empty_file+0x72/0x170 [ 1675.117273][T10739] path_openat+0xef/0x4630 [ 1675.121693][T10739] ? kasan_slab_alloc+0xf/0x20 [ 1675.126457][T10739] ? kmem_cache_alloc+0x121/0x700 [ 1675.131480][T10739] ? getname_flags+0xd6/0x5b0 [ 1675.136156][T10739] ? getname+0x1a/0x20 [ 1675.140222][T10739] ? do_sys_open+0x2c9/0x5d0 [ 1675.144811][T10739] ? __x64_sys_open+0x7e/0xc0 [ 1675.149497][T10739] ? do_syscall_64+0xfd/0x6a0 [ 1675.154210][T10739] ? __kasan_check_read+0x11/0x20 [ 1675.159244][T10739] ? mark_lock+0xc0/0x11e0 [ 1675.163660][T10739] ? __kasan_check_read+0x11/0x20 [ 1675.168699][T10739] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1675.174082][T10739] ? __alloc_fd+0x487/0x620 [ 1675.178598][T10739] do_filp_open+0x1a1/0x280 [ 1675.183105][T10739] ? may_open_dev+0x100/0x100 [ 1675.187790][T10739] ? lock_downgrade+0x920/0x920 [ 1675.192646][T10739] ? rwlock_bug.part.0+0x90/0x90 [ 1675.197597][T10739] ? __kasan_check_read+0x11/0x20 [ 1675.202639][T10739] ? do_raw_spin_unlock+0x57/0x270 [ 1675.207766][T10739] ? _raw_spin_unlock+0x23/0x30 [ 1675.212627][T10739] ? __alloc_fd+0x487/0x620 [ 1675.217148][T10739] do_sys_open+0x3fe/0x5d0 [ 1675.221580][T10739] ? filp_open+0x80/0x80 [ 1675.225829][T10739] ? __detach_mounts+0x2a0/0x2a0 [ 1675.230788][T10739] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1675.236266][T10739] ? do_syscall_64+0x26/0x6a0 [ 1675.240969][T10739] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1675.247578][T10739] ? do_syscall_64+0x26/0x6a0 [ 1675.252273][T10739] __x64_sys_open+0x7e/0xc0 [ 1675.256802][T10739] do_syscall_64+0xfd/0x6a0 [ 1675.261352][T10739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1675.267266][T10739] RIP: 0033:0x4577a0 [ 1675.271181][T10739] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 1675.290811][T10739] RSP: 002b:00007fff1290c1c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 1675.299264][T10739] RAX: ffffffffffffffda RBX: 0000000000198c3b RCX: 00000000004577a0 [ 1675.307259][T10739] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007fff1290d3a0 [ 1675.315252][T10739] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555e09940 [ 1675.323241][T10739] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fff1290d3a0 [ 1675.331330][T10739] R13: 00007fff1290d390 R14: 0000000000000000 R15: 00007fff1290d3a0 [ 1675.339921][T10739] memory: usage 1364kB, limit 0kB, failcnt 863978 [ 1675.346375][T10739] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1675.353295][T10739] Memory cgroup stats for /syz3: [ 1675.353417][T10739] anon 0 [ 1675.353417][T10739] file 172032 [ 1675.353417][T10739] kernel_stack 0 [ 1675.353417][T10739] slab 1236992 [ 1675.353417][T10739] sock 0 [ 1675.353417][T10739] shmem 8192 [ 1675.353417][T10739] file_mapped 0 [ 1675.353417][T10739] file_dirty 135168 [ 1675.353417][T10739] file_writeback 0 [ 1675.353417][T10739] anon_thp 0 [ 1675.353417][T10739] inactive_anon 0 [ 1675.353417][T10739] active_anon 0 [ 1675.353417][T10739] inactive_file 135168 [ 1675.353417][T10739] active_file 118784 [ 1675.353417][T10739] unevictable 0 [ 1675.353417][T10739] slab_reclaimable 405504 [ 1675.353417][T10739] slab_unreclaimable 831488 [ 1675.353417][T10739] pgfault 107316 [ 1675.353417][T10739] pgmajfault 0 [ 1675.353417][T10739] workingset_refault 0 [ 1675.353417][T10739] workingset_activate 0 [ 1675.353417][T10739] workingset_nodereclaim 0 [ 1675.353417][T10739] pgrefill 0 [ 1675.353417][T10739] pgscan 0 [ 1675.353417][T10739] pgsteal 0 [ 1675.353417][T10739] pgactivate 0 [ 1675.447877][T10739] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10739,uid=0 [ 1675.463436][T10739] Memory cgroup out of memory: Killed process 10739 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1675.466794][ T1057] oom_reaper: reaped process 10739 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:16:14 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(0xffffffffffffffff, 0x0) 23:16:14 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 23:16:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) connect$inet6(r0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x800010b, 0x18) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) getgid() getgroups(0xfffffffffffffd2d, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e6661", 0xa}], 0x0, 0x0) open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0xfffffef6) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) 23:16:14 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ftruncate(0xffffffffffffffff, 0x0) 23:16:14 executing program 5: syz_mount_image$gfs2(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:14 executing program 1: 23:16:15 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:16:15 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000300)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2, 0x4}}) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) write$binfmt_aout(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="11c5504f92e971251c060000006281fcba044fedecec0df2e5c986529e0fa7bfc3242c8c9020c504afd44c4f7982bb8dc9abc6297c42235fe93f9d4493ff69bd0c1430f6fee0ab8a5379b8e0fa1f6d6c74119fe28630a860757c11fcd8c3361a0ea0e401bfd02fea597134ee9064ef80a0fa000000000000000000abdc7adfac7742c341646eef87f31fbc1cf8e9ed51e74a9c262287bb3dc3ecab2ae047659d45760356002c0c2377cb5675be3ecd6a2a19546e266a526db4fab5b4dc50d8c82bae58e7395ef86d5c56e5e9dbe566cbdb21347af2479be8f470c8e2b8bad52ea0c3ce30fd8368a86c98", @ANYRES16], 0xec) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) sendmsg$key(r0, 0x0, 0x0) sendmsg$key(r0, 0x0, 0x0) 23:16:15 executing program 0: 23:16:15 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:15 executing program 1: 23:16:15 executing program 2: 23:16:15 executing program 1: 23:16:15 executing program 0: 23:16:15 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:15 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$netlink(r1, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) 23:16:15 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:16:15 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009}) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') read$rfkill(r0, &(0x7f0000000440), 0x8) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) 23:16:15 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) read$rfkill(r0, 0x0, 0x0) [ 1677.280411][T10836] device nr0 entered promiscuous mode 23:16:16 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000300)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2, 0x4}}) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) write$binfmt_aout(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="11c5504f92e971251c060000006281fcba044fedecec0df2e5c986529e0fa7bfc3242c8c9020c504afd44c4f7982bb8dc9abc6297c42235fe93f9d4493ff69bd0c1430f6fee0ab8a5379b8e0fa1f6d6c74119fe28630a860757c11fcd8c3361a0ea0e401bfd02fea597134ee9064ef80a0fa000000000000000000abdc7adfac7742c341646eef87f31fbc1cf8e9ed51e74a9c262287bb3dc3ecab2ae047659d45760356002c0c2377cb5675be3ecd6a2a19546e266a526db4fab5b4dc50d8c82bae58e7395ef86d5c56e5e9dbe566cbdb21347af2479be8f470c8e2b8bad52ea0c3ce30fd8368a86c98", @ANYRES16], 0xec) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) sendmsg$key(r0, 0x0, 0x0) sendmsg$key(r0, 0x0, 0x0) 23:16:16 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}, {@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:16 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='memory.stat\x00', 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f0000000600)) socket$kcm(0x11, 0x3, 0x300) r1 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffff9c, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0) r2 = socket$kcm(0x2, 0x3, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000800)={'caif0\x00', @broadcast}) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000200)=0xa7) 23:16:16 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_tcp_int(r1, 0x6, 0x3, &(0x7f0000000100)=0x4, 0x4) 23:16:16 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/22) fcntl$getownex(r1, 0x10, &(0x7f0000000300)={0x0, 0x0}) rt_sigqueueinfo(r2, 0x1, &(0x7f0000000340)={0xd, 0x7fffffff, 0xff}) sendmsg(r0, &(0x7f0000000180)={0x0, 0x2c028892ad2610bf, &(0x7f0000000440), 0x10000000000002cc}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r3 = socket$inet(0x10, 0x2, 0x0) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000040), 0x0) read$alg(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(0xffffffffffffffff, 0x111, 0x1, 0x0, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00p\x00\'v\x01\x03\xf2\x00', @ifru_flags=0xc}) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000480)) [ 1677.599192][T10845] device caif0 entered promiscuous mode 23:16:16 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1677.812094][T10864] gfs2: not a GFS2 filesystem 23:16:16 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1678.011405][T10870] gfs2: not a GFS2 filesystem 23:16:16 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:16:16 executing program 2: r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x238) r1 = gettid() ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, 0x0) ptrace$peekuser(0x3, 0x0, 0x0) readv(r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sched_rr_get_interval(0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) read$eventfd(0xffffffffffffffff, 0x0, 0xfffffffffffffec9) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) lstat(0x0, 0x0) getgroups(0x0, 0x0) stat(0x0, 0x0) setgroups(0x0, 0x0) semget$private(0x0, 0x0, 0x0) tkill(r1, 0x1000000000016) [ 1678.245366][T10876] gfs2: not a GFS2 filesystem [ 1678.665045][T10885] IPVS: ftp: loaded support on port[0] = 21 [ 1678.845890][T10885] chnl_net:caif_netlink_parms(): no params data found [ 1678.952956][T10885] bridge0: port 1(bridge_slave_0) entered blocking state [ 1678.960142][T10885] bridge0: port 1(bridge_slave_0) entered disabled state [ 1678.967878][T10885] device bridge_slave_0 entered promiscuous mode [ 1679.050299][T10885] bridge0: port 2(bridge_slave_1) entered blocking state [ 1679.057396][T10885] bridge0: port 2(bridge_slave_1) entered disabled state [ 1679.065624][T10885] device bridge_slave_1 entered promiscuous mode [ 1679.085150][T10885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1679.096023][T10885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1679.117437][T10885] team0: Port device team_slave_0 added [ 1679.124788][T10885] team0: Port device team_slave_1 added [ 1679.162051][T10885] device hsr_slave_0 entered promiscuous mode [ 1679.198741][T10885] device hsr_slave_1 entered promiscuous mode [ 1679.238495][T10885] debugfs: Directory 'hsr0' with parent '/' already present! [ 1679.247040][T23426] device bridge_slave_1 left promiscuous mode [ 1679.253455][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1679.299967][T23426] device bridge_slave_0 left promiscuous mode [ 1679.306163][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1681.371289][T23426] device hsr_slave_0 left promiscuous mode [ 1681.458552][T23426] device hsr_slave_1 left promiscuous mode [ 1681.506134][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1681.520751][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1681.534079][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1681.602588][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1681.677389][T23426] bond0 (unregistering): Released all slaves [ 1681.776385][T10885] bridge0: port 2(bridge_slave_1) entered blocking state [ 1681.783534][T10885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1681.791001][T10885] bridge0: port 1(bridge_slave_0) entered blocking state [ 1681.798058][T10885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1681.807160][ T8236] bridge0: port 1(bridge_slave_0) entered disabled state [ 1681.815711][ T8236] bridge0: port 2(bridge_slave_1) entered disabled state [ 1681.860338][T10885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1681.875278][T10885] 8021q: adding VLAN 0 to HW filter on device team0 [ 1681.883630][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1681.891603][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1681.967121][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1681.976831][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1681.985772][ T8236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1681.993041][ T8236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1682.001615][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1682.010839][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1682.019352][ T8236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1682.026422][ T8236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1682.058235][T10885] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1682.069162][T10885] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1682.094338][T10885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1682.102850][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1682.111773][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1682.120641][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1682.130030][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1682.138652][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1682.147505][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1682.156040][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1682.164477][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1682.173056][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1682.181524][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1682.192348][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1682.200627][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1682.343965][T10895] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1682.414434][T10895] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1682.425191][T10895] CPU: 0 PID: 10895 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1682.432846][T10895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1682.442917][T10895] Call Trace: [ 1682.446226][T10895] dump_stack+0x16f/0x1f0 [ 1682.450567][T10895] dump_header+0x10b/0x831 [ 1682.454990][T10895] oom_kill_process.cold+0x10/0x15 [ 1682.460111][T10895] out_of_memory+0x79a/0x12d0 [ 1682.464791][T10895] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1682.470434][T10895] ? cgroup_file_notify+0x140/0x1b0 [ 1682.475640][T10895] ? oom_killer_disable+0x280/0x280 [ 1682.480866][T10895] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1682.486424][T10895] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1682.492075][T10895] ? cgroup_file_notify+0x140/0x1b0 [ 1682.497284][T10895] memory_max_write+0x262/0x3a0 [ 1682.502147][T10895] ? mem_cgroup_write+0x360/0x360 [ 1682.507184][T10895] ? lock_acquire+0x190/0x400 [ 1682.511866][T10895] ? kernfs_fop_write+0x227/0x480 [ 1682.516908][T10895] cgroup_file_write+0x307/0x790 [ 1682.521863][T10895] ? mem_cgroup_write+0x360/0x360 [ 1682.526899][T10895] ? cgroup_show_path+0x590/0x590 [ 1682.531935][T10895] ? cgroup_show_path+0x590/0x590 [ 1682.536969][T10895] kernfs_fop_write+0x2b8/0x480 [ 1682.541836][T10895] __vfs_write+0x8a/0x110 [ 1682.546171][T10895] ? kernfs_fop_open+0xd80/0xd80 [ 1682.551113][T10895] vfs_write+0x268/0x5d0 [ 1682.555358][T10895] ksys_write+0x14f/0x290 [ 1682.559692][T10895] ? __ia32_sys_read+0xb0/0xb0 [ 1682.564461][T10895] ? do_syscall_64+0x26/0x6a0 [ 1682.569161][T10895] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1682.575266][T10895] ? do_syscall_64+0x26/0x6a0 [ 1682.579948][T10895] __x64_sys_write+0x73/0xb0 [ 1682.584541][T10895] do_syscall_64+0xfd/0x6a0 [ 1682.589055][T10895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1682.594949][T10895] RIP: 0033:0x459829 [ 1682.598859][T10895] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1682.618472][T10895] RSP: 002b:00007f2396adfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1682.626895][T10895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1682.634874][T10895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1682.642851][T10895] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1682.650829][T10895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2396ae06d4 [ 1682.658887][T10895] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1682.667547][T10895] memory: usage 3680kB, limit 0kB, failcnt 863979 [ 1682.674099][T10895] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1682.681139][T10895] Memory cgroup stats for /syz3: [ 1682.682197][T10895] anon 2060288 [ 1682.682197][T10895] file 172032 [ 1682.682197][T10895] kernel_stack 0 [ 1682.682197][T10895] slab 1236992 [ 1682.682197][T10895] sock 0 [ 1682.682197][T10895] shmem 8192 [ 1682.682197][T10895] file_mapped 0 [ 1682.682197][T10895] file_dirty 135168 [ 1682.682197][T10895] file_writeback 0 [ 1682.682197][T10895] anon_thp 2097152 [ 1682.682197][T10895] inactive_anon 0 [ 1682.682197][T10895] active_anon 2060288 [ 1682.682197][T10895] inactive_file 135168 [ 1682.682197][T10895] active_file 118784 [ 1682.682197][T10895] unevictable 0 [ 1682.682197][T10895] slab_reclaimable 405504 [ 1682.682197][T10895] slab_unreclaimable 831488 [ 1682.682197][T10895] pgfault 107382 [ 1682.682197][T10895] pgmajfault 0 [ 1682.682197][T10895] workingset_refault 0 [ 1682.682197][T10895] workingset_activate 0 [ 1682.682197][T10895] workingset_nodereclaim 0 [ 1682.682197][T10895] pgrefill 0 [ 1682.682197][T10895] pgscan 0 [ 1682.682197][T10895] pgsteal 0 [ 1682.682197][T10895] pgactivate 0 [ 1682.778269][T10895] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10894,uid=0 [ 1682.794547][T10895] Memory cgroup out of memory: Killed process 10894 (syz-executor.3) total-vm:72576kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB 23:16:21 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:21 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/22) fcntl$getownex(r1, 0x10, &(0x7f0000000300)={0x0, 0x0}) rt_sigqueueinfo(r2, 0x1, &(0x7f0000000340)={0xd, 0x7fffffff, 0xff}) sendmsg(r0, &(0x7f0000000180)={0x0, 0x2c028892ad2610bf, &(0x7f0000000440), 0x10000000000002cc}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r3 = socket$inet(0x10, 0x2, 0x0) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000040), 0x0) read$alg(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(0xffffffffffffffff, 0x111, 0x1, 0x0, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00p\x00\'v\x01\x03\xf2\x00', @ifru_flags=0xc}) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000480)) 23:16:21 executing program 2: r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x238) r1 = gettid() ioctl$FS_IOC_GETVERSION(r0, 0x80087601, 0x0) ptrace$peekuser(0x3, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sched_rr_get_interval(0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) read$eventfd(0xffffffffffffffff, 0x0, 0xfffffffffffffec9) prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, 0x0) lstat(0x0, 0x0) fstat(0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) tkill(r1, 0x1000000000016) 23:16:21 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f00000003c0)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x9731a) clone(0x2002102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000380)=[@window={0x3, 0x0, 0x800}, @mss], 0x20000002) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 23:16:21 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}]}) 23:16:21 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000300)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2, 0x4}}) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) write$binfmt_aout(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="11c5504f92e971251c060000006281fcba044fedecec0df2e5c986529e0fa7bfc3242c8c9020c504afd44c4f7982bb8dc9abc6297c42235fe93f9d4493ff69bd0c1430f6fee0ab8a5379b8e0fa1f6d6c74119fe28630a860757c11fcd8c3361a0ea0e401bfd02fea597134ee9064ef80a0fa000000000000000000abdc7adfac7742c341646eef87f31fbc1cf8e9ed51e74a9c262287bb3dc3ecab2ae047659d45760356002c0c2377cb5675be3ecd6a2a19546e266a526db4fab5b4dc50d8c82bae58e7395ef86d5c56e5e9dbe566cbdb21347af2479be8f470c8e2b8bad52ea0c3ce30fd8368a86c98", @ANYRES16], 0xec) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) sendmsg$key(r0, 0x0, 0x0) sendmsg$key(r0, 0x0, 0x0) [ 1682.945951][T10885] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1682.956013][T10885] CPU: 0 PID: 10885 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1682.963666][T10885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1682.978853][T10885] Call Trace: [ 1682.982160][T10885] dump_stack+0x16f/0x1f0 [ 1682.986499][T10885] dump_header+0x10b/0x831 [ 1682.986513][T10885] ? oom_kill_process+0x94/0x3c0 [ 1682.986532][T10885] oom_kill_process.cold+0x10/0x15 [ 1682.995875][T10885] out_of_memory+0x79a/0x12d0 [ 1682.995893][T10885] ? lock_downgrade+0x920/0x920 [ 1682.995917][T10885] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1683.016323][T10885] ? oom_killer_disable+0x280/0x280 [ 1683.021542][T10885] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1683.021558][T10885] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1683.021580][T10885] ? do_raw_spin_unlock+0x57/0x270 [ 1683.021600][T10885] ? _raw_spin_unlock+0x23/0x30 [ 1683.021620][T10885] try_charge+0x1053/0x1430 [ 1683.021653][T10885] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1683.042741][T10885] ? percpu_ref_tryget_live+0x104/0x270 [ 1683.042769][T10885] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1683.052779][T10885] mem_cgroup_try_charge+0x136/0x590 [ 1683.052799][T10885] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1683.052825][T10885] wp_page_copy+0x27c/0x1380 [ 1683.052843][T10885] ? find_held_lock+0x35/0x130 [ 1683.052861][T10885] ? pmd_pfn+0x1d0/0x1d0 [ 1683.052879][T10885] ? lock_downgrade+0x920/0x920 [ 1683.052898][T10885] ? swp_swapcount+0x520/0x520 [ 1683.052916][T10885] ? __kasan_check_read+0x11/0x20 [ 1683.052930][T10885] ? do_raw_spin_unlock+0x57/0x270 [ 1683.052947][T10885] do_wp_page+0x499/0x14d0 [ 1683.052965][T10885] ? finish_mkwrite_fault+0x570/0x570 [ 1683.052990][T10885] __handle_mm_fault+0x2120/0x3ce0 [ 1683.053011][T10885] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1683.053028][T10885] ? handle_mm_fault+0x294/0xa90 [ 1683.053053][T10885] ? handle_mm_fault+0x675/0xa90 [ 1683.053070][T10885] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1683.053091][T10885] handle_mm_fault+0x3bb/0xa90 [ 1683.053115][T10885] __do_page_fault+0x536/0xdd0 [ 1683.053140][T10885] do_page_fault+0x38/0x536 [ 1683.053157][T10885] page_fault+0x39/0x40 [ 1683.053170][T10885] RIP: 0033:0x430906 [ 1683.053188][T10885] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1683.053196][T10885] RSP: 002b:00007ffe782b08f0 EFLAGS: 00010206 23:16:22 executing program 2: r0 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) semctl$GETALL(r0, 0x0, 0xd, &(0x7f00000000c0)=""/41) [ 1683.053209][T10885] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1683.053218][T10885] RDX: 0000555556971930 RSI: 0000555556979970 RDI: 0000000000000003 [ 1683.053227][T10885] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556970940 [ 1683.053235][T10885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1683.053244][T10885] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1683.053462][T10885] memory: usage 1344kB, limit 0kB, failcnt 863987 [ 1683.053472][T10885] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1683.053478][T10885] Memory cgroup stats for /syz3: [ 1683.053583][T10885] anon 0 [ 1683.053583][T10885] file 172032 [ 1683.053583][T10885] kernel_stack 0 [ 1683.053583][T10885] slab 1236992 [ 1683.053583][T10885] sock 0 [ 1683.053583][T10885] shmem 8192 [ 1683.053583][T10885] file_mapped 0 [ 1683.053583][T10885] file_dirty 135168 [ 1683.053583][T10885] file_writeback 0 [ 1683.053583][T10885] anon_thp 0 [ 1683.053583][T10885] inactive_anon 0 [ 1683.053583][T10885] active_anon 0 [ 1683.053583][T10885] inactive_file 135168 [ 1683.053583][T10885] active_file 118784 [ 1683.053583][T10885] unevictable 0 [ 1683.053583][T10885] slab_reclaimable 405504 [ 1683.053583][T10885] slab_unreclaimable 831488 [ 1683.053583][T10885] pgfault 107415 [ 1683.053583][T10885] pgmajfault 0 [ 1683.053583][T10885] workingset_refault 0 [ 1683.053583][T10885] workingset_activate 0 [ 1683.053583][T10885] workingset_nodereclaim 0 [ 1683.053583][T10885] pgrefill 0 [ 1683.053583][T10885] pgscan 0 [ 1683.053583][T10885] pgsteal 0 [ 1683.053583][T10885] pgactivate 0 [ 1683.053603][T10885] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10885,uid=0 [ 1683.053685][T10885] Memory cgroup out of memory: Killed process 10885 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 1683.261083][T10905] gfs2: not a GFS2 filesystem 23:16:22 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000200)={r0, &(0x7f0000000180)}, 0x10) 23:16:22 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}]}) 23:16:22 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:22 executing program 0: 23:16:22 executing program 1: [ 1683.883619][T10934] gfs2: not a GFS2 filesystem 23:16:23 executing program 1: 23:16:23 executing program 0: 23:16:23 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:23 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@acl='acl'}]}) 23:16:23 executing program 4: 23:16:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:23 executing program 1: 23:16:23 executing program 4: [ 1684.331874][T10943] gfs2: not a GFS2 filesystem 23:16:23 executing program 0: 23:16:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:23 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:23 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:23 executing program 4: 23:16:23 executing program 0: 23:16:23 executing program 1: 23:16:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:23 executing program 4: [ 1684.728549][T10962] gfs2: not a GFS2 filesystem 23:16:23 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f0000002980)=[{0x0}, {0x0}, {&(0x7f00000022c0)=""/118, 0x76}], 0x3, &(0x7f0000002640)=""/8, 0x8}, 0x100000000}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/udp\x00') preadv(r0, &(0x7f00000017c0), 0x1a4, 0x0) 23:16:23 executing program 1: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x4000000000001, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) 23:16:23 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:23 executing program 4: socket$unix(0x1, 0x0, 0x0) stat(0x0, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x0, &(0x7f0000000540)) 23:16:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1685.109619][T10985] gfs2: not a GFS2 filesystem [ 1686.585516][T11001] IPVS: ftp: loaded support on port[0] = 21 [ 1686.728885][T11001] chnl_net:caif_netlink_parms(): no params data found [ 1686.757328][T11001] bridge0: port 1(bridge_slave_0) entered blocking state [ 1686.764487][T11001] bridge0: port 1(bridge_slave_0) entered disabled state [ 1686.772730][T11001] device bridge_slave_0 entered promiscuous mode [ 1686.780681][T11001] bridge0: port 2(bridge_slave_1) entered blocking state [ 1686.787721][T11001] bridge0: port 2(bridge_slave_1) entered disabled state [ 1686.795746][T11001] device bridge_slave_1 entered promiscuous mode [ 1686.815664][T11001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1686.827875][T11001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1686.926742][T11001] team0: Port device team_slave_0 added [ 1686.935955][T11001] team0: Port device team_slave_1 added [ 1686.990405][T11001] device hsr_slave_0 entered promiscuous mode [ 1687.028752][T11001] device hsr_slave_1 entered promiscuous mode [ 1687.068496][T11001] debugfs: Directory 'hsr0' with parent '/' already present! [ 1687.156361][T11001] bridge0: port 2(bridge_slave_1) entered blocking state [ 1687.163445][T11001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1687.170837][T11001] bridge0: port 1(bridge_slave_0) entered blocking state [ 1687.177901][T11001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1687.217048][T11001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1687.309040][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1687.317693][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state [ 1687.325972][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state [ 1687.334247][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1687.346352][T11001] 8021q: adding VLAN 0 to HW filter on device team0 [ 1687.354660][T23426] device bridge_slave_1 left promiscuous mode [ 1687.361037][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1687.409968][T23426] device bridge_slave_0 left promiscuous mode [ 1687.416266][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1689.489280][T23426] device hsr_slave_0 left promiscuous mode [ 1689.529219][T23426] device hsr_slave_1 left promiscuous mode [ 1689.580926][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1689.595276][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1689.606011][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1689.632485][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1689.707307][T23426] bond0 (unregistering): Released all slaves [ 1689.814125][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1689.822533][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 1689.829661][ T454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1689.837274][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1689.846478][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 1689.853607][ T454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1689.869951][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1689.880377][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1689.889296][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1689.897902][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1689.907082][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1689.915662][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1689.924254][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1689.934381][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1689.947832][T11001] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1689.959361][T11001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1689.967123][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1689.975659][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1689.995227][T11001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1690.094169][T11008] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1690.152531][T11008] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1690.162964][T11008] CPU: 1 PID: 11008 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1690.170614][T11008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1690.180677][T11008] Call Trace: [ 1690.183981][T11008] dump_stack+0x16f/0x1f0 [ 1690.188327][T11008] dump_header+0x10b/0x831 [ 1690.192753][T11008] oom_kill_process.cold+0x10/0x15 [ 1690.197879][T11008] out_of_memory+0x79a/0x12d0 [ 1690.202570][T11008] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1690.208206][T11008] ? cgroup_file_notify+0x140/0x1b0 [ 1690.213504][T11008] ? oom_killer_disable+0x280/0x280 [ 1690.218734][T11008] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1690.224284][T11008] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1690.229942][T11008] ? cgroup_file_notify+0x140/0x1b0 [ 1690.235155][T11008] memory_max_write+0x262/0x3a0 [ 1690.240017][T11008] ? mem_cgroup_write+0x360/0x360 [ 1690.245048][T11008] ? lock_acquire+0x190/0x400 [ 1690.249732][T11008] ? kernfs_fop_write+0x227/0x480 [ 1690.254769][T11008] cgroup_file_write+0x307/0x790 [ 1690.259725][T11008] ? mem_cgroup_write+0x360/0x360 [ 1690.264847][T11008] ? cgroup_show_path+0x590/0x590 [ 1690.269886][T11008] ? cgroup_show_path+0x590/0x590 [ 1690.274917][T11008] kernfs_fop_write+0x2b8/0x480 [ 1690.279783][T11008] __vfs_write+0x8a/0x110 [ 1690.284114][T11008] ? kernfs_fop_open+0xd80/0xd80 [ 1690.289067][T11008] vfs_write+0x268/0x5d0 [ 1690.293329][T11008] ksys_write+0x14f/0x290 [ 1690.297674][T11008] ? __ia32_sys_read+0xb0/0xb0 [ 1690.302451][T11008] ? do_syscall_64+0x26/0x6a0 [ 1690.307155][T11008] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1690.313229][T11008] ? do_syscall_64+0x26/0x6a0 [ 1690.317919][T11008] __x64_sys_write+0x73/0xb0 [ 1690.322519][T11008] do_syscall_64+0xfd/0x6a0 [ 1690.327032][T11008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1690.332924][T11008] RIP: 0033:0x459829 [ 1690.336823][T11008] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1690.356449][T11008] RSP: 002b:00007f74eb6c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1690.364874][T11008] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1690.372863][T11008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1690.380851][T11008] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1690.388835][T11008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74eb6c96d4 [ 1690.397392][T11008] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1690.411048][T11008] memory: usage 3632kB, limit 0kB, failcnt 863988 [ 1690.417565][T11008] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1690.424509][T11008] Memory cgroup stats for /syz3: [ 1690.425304][T11008] anon 2220032 [ 1690.425304][T11008] file 172032 [ 1690.425304][T11008] kernel_stack 65536 [ 1690.425304][T11008] slab 1236992 [ 1690.425304][T11008] sock 0 [ 1690.425304][T11008] shmem 8192 [ 1690.425304][T11008] file_mapped 0 [ 1690.425304][T11008] file_dirty 135168 [ 1690.425304][T11008] file_writeback 0 [ 1690.425304][T11008] anon_thp 2097152 [ 1690.425304][T11008] inactive_anon 0 [ 1690.425304][T11008] active_anon 2220032 [ 1690.425304][T11008] inactive_file 135168 [ 1690.425304][T11008] active_file 118784 [ 1690.425304][T11008] unevictable 0 [ 1690.425304][T11008] slab_reclaimable 405504 [ 1690.425304][T11008] slab_unreclaimable 831488 [ 1690.425304][T11008] pgfault 107481 [ 1690.425304][T11008] pgmajfault 0 [ 1690.425304][T11008] workingset_refault 0 [ 1690.425304][T11008] workingset_activate 0 [ 1690.425304][T11008] workingset_nodereclaim 0 [ 1690.425304][T11008] pgrefill 0 [ 1690.425304][T11008] pgscan 0 [ 1690.425304][T11008] pgsteal 0 [ 1690.425304][T11008] pgactivate 0 [ 1690.521718][T11008] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11007,uid=0 [ 1690.537782][T11008] Memory cgroup out of memory: Killed process 11007 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 1690.554513][ T1057] oom_reaper: reaped process 11007 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:16:29 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:29 executing program 1: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) readv(r0, &(0x7f0000000580)=[{&(0x7f0000001040)=""/4096, 0x1000}], 0x1) 23:16:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(r0) 23:16:29 executing program 5: syz_mount_image$gfs2(&(0x7f0000000480)='gfs2\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{@hostdata={'hostdata', 0x3d, 'nfs4\x00'}}]}) 23:16:29 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:29 executing program 4: [ 1690.694830][T11001] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1690.704959][T11001] CPU: 1 PID: 11001 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1690.712600][T11001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1690.722655][T11001] Call Trace: [ 1690.722681][T11001] dump_stack+0x16f/0x1f0 [ 1690.722701][T11001] dump_header+0x10b/0x831 [ 1690.722721][T11001] ? oom_kill_process+0x94/0x3c0 [ 1690.730337][T11001] oom_kill_process.cold+0x10/0x15 [ 1690.730354][T11001] out_of_memory+0x79a/0x12d0 [ 1690.730370][T11001] ? lock_downgrade+0x920/0x920 [ 1690.730388][T11001] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1690.730402][T11001] ? oom_killer_disable+0x280/0x280 [ 1690.730426][T11001] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1690.730441][T11001] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1690.730460][T11001] ? do_raw_spin_unlock+0x57/0x270 [ 1690.730478][T11001] ? _raw_spin_unlock+0x23/0x30 [ 1690.730494][T11001] try_charge+0x1053/0x1430 [ 1690.730512][T11001] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1690.730524][T11001] ? percpu_ref_tryget_live+0x104/0x270 [ 1690.730547][T11001] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1690.730562][T11001] mem_cgroup_try_charge+0x136/0x590 [ 1690.730579][T11001] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1690.730596][T11001] __handle_mm_fault+0x1c63/0x3ce0 [ 1690.730616][T11001] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1690.730631][T11001] ? handle_mm_fault+0x294/0xa90 [ 1690.730655][T11001] ? handle_mm_fault+0x675/0xa90 [ 1690.730671][T11001] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1690.730691][T11001] handle_mm_fault+0x3bb/0xa90 [ 1690.730712][T11001] __do_page_fault+0x536/0xdd0 [ 1690.730732][T11001] do_page_fault+0x38/0x536 [ 1690.730752][T11001] page_fault+0x39/0x40 [ 1690.835418][T11014] gfs2: not a GFS2 filesystem [ 1690.839155][T11001] RIP: 0033:0x4577c1 [ 1690.839172][T11001] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 23:16:29 executing program 4: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0) 23:16:29 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(r0) [ 1690.839181][T11001] RSP: 002b:00007ffc2a39efb0 EFLAGS: 00010206 [ 1690.839192][T11001] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004577a0 [ 1690.839199][T11001] RDX: 00007ffc2a39efb0 RSI: 0000000000000003 RDI: 0000000000000001 [ 1690.839207][T11001] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556096940 [ 1690.839215][T11001] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc2a3a0190 [ 1690.839223][T11001] R13: 00007ffc2a3a0180 R14: 0000000000000000 R15: 00007ffc2a3a0190 [ 1690.839923][T11001] memory: usage 1296kB, limit 0kB, failcnt 863996 [ 1690.944327][T11001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1690.951337][T11001] Memory cgroup stats for /syz3: [ 1690.951454][T11001] anon 0 [ 1690.951454][T11001] file 172032 [ 1690.951454][T11001] kernel_stack 65536 [ 1690.951454][T11001] slab 1236992 [ 1690.951454][T11001] sock 0 [ 1690.951454][T11001] shmem 8192 [ 1690.951454][T11001] file_mapped 0 [ 1690.951454][T11001] file_dirty 135168 [ 1690.951454][T11001] file_writeback 0 [ 1690.951454][T11001] anon_thp 0 [ 1690.951454][T11001] inactive_anon 0 [ 1690.951454][T11001] active_anon 0 [ 1690.951454][T11001] inactive_file 135168 [ 1690.951454][T11001] active_file 118784 [ 1690.951454][T11001] unevictable 0 [ 1690.951454][T11001] slab_reclaimable 405504 [ 1690.951454][T11001] slab_unreclaimable 831488 [ 1690.951454][T11001] pgfault 107481 [ 1690.951454][T11001] pgmajfault 0 [ 1690.951454][T11001] workingset_refault 0 [ 1690.951454][T11001] workingset_activate 0 [ 1690.951454][T11001] workingset_nodereclaim 0 [ 1690.951454][T11001] pgrefill 0 23:16:29 executing program 1: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r0, &(0x7f0000000640)="82", 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, 0x0, 0x20) sendfile(r0, r0, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') umount2(&(0x7f0000000800)='./file0\x00', 0x0) 23:16:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(r0) [ 1690.951454][T11001] pgscan 0 [ 1690.951454][T11001] pgsteal 0 [ 1690.951454][T11001] pgactivate 0 [ 1691.053630][T11001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11001,uid=0 [ 1691.069196][T11001] Memory cgroup out of memory: Killed process 11001 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 1691.083637][ T1057] oom_reaper: reaped process 11001 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:16:30 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(r0) 23:16:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:30 executing program 4: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) pread64(r0, 0x0, 0xff8b, 0x2) 23:16:30 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp\x00') mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) 23:16:30 executing program 0: close(0xffffffffffffffff) 23:16:30 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="021000000a00000004c810ec000008000800080000f10000000000f9ff4c04b461ae3b573735d852bcbe104cba2908f40dfe68449b941869b94d477c5e03ce3d325c67d43a0e778a79174b16b792ecfd"], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x2ae, 0x0) 23:16:30 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000001a80)=""/34, 0x22}], 0x1}}, {{0x0, 0x0, 0x0}, 0xffff}], 0x3, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00') lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x199, 0x0) 23:16:30 executing program 0: close(0xffffffffffffffff) 23:16:30 executing program 4: 23:16:30 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:30 executing program 1: 23:16:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:31 executing program 0: close(0xffffffffffffffff) 23:16:31 executing program 4: 23:16:31 executing program 1: 23:16:31 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:31 executing program 5: 23:16:31 executing program 4: 23:16:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r0) 23:16:31 executing program 5: 23:16:31 executing program 1: 23:16:31 executing program 4: 23:16:31 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1694.002216][T11091] IPVS: ftp: loaded support on port[0] = 21 [ 1694.232033][T11091] chnl_net:caif_netlink_parms(): no params data found [ 1694.265153][T11091] bridge0: port 1(bridge_slave_0) entered blocking state [ 1694.272938][T11091] bridge0: port 1(bridge_slave_0) entered disabled state [ 1694.280833][T11091] device bridge_slave_0 entered promiscuous mode [ 1694.290005][T11091] bridge0: port 2(bridge_slave_1) entered blocking state [ 1694.297096][T11091] bridge0: port 2(bridge_slave_1) entered disabled state [ 1694.305173][T11091] device bridge_slave_1 entered promiscuous mode [ 1694.401617][T11091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1694.412938][T11091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1694.508970][T11091] team0: Port device team_slave_0 added [ 1694.515866][T11091] team0: Port device team_slave_1 added [ 1694.571727][T11091] device hsr_slave_0 entered promiscuous mode [ 1694.609062][T11091] device hsr_slave_1 entered promiscuous mode [ 1694.678532][T11091] debugfs: Directory 'hsr0' with parent '/' already present! [ 1694.767971][T11091] bridge0: port 2(bridge_slave_1) entered blocking state [ 1694.775420][T11091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1694.783043][T11091] bridge0: port 1(bridge_slave_0) entered blocking state [ 1694.790342][T11091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1694.830566][T11091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1694.841643][T23426] device bridge_slave_1 left promiscuous mode [ 1694.847984][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1694.869436][T23426] device bridge_slave_0 left promiscuous mode [ 1694.875765][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1696.959480][T23426] device hsr_slave_0 left promiscuous mode [ 1696.999309][T23426] device hsr_slave_1 left promiscuous mode [ 1697.051110][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1697.065848][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1697.077402][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1697.112810][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1697.197670][T23426] bond0 (unregistering): Released all slaves [ 1697.278184][T11091] 8021q: adding VLAN 0 to HW filter on device team0 [ 1697.286363][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1697.294605][ T9070] bridge0: port 1(bridge_slave_0) entered disabled state [ 1697.303149][ T9070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1697.313052][ T9070] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1697.329567][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1697.338769][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1697.347246][ T8236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1697.354557][ T8236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1697.365255][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1697.374585][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1697.383690][T20827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1697.390969][T20827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1697.401913][ T8236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1697.460602][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1697.470504][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1697.480283][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1697.489981][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1697.499113][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1697.520362][T11091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1697.531124][T11091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1697.567027][T11091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1697.576153][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1697.584490][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1697.593357][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1697.602686][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1697.611305][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1697.622337][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1697.737312][T11100] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1697.804332][T11100] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1697.815162][T11100] CPU: 0 PID: 11100 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1697.822840][T11100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1697.832930][T11100] Call Trace: [ 1697.836262][T11100] dump_stack+0x16f/0x1f0 [ 1697.840641][T11100] dump_header+0x10b/0x831 [ 1697.845103][T11100] oom_kill_process.cold+0x10/0x15 [ 1697.850359][T11100] out_of_memory+0x79a/0x12d0 [ 1697.855202][T11100] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1697.860873][T11100] ? cgroup_file_notify+0x140/0x1b0 [ 1697.866466][T11100] ? oom_killer_disable+0x280/0x280 [ 1697.871715][T11100] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1697.877454][T11100] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1697.883143][T11100] ? cgroup_file_notify+0x140/0x1b0 [ 1697.888394][T11100] memory_max_write+0x262/0x3a0 [ 1697.893289][T11100] ? mem_cgroup_write+0x360/0x360 [ 1697.898347][T11100] ? lock_acquire+0x190/0x400 [ 1697.903050][T11100] ? kernfs_fop_write+0x227/0x480 [ 1697.908113][T11100] cgroup_file_write+0x307/0x790 [ 1697.913592][T11100] ? mem_cgroup_write+0x360/0x360 [ 1697.918664][T11100] ? cgroup_show_path+0x590/0x590 [ 1697.923737][T11100] ? cgroup_show_path+0x590/0x590 [ 1697.929017][T11100] kernfs_fop_write+0x2b8/0x480 [ 1697.934001][T11100] __vfs_write+0x8a/0x110 [ 1697.938353][T11100] ? kernfs_fop_open+0xd80/0xd80 [ 1697.943323][T11100] vfs_write+0x268/0x5d0 [ 1697.948001][T11100] ksys_write+0x14f/0x290 [ 1697.952364][T11100] ? __ia32_sys_read+0xb0/0xb0 [ 1697.957216][T11100] ? do_syscall_64+0x26/0x6a0 [ 1697.962200][T11100] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1697.968302][T11100] ? do_syscall_64+0x26/0x6a0 [ 1697.973015][T11100] __x64_sys_write+0x73/0xb0 [ 1697.977641][T11100] do_syscall_64+0xfd/0x6a0 [ 1697.982319][T11100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1697.988323][T11100] RIP: 0033:0x459829 [ 1697.992251][T11100] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1698.012506][T11100] RSP: 002b:00007f3d7de85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1698.021269][T11100] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1698.029294][T11100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1698.038203][T11100] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1698.046219][T11100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d7de866d4 [ 1698.054230][T11100] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1698.065283][T11100] memory: usage 3676kB, limit 0kB, failcnt 863997 [ 1698.072033][T11100] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1698.079231][T11100] Memory cgroup stats for /syz3: [ 1698.080218][T11100] anon 2060288 [ 1698.080218][T11100] file 172032 [ 1698.080218][T11100] kernel_stack 65536 [ 1698.080218][T11100] slab 1236992 [ 1698.080218][T11100] sock 0 [ 1698.080218][T11100] shmem 8192 [ 1698.080218][T11100] file_mapped 0 [ 1698.080218][T11100] file_dirty 135168 [ 1698.080218][T11100] file_writeback 0 [ 1698.080218][T11100] anon_thp 2097152 [ 1698.080218][T11100] inactive_anon 0 [ 1698.080218][T11100] active_anon 2060288 [ 1698.080218][T11100] inactive_file 135168 [ 1698.080218][T11100] active_file 118784 [ 1698.080218][T11100] unevictable 0 [ 1698.080218][T11100] slab_reclaimable 405504 [ 1698.080218][T11100] slab_unreclaimable 831488 [ 1698.080218][T11100] pgfault 107514 [ 1698.080218][T11100] pgmajfault 0 [ 1698.080218][T11100] workingset_refault 0 [ 1698.080218][T11100] workingset_activate 0 [ 1698.080218][T11100] workingset_nodereclaim 0 [ 1698.080218][T11100] pgrefill 0 [ 1698.080218][T11100] pgscan 0 [ 1698.080218][T11100] pgsteal 0 [ 1698.080218][T11100] pgactivate 0 [ 1698.177075][T11100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11099,uid=0 [ 1698.193224][T11100] Memory cgroup out of memory: Killed process 11099 (syz-executor.3) total-vm:72576kB, anon-rss:2180kB, file-rss:35804kB, shmem-rss:0kB [ 1698.212656][ T1057] oom_reaper: reaped process 11099 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:16:37 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:37 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r0) 23:16:37 executing program 4: 23:16:37 executing program 1: 23:16:37 executing program 5: 23:16:37 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1698.370091][T11091] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1698.380302][T11091] CPU: 1 PID: 11091 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1698.387958][T11091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1698.398032][T11091] Call Trace: [ 1698.401354][T11091] dump_stack+0x16f/0x1f0 [ 1698.405883][T11091] dump_header+0x10b/0x831 [ 1698.410327][T11091] ? oom_kill_process+0x94/0x3c0 [ 1698.415294][T11091] oom_kill_process.cold+0x10/0x15 [ 1698.420436][T11091] out_of_memory+0x79a/0x12d0 [ 1698.425135][T11091] ? lock_downgrade+0x920/0x920 [ 1698.430193][T11091] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1698.436349][T11091] ? oom_killer_disable+0x280/0x280 [ 1698.441591][T11091] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1698.447462][T11091] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1698.453330][T11091] ? do_raw_spin_unlock+0x57/0x270 [ 1698.458481][T11091] ? _raw_spin_unlock+0x23/0x30 [ 1698.463620][T11091] try_charge+0x1053/0x1430 [ 1698.468161][T11091] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1698.473775][T11091] ? percpu_ref_tryget_live+0x104/0x270 [ 1698.479500][T11091] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1698.485175][T11091] mem_cgroup_try_charge+0x136/0x590 [ 1698.490493][T11091] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1698.496240][T11091] wp_page_copy+0x27c/0x1380 [ 1698.500858][T11091] ? find_held_lock+0x35/0x130 [ 1698.505655][T11091] ? pmd_pfn+0x1d0/0x1d0 [ 1698.510092][T11091] ? lock_downgrade+0x920/0x920 [ 1698.515127][T11091] ? swp_swapcount+0x520/0x520 [ 1698.519922][T11091] ? __kasan_check_read+0x11/0x20 [ 1698.525126][T11091] ? do_raw_spin_unlock+0x57/0x270 [ 1698.530585][T11091] do_wp_page+0x499/0x14d0 [ 1698.535042][T11091] ? finish_mkwrite_fault+0x570/0x570 [ 1698.540458][T11091] __handle_mm_fault+0x2120/0x3ce0 [ 1698.545717][T11091] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1698.551429][T11091] ? handle_mm_fault+0x294/0xa90 [ 1698.556502][T11091] ? handle_mm_fault+0x675/0xa90 [ 1698.561478][T11091] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1698.567069][T11091] handle_mm_fault+0x3bb/0xa90 [ 1698.571891][T11091] __do_page_fault+0x536/0xdd0 [ 1698.576839][T11091] do_page_fault+0x38/0x536 [ 1698.581496][T11091] page_fault+0x39/0x40 [ 1698.585676][T11091] RIP: 0033:0x430906 [ 1698.589590][T11091] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 1698.609785][T11091] RSP: 002b:00007fff56ef2240 EFLAGS: 00010206 [ 1698.615974][T11091] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1698.624096][T11091] RDX: 000055555709f930 RSI: 00005555570a7970 RDI: 0000000000000003 [ 1698.632086][T11091] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555709e940 [ 1698.640162][T11091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1698.648334][T11091] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1698.657624][T11091] memory: usage 1332kB, limit 0kB, failcnt 864005 [ 1698.664205][T11091] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1698.671208][T11091] Memory cgroup stats for /syz3: [ 1698.671318][T11091] anon 0 [ 1698.671318][T11091] file 172032 [ 1698.671318][T11091] kernel_stack 65536 [ 1698.671318][T11091] slab 1236992 [ 1698.671318][T11091] sock 0 [ 1698.671318][T11091] shmem 8192 [ 1698.671318][T11091] file_mapped 0 [ 1698.671318][T11091] file_dirty 135168 [ 1698.671318][T11091] file_writeback 0 [ 1698.671318][T11091] anon_thp 0 [ 1698.671318][T11091] inactive_anon 0 [ 1698.671318][T11091] active_anon 0 [ 1698.671318][T11091] inactive_file 135168 [ 1698.671318][T11091] active_file 118784 [ 1698.671318][T11091] unevictable 0 [ 1698.671318][T11091] slab_reclaimable 405504 [ 1698.671318][T11091] slab_unreclaimable 831488 [ 1698.671318][T11091] pgfault 107514 [ 1698.671318][T11091] pgmajfault 0 [ 1698.671318][T11091] workingset_refault 0 [ 1698.671318][T11091] workingset_activate 0 [ 1698.671318][T11091] workingset_nodereclaim 0 [ 1698.671318][T11091] pgrefill 0 [ 1698.671318][T11091] pgscan 0 [ 1698.671318][T11091] pgsteal 0 [ 1698.671318][T11091] pgactivate 0 23:16:37 executing program 1: r0 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) 23:16:37 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r0) 23:16:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) 23:16:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x0, 0x0) [ 1698.767293][T11091] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11091,uid=0 [ 1698.783427][T11091] Memory cgroup out of memory: Killed process 11091 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1698.807552][ T1057] oom_reaper: reaped process 11091 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:16:37 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:37 executing program 0: openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(0xffffffffffffffff) 23:16:38 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:38 executing program 5: r0 = socket$inet6(0xa, 0x801, 0x0) listen(r0, 0x0) 23:16:38 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x800010b, 0x18) 23:16:38 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) fstatfs(r0, &(0x7f0000000080)=""/78) 23:16:38 executing program 2: close(0xffffffffffffffff) r0 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:38 executing program 0: openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(0xffffffffffffffff) 23:16:38 executing program 5: 23:16:38 executing program 2: close(0xffffffffffffffff) r0 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:38 executing program 0: openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) close(0xffffffffffffffff) 23:16:38 executing program 4: 23:16:38 executing program 1: 23:16:38 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:38 executing program 5: 23:16:38 executing program 4: 23:16:38 executing program 0: 23:16:38 executing program 2: close(0xffffffffffffffff) r0 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:38 executing program 1: 23:16:38 executing program 5: 23:16:38 executing program 2: r0 = socket$kcm(0x10, 0x0, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:38 executing program 4: 23:16:38 executing program 0: 23:16:38 executing program 1: 23:16:38 executing program 5: [ 1701.429158][T11173] IPVS: ftp: loaded support on port[0] = 21 [ 1701.576352][T11173] chnl_net:caif_netlink_parms(): no params data found [ 1701.607274][T11173] bridge0: port 1(bridge_slave_0) entered blocking state [ 1701.615182][T11173] bridge0: port 1(bridge_slave_0) entered disabled state [ 1701.623300][T11173] device bridge_slave_0 entered promiscuous mode [ 1701.631784][T11173] bridge0: port 2(bridge_slave_1) entered blocking state [ 1701.639231][T11173] bridge0: port 2(bridge_slave_1) entered disabled state [ 1701.647330][T11173] device bridge_slave_1 entered promiscuous mode [ 1701.741711][T11173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1701.753239][T11173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1701.774936][T11173] team0: Port device team_slave_0 added [ 1701.782255][T11173] team0: Port device team_slave_1 added [ 1701.832406][T11173] device hsr_slave_0 entered promiscuous mode [ 1701.868813][T11173] device hsr_slave_1 entered promiscuous mode [ 1701.908610][T11173] debugfs: Directory 'hsr0' with parent '/' already present! [ 1701.999401][T11173] bridge0: port 2(bridge_slave_1) entered blocking state [ 1702.007425][T11173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1702.015132][T11173] bridge0: port 1(bridge_slave_0) entered blocking state [ 1702.022635][T11173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1702.144266][T11173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1702.156713][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1702.166840][ T4577] bridge0: port 1(bridge_slave_0) entered disabled state [ 1702.175314][ T4577] bridge0: port 2(bridge_slave_1) entered disabled state [ 1702.184855][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1702.197622][T11173] 8021q: adding VLAN 0 to HW filter on device team0 [ 1702.205343][T23426] device bridge_slave_1 left promiscuous mode [ 1702.211906][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1702.249942][T23426] device bridge_slave_0 left promiscuous mode [ 1702.256243][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1704.330589][T23426] device hsr_slave_0 left promiscuous mode [ 1704.398578][T23426] device hsr_slave_1 left promiscuous mode [ 1704.446179][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1704.460834][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1704.474505][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1704.495275][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1704.567515][T23426] bond0 (unregistering): Released all slaves [ 1704.675133][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1704.683554][ T4577] bridge0: port 1(bridge_slave_0) entered blocking state [ 1704.690687][ T4577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1704.698246][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1704.707409][ T4577] bridge0: port 2(bridge_slave_1) entered blocking state [ 1704.714526][ T4577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1704.729488][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1704.738109][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1704.747051][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1704.755437][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1704.764124][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1704.774942][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1704.786107][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1704.794794][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1704.809337][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1704.817885][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1704.829005][T11173] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1704.847662][T11173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1704.980877][T11181] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1705.059537][T11181] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1705.070406][T11181] CPU: 1 PID: 11181 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1705.078073][T11181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1705.088136][T11181] Call Trace: [ 1705.091464][T11181] dump_stack+0x16f/0x1f0 [ 1705.095800][T11181] dump_header+0x10b/0x831 [ 1705.100227][T11181] oom_kill_process.cold+0x10/0x15 [ 1705.105348][T11181] out_of_memory+0x79a/0x12d0 [ 1705.110031][T11181] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1705.115670][T11181] ? cgroup_file_notify+0x140/0x1b0 [ 1705.120885][T11181] ? oom_killer_disable+0x280/0x280 [ 1705.126098][T11181] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1705.131653][T11181] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1705.137305][T11181] ? cgroup_file_notify+0x140/0x1b0 [ 1705.142527][T11181] memory_max_write+0x262/0x3a0 [ 1705.147394][T11181] ? mem_cgroup_write+0x360/0x360 [ 1705.152431][T11181] ? cgroup_file_write+0x86/0x790 [ 1705.157465][T11181] cgroup_file_write+0x307/0x790 [ 1705.162411][T11181] ? mem_cgroup_write+0x360/0x360 [ 1705.167439][T11181] ? cgroup_show_path+0x590/0x590 [ 1705.172479][T11181] ? cgroup_show_path+0x590/0x590 [ 1705.177509][T11181] kernfs_fop_write+0x2b8/0x480 [ 1705.182375][T11181] __vfs_write+0x8a/0x110 [ 1705.186755][T11181] ? kernfs_fop_open+0xd80/0xd80 [ 1705.191700][T11181] vfs_write+0x268/0x5d0 [ 1705.195954][T11181] ksys_write+0x14f/0x290 [ 1705.200295][T11181] ? __ia32_sys_read+0xb0/0xb0 [ 1705.205076][T11181] ? do_syscall_64+0x26/0x6a0 [ 1705.209763][T11181] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1705.215835][T11181] ? do_syscall_64+0x26/0x6a0 [ 1705.220524][T11181] __x64_sys_write+0x73/0xb0 [ 1705.225120][T11181] do_syscall_64+0xfd/0x6a0 [ 1705.229633][T11181] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1705.235525][T11181] RIP: 0033:0x459829 [ 1705.239423][T11181] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1705.259040][T11181] RSP: 002b:00007f87eb397c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1705.267465][T11181] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1705.275454][T11181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1705.283442][T11181] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1705.291427][T11181] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f87eb3986d4 [ 1705.299417][T11181] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1705.309107][T11181] memory: usage 3664kB, limit 0kB, failcnt 864006 [ 1705.315596][T11181] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1705.322702][T11181] Memory cgroup stats for /syz3: [ 1705.323422][T11181] anon 2220032 [ 1705.323422][T11181] file 172032 [ 1705.323422][T11181] kernel_stack 65536 [ 1705.323422][T11181] slab 1236992 [ 1705.323422][T11181] sock 0 [ 1705.323422][T11181] shmem 8192 [ 1705.323422][T11181] file_mapped 0 [ 1705.323422][T11181] file_dirty 135168 [ 1705.323422][T11181] file_writeback 0 [ 1705.323422][T11181] anon_thp 2097152 [ 1705.323422][T11181] inactive_anon 0 [ 1705.323422][T11181] active_anon 2220032 [ 1705.323422][T11181] inactive_file 135168 [ 1705.323422][T11181] active_file 118784 [ 1705.323422][T11181] unevictable 0 [ 1705.323422][T11181] slab_reclaimable 405504 [ 1705.323422][T11181] slab_unreclaimable 831488 [ 1705.323422][T11181] pgfault 107580 [ 1705.323422][T11181] pgmajfault 0 [ 1705.323422][T11181] workingset_refault 0 [ 1705.323422][T11181] workingset_activate 0 [ 1705.323422][T11181] workingset_nodereclaim 0 [ 1705.323422][T11181] pgrefill 0 [ 1705.323422][T11181] pgscan 0 [ 1705.323422][T11181] pgsteal 0 [ 1705.323422][T11181] pgactivate 0 [ 1705.420492][T11181] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11179,uid=0 [ 1705.436547][T11181] Memory cgroup out of memory: Killed process 11179 (syz-executor.3) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 1705.458139][ T1057] oom_reaper: reaped process 11179 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:16:44 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140), 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:44 executing program 4: 23:16:44 executing program 0: 23:16:44 executing program 1: 23:16:44 executing program 2: r0 = socket$kcm(0x10, 0x0, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:44 executing program 5: [ 1705.587180][T11173] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1705.597286][T11173] CPU: 1 PID: 11173 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1705.604925][T11173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1705.614980][T11173] Call Trace: [ 1705.618275][T11173] dump_stack+0x16f/0x1f0 [ 1705.622621][T11173] dump_header+0x10b/0x831 [ 1705.627041][T11173] ? oom_kill_process+0x94/0x3c0 [ 1705.631981][T11173] oom_kill_process.cold+0x10/0x15 23:16:44 executing program 1: [ 1705.637095][T11173] out_of_memory+0x79a/0x12d0 [ 1705.641774][T11173] ? lock_downgrade+0x920/0x920 [ 1705.646637][T11173] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1705.652444][T11173] ? oom_killer_disable+0x280/0x280 [ 1705.657654][T11173] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1705.663205][T11173] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1705.669457][T11173] ? do_raw_spin_unlock+0x57/0x270 [ 1705.674579][T11173] ? _raw_spin_unlock+0x23/0x30 [ 1705.679437][T11173] try_charge+0x1053/0x1430 [ 1705.683964][T11173] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1705.689517][T11173] ? percpu_ref_tryget_live+0x104/0x270 [ 1705.695072][T11173] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1705.700630][T11173] mem_cgroup_try_charge+0x136/0x590 [ 1705.705925][T11173] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1705.711566][T11173] __handle_mm_fault+0x1c63/0x3ce0 [ 1705.716690][T11173] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1705.722245][T11173] ? handle_mm_fault+0x294/0xa90 [ 1705.727201][T11173] ? handle_mm_fault+0x675/0xa90 [ 1705.732148][T11173] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1705.737467][T11173] handle_mm_fault+0x3bb/0xa90 [ 1705.742252][T11173] __do_page_fault+0x536/0xdd0 [ 1705.747029][T11173] do_page_fault+0x38/0x536 [ 1705.751539][T11173] page_fault+0x39/0x40 [ 1705.755695][T11173] RIP: 0033:0x4034f2 [ 1705.759593][T11173] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 1705.779222][T11173] RSP: 002b:00007ffdd52c7f40 EFLAGS: 00010246 23:16:44 executing program 1: [ 1705.785289][T11173] RAX: 0000000000000000 RBX: 00000000001a041b RCX: 0000000000413430 [ 1705.793265][T11173] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdd52c9070 [ 1705.801231][T11173] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557211940 [ 1705.809204][T11173] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd52c9070 [ 1705.817172][T11173] R13: 00007ffdd52c9060 R14: 0000000000000000 R15: 00007ffdd52c9070 [ 1705.825845][T11173] memory: usage 1340kB, limit 0kB, failcnt 864014 [ 1705.832312][T11173] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1705.839214][T11173] Memory cgroup stats for /syz3: [ 1705.839334][T11173] anon 49152 [ 1705.839334][T11173] file 172032 [ 1705.839334][T11173] kernel_stack 0 [ 1705.839334][T11173] slab 1236992 [ 1705.839334][T11173] sock 0 [ 1705.839334][T11173] shmem 8192 [ 1705.839334][T11173] file_mapped 0 [ 1705.839334][T11173] file_dirty 135168 [ 1705.839334][T11173] file_writeback 0 [ 1705.839334][T11173] anon_thp 0 [ 1705.839334][T11173] inactive_anon 0 [ 1705.839334][T11173] active_anon 49152 [ 1705.839334][T11173] inactive_file 135168 [ 1705.839334][T11173] active_file 118784 [ 1705.839334][T11173] unevictable 0 [ 1705.839334][T11173] slab_reclaimable 405504 [ 1705.839334][T11173] slab_unreclaimable 831488 [ 1705.839334][T11173] pgfault 107580 [ 1705.839334][T11173] pgmajfault 0 [ 1705.839334][T11173] workingset_refault 0 [ 1705.839334][T11173] workingset_activate 0 [ 1705.839334][T11173] workingset_nodereclaim 0 [ 1705.839334][T11173] pgrefill 0 [ 1705.839334][T11173] pgscan 0 [ 1705.839334][T11173] pgsteal 0 [ 1705.839334][T11173] pgactivate 0 23:16:44 executing program 5: 23:16:44 executing program 0: 23:16:44 executing program 2: r0 = socket$kcm(0x10, 0x0, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:44 executing program 4: [ 1705.933945][T11173] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11173,uid=0 [ 1705.934034][T11173] Memory cgroup out of memory: Killed process 11173 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 1705.968986][ T1057] oom_reaper: reaped process 11173 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:16:45 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140), 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:45 executing program 1: 23:16:45 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:45 executing program 5: 23:16:45 executing program 4: 23:16:45 executing program 0: 23:16:45 executing program 0: 23:16:45 executing program 1: 23:16:45 executing program 4: 23:16:45 executing program 5: 23:16:45 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:45 executing program 4: 23:16:45 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140), 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:16:45 executing program 0: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$P9_RMKDIR(r0, &(0x7f0000000080)={0xfffffffffffffdfa, 0x49, 0x0, {0x0, 0x3}}, 0xefe53f4c) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2e6cd7a8}) write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) 23:16:45 executing program 1: 23:16:45 executing program 5: 23:16:45 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:45 executing program 4: 23:16:46 executing program 5: 23:16:46 executing program 1: 23:16:46 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:46 executing program 4: 23:16:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x2, 0x800000000000803, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) 23:16:46 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1708.991396][T11254] IPVS: ftp: loaded support on port[0] = 21 [ 1709.133631][T11254] chnl_net:caif_netlink_parms(): no params data found [ 1709.236030][T11254] bridge0: port 1(bridge_slave_0) entered blocking state [ 1709.243336][T11254] bridge0: port 1(bridge_slave_0) entered disabled state [ 1709.251483][T11254] device bridge_slave_0 entered promiscuous mode [ 1709.336024][T11254] bridge0: port 2(bridge_slave_1) entered blocking state [ 1709.343160][T11254] bridge0: port 2(bridge_slave_1) entered disabled state [ 1709.351358][T11254] device bridge_slave_1 entered promiscuous mode [ 1709.367894][T11254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1709.379349][T11254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1709.401105][T11254] team0: Port device team_slave_0 added [ 1709.407863][T11254] team0: Port device team_slave_1 added [ 1709.415623][T23426] device bridge_slave_1 left promiscuous mode [ 1709.422018][T23426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1709.489957][T23426] device bridge_slave_0 left promiscuous mode [ 1709.496146][T23426] bridge0: port 1(bridge_slave_0) entered disabled state [ 1711.529593][T23426] device hsr_slave_0 left promiscuous mode [ 1711.569158][T23426] device hsr_slave_1 left promiscuous mode [ 1711.616641][T23426] team0 (unregistering): Port device team_slave_1 removed [ 1711.631142][T23426] team0 (unregistering): Port device team_slave_0 removed [ 1711.644711][T23426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1711.694395][T23426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1711.769735][T23426] bond0 (unregistering): Released all slaves [ 1711.922112][T11254] device hsr_slave_0 entered promiscuous mode [ 1711.978762][T11254] device hsr_slave_1 entered promiscuous mode [ 1712.018484][T11254] debugfs: Directory 'hsr0' with parent '/' already present! [ 1712.068034][T11254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1712.080776][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1712.089345][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1712.147376][T11254] 8021q: adding VLAN 0 to HW filter on device team0 [ 1712.157787][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1712.166657][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1712.175140][T20827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1712.182245][T20827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1712.219170][T11254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1712.229980][T11254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1712.242782][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1712.250997][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1712.259771][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1712.268220][T20827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1712.275311][T20827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1712.282991][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1712.291879][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1712.300689][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1712.309432][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1712.317942][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1712.326724][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1712.335477][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1712.344016][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1712.352671][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1712.364539][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1712.372333][T20827] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1712.394086][T11254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1712.551698][T11262] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1712.634335][T11262] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1712.644897][T11262] CPU: 1 PID: 11262 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1712.652543][T11262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1712.662607][T11262] Call Trace: [ 1712.665914][T11262] dump_stack+0x16f/0x1f0 [ 1712.670260][T11262] dump_header+0x10b/0x831 [ 1712.674694][T11262] oom_kill_process.cold+0x10/0x15 [ 1712.679817][T11262] out_of_memory+0x79a/0x12d0 [ 1712.684501][T11262] ? trace_hardirqs_on_caller+0x6a/0x210 [ 1712.690138][T11262] ? cgroup_file_notify+0x140/0x1b0 [ 1712.695368][T11262] ? oom_killer_disable+0x280/0x280 [ 1712.700585][T11262] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1712.706136][T11262] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1712.711784][T11262] ? cgroup_file_notify+0x140/0x1b0 [ 1712.716993][T11262] memory_max_write+0x262/0x3a0 [ 1712.721857][T11262] ? mem_cgroup_write+0x360/0x360 [ 1712.726891][T11262] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1712.732362][T11262] cgroup_file_write+0x307/0x790 [ 1712.737308][T11262] ? mem_cgroup_write+0x360/0x360 [ 1712.742354][T11262] ? cgroup_show_path+0x590/0x590 [ 1712.747389][T11262] ? cgroup_show_path+0x590/0x590 [ 1712.752417][T11262] kernfs_fop_write+0x2b8/0x480 [ 1712.757277][T11262] __vfs_write+0x8a/0x110 [ 1712.761614][T11262] ? kernfs_fop_open+0xd80/0xd80 [ 1712.766559][T11262] vfs_write+0x268/0x5d0 [ 1712.770809][T11262] ksys_write+0x14f/0x290 [ 1712.775144][T11262] ? __ia32_sys_read+0xb0/0xb0 [ 1712.779914][T11262] ? do_syscall_64+0x26/0x6a0 [ 1712.784595][T11262] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1712.790659][T11262] ? do_syscall_64+0x26/0x6a0 [ 1712.795342][T11262] __x64_sys_write+0x73/0xb0 [ 1712.799937][T11262] do_syscall_64+0xfd/0x6a0 [ 1712.804455][T11262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1712.810351][T11262] RIP: 0033:0x459829 [ 1712.814246][T11262] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1712.833875][T11262] RSP: 002b:00007f6ea2123c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1712.842295][T11262] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1712.850289][T11262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1712.858264][T11262] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1712.866231][T11262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ea21246d4 [ 1712.874203][T11262] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1712.882756][T11262] memory: usage 3488kB, limit 0kB, failcnt 864015 [ 1712.889510][T11262] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1712.896516][T11262] Memory cgroup stats for /syz3: [ 1712.897476][T11262] anon 2113536 [ 1712.897476][T11262] file 172032 [ 1712.897476][T11262] kernel_stack 0 [ 1712.897476][T11262] slab 1101824 [ 1712.897476][T11262] sock 0 [ 1712.897476][T11262] shmem 8192 [ 1712.897476][T11262] file_mapped 0 [ 1712.897476][T11262] file_dirty 135168 [ 1712.897476][T11262] file_writeback 0 [ 1712.897476][T11262] anon_thp 2097152 [ 1712.897476][T11262] inactive_anon 0 [ 1712.897476][T11262] active_anon 2113536 [ 1712.897476][T11262] inactive_file 135168 [ 1712.897476][T11262] active_file 118784 [ 1712.897476][T11262] unevictable 0 [ 1712.897476][T11262] slab_reclaimable 405504 [ 1712.897476][T11262] slab_unreclaimable 696320 [ 1712.897476][T11262] pgfault 107679 [ 1712.897476][T11262] pgmajfault 0 [ 1712.897476][T11262] workingset_refault 0 [ 1712.897476][T11262] workingset_activate 0 [ 1712.897476][T11262] workingset_nodereclaim 0 [ 1712.897476][T11262] pgrefill 0 [ 1712.897476][T11262] pgscan 0 [ 1712.897476][T11262] pgsteal 0 [ 1712.897476][T11262] pgactivate 0 [ 1712.998455][T11262] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11261,uid=0 [ 1713.014535][T11262] Memory cgroup out of memory: Killed process 11261 (syz-executor.3) total-vm:72576kB, anon-rss:2184kB, file-rss:35804kB, shmem-rss:0kB [ 1713.030891][ T1057] oom_reaper: reaped process 11261 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 23:16:52 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 23:16:52 executing program 1: r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) add_key(0x0, 0x0, &(0x7f0000000080)="b9093c7d09310533856f68ca94c0c6636242d7a679398e50ec207bf07dd79344d51f9dae9d0ef6fa7e5a27f8d747ba627abab85beb8cd1f0fa30", 0x3a, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x21) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x2, 0xfa}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 23:16:52 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:16:52 executing program 4: 23:16:52 executing program 5: 23:16:52 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r3, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 23:16:52 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1713.229312][T11254] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1713.239442][T11254] CPU: 1 PID: 11254 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 1713.247089][T11254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1713.257154][T11254] Call Trace: [ 1713.260465][T11254] dump_stack+0x16f/0x1f0 [ 1713.264809][T11254] dump_header+0x10b/0x831 [ 1713.269231][T11254] ? oom_kill_process+0x94/0x3c0 [ 1713.274177][T11254] oom_kill_process.cold+0x10/0x15 23:16:52 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1713.279295][T11254] out_of_memory+0x79a/0x12d0 [ 1713.283980][T11254] ? lock_downgrade+0x920/0x920 [ 1713.288842][T11254] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1713.294669][T11254] ? oom_killer_disable+0x280/0x280 [ 1713.299902][T11254] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1713.305460][T11254] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1713.311377][T11254] ? do_raw_spin_unlock+0x57/0x270 [ 1713.316501][T11254] ? _raw_spin_unlock+0x23/0x30 [ 1713.321372][T11254] try_charge+0x1053/0x1430 [ 1713.325893][T11254] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1713.331447][T11254] ? percpu_ref_tryget_live+0x104/0x270 [ 1713.337017][T11254] ? get_mem_cgroup_from_mm+0x15a/0x320 [ 1713.342584][T11254] mem_cgroup_try_charge+0x136/0x590 [ 1713.347890][T11254] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1713.353548][T11254] wp_page_copy+0x27c/0x1380 [ 1713.358166][T11254] ? find_held_lock+0x35/0x130 [ 1713.362946][T11254] ? pmd_pfn+0x1d0/0x1d0 [ 1713.367203][T11254] ? lock_downgrade+0x920/0x920 [ 1713.372056][T11254] ? swp_swapcount+0x520/0x520 [ 1713.376820][T11254] ? __kasan_check_read+0x11/0x20 [ 1713.381845][T11254] ? do_raw_spin_unlock+0x57/0x270 [ 1713.386959][T11254] do_wp_page+0x499/0x14d0 [ 1713.391382][T11254] ? finish_mkwrite_fault+0x570/0x570 [ 1713.396769][T11254] __handle_mm_fault+0x2120/0x3ce0 [ 1713.401907][T11254] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1713.407475][T11254] ? handle_mm_fault+0x294/0xa90 [ 1713.412428][T11254] ? handle_mm_fault+0x675/0xa90 [ 1713.417370][T11254] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1713.422661][T11254] handle_mm_fault+0x3bb/0xa90 [ 1713.427436][T11254] __do_page_fault+0x536/0xdd0 [ 1713.432217][T11254] do_page_fault+0x38/0x536 [ 1713.436724][T11254] page_fault+0x39/0x40 [ 1713.440876][T11254] RIP: 0033:0x4034f2 [ 1713.444767][T11254] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 1713.464461][T11254] RSP: 002b:00007ffef1693c10 EFLAGS: 00010246 [ 1713.470530][T11254] RAX: 0000000000000000 RBX: 00000000001a21bc RCX: 0000000000413430 23:16:52 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140), 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 1713.478501][T11254] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffef1694d40 [ 1713.486591][T11254] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ab3940 [ 1713.495063][T11254] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffef1694d40 [ 1713.503289][T11254] R13: 00007ffef1694d30 R14: 0000000000000000 R15: 00007ffef1694d40 [ 1713.512177][T11254] memory: usage 1156kB, limit 0kB, failcnt 864023 [ 1713.518774][T11254] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1713.525824][T11254] Memory cgroup stats for /syz3: [ 1713.525945][T11254] anon 12288 [ 1713.525945][T11254] file 172032 [ 1713.525945][T11254] kernel_stack 0 [ 1713.525945][T11254] slab 1101824 [ 1713.525945][T11254] sock 0 [ 1713.525945][T11254] shmem 8192 [ 1713.525945][T11254] file_mapped 0 [ 1713.525945][T11254] file_dirty 135168 [ 1713.525945][T11254] file_writeback 0 [ 1713.525945][T11254] anon_thp 0 [ 1713.525945][T11254] inactive_anon 0 [ 1713.525945][T11254] active_anon 12288 [ 1713.525945][T11254] inactive_file 135168 [ 1713.525945][T11254] active_file 118784 [ 1713.525945][T11254] unevictable 0 [ 1713.525945][T11254] slab_reclaimable 405504 [ 1713.525945][T11254] slab_unreclaimable 696320 [ 1713.525945][T11254] pgfault 107679 [ 1713.525945][T11254] pgmajfault 0 [ 1713.525945][T11254] workingset_refault 0 [ 1713.525945][T11254] workingset_activate 0 [ 1713.525945][T11254] workingset_nodereclaim 0 [ 1713.525945][T11254] pgrefill 0 [ 1713.525945][T11254] pgscan 0 [ 1713.525945][T11254] pgsteal 0 [ 1713.525945][T11254] pgactivate 0 23:16:52 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1713.623540][T11254] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11254,uid=0 [ 1713.629527][T11275] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1713.639170][T11254] Memory cgroup out of memory: Killed process 11254 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB 23:16:52 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, 0x0, 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 1713.672181][ T1057] oom_reaper: reaped process 11254 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 23:16:52 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) [ 1713.836977][T11269] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1713.847429][T11269] CPU: 1 PID: 11269 Comm: syz-executor.0 Not tainted 5.2.0+ #71 [ 1713.855067][T11269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1713.865132][T11269] Call Trace: [ 1713.868447][T11269] dump_stack+0x16f/0x1f0 [ 1713.872798][T11269] dump_header+0x10b/0x831 [ 1713.877237][T11269] oom_kill_process.cold+0x10/0x15 [ 1713.882494][T11269] out_of_memory+0x79a/0x12d0 [ 1713.887190][T11269] ? cgroup_file_notify+0x140/0x1b0 [ 1713.892398][T11269] ? oom_killer_disable+0x280/0x280 [ 1713.897613][T11269] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1713.903166][T11269] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1713.908817][T11269] ? cgroup_file_notify+0x140/0x1b0 [ 1713.914026][T11269] memory_max_write+0x262/0x3a0 [ 1713.918889][T11269] ? mem_cgroup_write+0x360/0x360 [ 1713.923924][T11269] ? lock_acquire+0x190/0x400 [ 1713.928602][T11269] ? kernfs_fop_write+0x227/0x480 [ 1713.933637][T11269] cgroup_file_write+0x307/0x790 [ 1713.938582][T11269] ? mem_cgroup_write+0x360/0x360 [ 1713.943599][T11269] ? cgroup_show_path+0x590/0x590 [ 1713.948640][T11269] ? cgroup_show_path+0x590/0x590 [ 1713.953677][T11269] kernfs_fop_write+0x2b8/0x480 [ 1713.958539][T11269] __vfs_write+0x8a/0x110 [ 1713.963075][T11269] ? kernfs_fop_open+0xd80/0xd80 [ 1713.968497][T11269] vfs_write+0x268/0x5d0 [ 1713.972746][T11269] ksys_write+0x14f/0x290 [ 1713.977079][T11269] ? __ia32_sys_read+0xb0/0xb0 [ 1713.982271][T11269] ? do_syscall_64+0x26/0x6a0 [ 1713.987226][T11269] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1713.993316][T11269] ? do_syscall_64+0x26/0x6a0 [ 1713.998723][T11269] __x64_sys_write+0x73/0xb0 [ 1714.003530][T11269] do_syscall_64+0xfd/0x6a0 [ 1714.008052][T11269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1714.014199][T11269] RIP: 0033:0x459829 [ 1714.018249][T11269] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1714.039417][T11269] RSP: 002b:00007f27697bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1714.047831][T11269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1714.055802][T11269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1714.063777][T11269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1714.071752][T11269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27697bb6d4 [ 1714.079723][T11269] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1714.088117][T11269] memory: usage 12832kB, limit 0kB, failcnt 0 [ 1714.094464][T11269] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1714.101454][T11269] Memory cgroup stats for /syz0: [ 1714.101816][T11269] anon 6774784 [ 1714.101816][T11269] file 167936 [ 1714.101816][T11269] kernel_stack 196608 [ 1714.101816][T11269] slab 5255168 [ 1714.101816][T11269] sock 0 [ 1714.101816][T11269] shmem 143360 [ 1714.101816][T11269] file_mapped 135168 [ 1714.101816][T11269] file_dirty 0 [ 1714.101816][T11269] file_writeback 0 [ 1714.101816][T11269] anon_thp 6291456 [ 1714.101816][T11269] inactive_anon 135168 [ 1714.101816][T11269] active_anon 6844416 [ 1714.101816][T11269] inactive_file 135168 [ 1714.101816][T11269] active_file 122880 [ 1714.101816][T11269] unevictable 0 [ 1714.101816][T11269] slab_reclaimable 2162688 [ 1714.101816][T11269] slab_unreclaimable 3092480 [ 1714.101816][T11269] pgfault 111540 [ 1714.101816][T11269] pgmajfault 0 [ 1714.101816][T11269] workingset_refault 0 [ 1714.101816][T11269] workingset_activate 0 [ 1714.101816][T11269] workingset_nodereclaim 0 [ 1714.101816][T11269] pgrefill 0 [ 1714.101816][T11269] pgscan 0 [ 1714.101816][T11269] pgsteal 0 [ 1714.195631][T11269] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31309,uid=0 [ 1714.212137][T11269] Memory cgroup out of memory: Killed process 31309 (syz-executor.0) total-vm:72704kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 1714.229185][ T1057] oom_reaper: reaped process 31309 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1714.240489][T11269] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1714.250893][T11269] CPU: 1 PID: 11269 Comm: syz-executor.0 Not tainted 5.2.0+ #71 [ 1714.258544][T11269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1714.268627][T11269] Call Trace: [ 1714.271935][T11269] dump_stack+0x16f/0x1f0 [ 1714.276282][T11269] dump_header+0x10b/0x831 [ 1714.280710][T11269] oom_kill_process.cold+0x10/0x15 [ 1714.285830][T11269] out_of_memory+0x79a/0x12d0 [ 1714.290520][T11269] ? cgroup_file_notify+0x140/0x1b0 [ 1714.295732][T11269] ? oom_killer_disable+0x280/0x280 [ 1714.300946][T11269] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1714.306510][T11269] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1714.312183][T11269] ? cgroup_file_notify+0x140/0x1b0 [ 1714.317413][T11269] memory_max_write+0x262/0x3a0 [ 1714.322283][T11269] ? mem_cgroup_write+0x360/0x360 [ 1714.327313][T11269] ? lock_acquire+0x190/0x400 [ 1714.331992][T11269] ? kernfs_fop_write+0x227/0x480 [ 1714.337019][T11269] cgroup_file_write+0x307/0x790 [ 1714.341957][T11269] ? mem_cgroup_write+0x360/0x360 [ 1714.346975][T11269] ? cgroup_show_path+0x590/0x590 [ 1714.352000][T11269] ? cgroup_show_path+0x590/0x590 [ 1714.357025][T11269] kernfs_fop_write+0x2b8/0x480 [ 1714.361878][T11269] __vfs_write+0x8a/0x110 [ 1714.366209][T11269] ? kernfs_fop_open+0xd80/0xd80 [ 1714.371158][T11269] vfs_write+0x268/0x5d0 [ 1714.375415][T11269] ksys_write+0x14f/0x290 [ 1714.379772][T11269] ? __ia32_sys_read+0xb0/0xb0 [ 1714.384545][T11269] ? do_syscall_64+0x26/0x6a0 [ 1714.389233][T11269] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1714.395326][T11269] ? do_syscall_64+0x26/0x6a0 [ 1714.400025][T11269] __x64_sys_write+0x73/0xb0 [ 1714.404638][T11269] do_syscall_64+0xfd/0x6a0 [ 1714.409161][T11269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1714.415063][T11269] RIP: 0033:0x459829 [ 1714.418965][T11269] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1714.438574][T11269] RSP: 002b:00007f27697bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1714.447028][T11269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 1714.455015][T11269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1714.463022][T11269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1714.471002][T11269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27697bb6d4 [ 1714.479010][T11269] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 1714.487180][T11269] memory: usage 10524kB, limit 0kB, failcnt 0 [ 1714.493342][T11269] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1714.500268][T11269] Memory cgroup stats for /syz0: [ 1714.500400][T11269] anon 4653056 [ 1714.500400][T11269] file 167936 [ 1714.500400][T11269] kernel_stack 196608 [ 1714.500400][T11269] slab 5255168 [ 1714.500400][T11269] sock 0 [ 1714.500400][T11269] shmem 143360 [ 1714.500400][T11269] file_mapped 135168 [ 1714.500400][T11269] file_dirty 0 [ 1714.500400][T11269] file_writeback 0 [ 1714.500400][T11269] anon_thp 4194304 [ 1714.500400][T11269] inactive_anon 135168 [ 1714.500400][T11269] active_anon 4653056 [ 1714.500400][T11269] inactive_file 135168 [ 1714.500400][T11269] active_file 122880 [ 1714.500400][T11269] unevictable 0 [ 1714.500400][T11269] slab_reclaimable 2162688 [ 1714.500400][T11269] slab_unreclaimable 3092480 [ 1714.500400][T11269] pgfault 111540 [ 1714.500400][T11269] pgmajfault 0 [ 1714.500400][T11269] workingset_refault 0 [ 1714.500400][T11269] workingset_activate 0 [ 1714.500400][T11269] workingset_nodereclaim 0 [ 1714.500400][T11269] pgrefill 0 [ 1714.500400][T11269] pgscan 0 [ 1714.500400][T11269] pgsteal 0 [ 1714.593992][T11269] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11268,uid=0 [ 1714.594085][T11269] Memory cgroup out of memory: Killed process 11268 (syz-executor.0) total-vm:72572kB, anon-rss:2196kB, file-rss:35848kB, shmem-rss:0kB [ 1714.685605][ T9060] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1714.696886][ T9060] CPU: 0 PID: 9060 Comm: syz-executor.0 Not tainted 5.2.0+ #71 [ 1714.704447][ T9060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1714.714513][ T9060] Call Trace: [ 1714.717812][ T9060] dump_stack+0x16f/0x1f0 [ 1714.722132][ T9060] dump_header+0x10b/0x831 [ 1714.726525][ T9060] ? oom_kill_process+0x94/0x3c0 [ 1714.731459][ T9060] oom_kill_process.cold+0x10/0x15 [ 1714.736560][ T9060] out_of_memory+0x79a/0x12d0 [ 1714.741240][ T9060] ? lock_downgrade+0x920/0x920 [ 1714.746076][ T9060] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1714.751877][ T9060] ? oom_killer_disable+0x280/0x280 [ 1714.757075][ T9060] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1714.762606][ T9060] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1714.768221][ T9060] ? do_raw_spin_unlock+0x57/0x270 [ 1714.773317][ T9060] ? _raw_spin_unlock+0x23/0x30 [ 1714.778152][ T9060] try_charge+0x1053/0x1430 [ 1714.782637][ T9060] ? __lock_acquire+0x7b0/0x4c30 [ 1714.787554][ T9060] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1714.793090][ T9060] ? cache_grow_begin+0x124/0xc90 [ 1714.798097][ T9060] ? find_held_lock+0x35/0x130 [ 1714.802855][ T9060] ? cache_grow_begin+0x124/0xc90 [ 1714.807862][ T9060] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1714.813298][ T9060] ? memcg_kmem_put_cache+0x1b0/0x1b0 [ 1714.818655][ T9060] cache_grow_begin+0x601/0xc90 [ 1714.823486][ T9060] ? write_comp_data+0x31/0x70 [ 1714.828230][ T9060] ? mempolicy_slab_node+0x139/0x390 [ 1714.833497][ T9060] fallback_alloc+0x1fd/0x2d0 [ 1714.838155][ T9060] ____cache_alloc_node+0x1bc/0x1d0 [ 1714.843339][ T9060] ? trace_hardirqs_off+0x62/0x210 [ 1714.848441][ T9060] kmem_cache_alloc+0x1e8/0x700 [ 1714.853295][ T9060] ? inet_create+0x2f4/0xe00 [ 1714.857889][ T9060] ? __sock_create+0x386/0x740 [ 1714.862641][ T9060] sk_prot_alloc+0x67/0x310 [ 1714.867124][ T9060] sk_alloc+0x39/0xf60 [ 1714.871190][ T9060] inet_create+0x36c/0xe00 [ 1714.875628][ T9060] __sock_create+0x3de/0x740 [ 1714.880204][ T9060] ? _raw_spin_unlock_irq+0x28/0x70 [ 1714.885385][ T9060] __sys_socket+0x103/0x220 [ 1714.889879][ T9060] ? move_addr_to_kernel+0x80/0x80 [ 1714.895072][ T9060] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1714.900513][ T9060] ? do_syscall_64+0x26/0x6a0 [ 1714.905169][ T9060] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1714.911222][ T9060] ? do_syscall_64+0x26/0x6a0 [ 1714.915920][ T9060] __x64_sys_socket+0x73/0xb0 [ 1714.920583][ T9060] do_syscall_64+0xfd/0x6a0 [ 1714.925069][ T9060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1714.930948][ T9060] RIP: 0033:0x45c377 [ 1714.935703][ T9060] Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1714.960259][ T9060] RSP: 002b:00007ffd23b92e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1714.968659][ T9060] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 000000000045c377 [ 1714.976650][ T9060] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 1714.984609][ T9060] RBP: 0000000000000f18 R08: 0000000000000000 R09: 000000000000000a [ 1714.992600][ T9060] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1715.000573][ T9060] R13: 00007ffd23b93540 R14: 00000000001a2410 R15: 00007ffd23b93550 [ 1715.010141][ T9060] memory: usage 8100kB, limit 0kB, failcnt 12 [ 1715.016235][ T9060] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1715.023116][ T9060] Memory cgroup stats for /syz0: [ 1715.023185][ T9060] anon 2506752 [ 1715.023185][ T9060] file 167936 [ 1715.023185][ T9060] kernel_stack 131072 [ 1715.023185][ T9060] slab 5255168 [ 1715.023185][ T9060] sock 0 [ 1715.023185][ T9060] shmem 143360 [ 1715.023185][ T9060] file_mapped 135168 [ 1715.023185][ T9060] file_dirty 0 [ 1715.023185][ T9060] file_writeback 0 [ 1715.023185][ T9060] anon_thp 2097152 [ 1715.023185][ T9060] inactive_anon 135168 [ 1715.023185][ T9060] active_anon 2506752 [ 1715.023185][ T9060] inactive_file 135168 [ 1715.023185][ T9060] active_file 122880 [ 1715.023185][ T9060] unevictable 0 [ 1715.023185][ T9060] slab_reclaimable 2162688 [ 1715.023185][ T9060] slab_unreclaimable 3092480 [ 1715.023185][ T9060] pgfault 111540 [ 1715.023185][ T9060] pgmajfault 0 [ 1715.023185][ T9060] workingset_refault 0 [ 1715.023185][ T9060] workingset_activate 0 [ 1715.023185][ T9060] workingset_nodereclaim 0 [ 1715.023185][ T9060] pgrefill 0 [ 1715.023185][ T9060] pgscan 0 [ 1715.023185][ T9060] pgsteal 0 [ 1715.116612][ T9060] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17944,uid=0 [ 1715.132163][ T9060] Memory cgroup out of memory: Killed process 17944 (syz-executor.0) total-vm:72704kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 1715.148955][ T1057] oom_reaper: reaped process 17944 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1715.190124][ T9060] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1715.201565][ T9060] CPU: 0 PID: 9060 Comm: syz-executor.0 Not tainted 5.2.0+ #71 [ 1715.209116][ T9060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1715.219168][ T9060] Call Trace: [ 1715.222483][ T9060] dump_stack+0x16f/0x1f0 [ 1715.226839][ T9060] dump_header+0x10b/0x831 [ 1715.231241][ T9060] ? oom_kill_process+0x94/0x3c0 [ 1715.236162][ T9060] oom_kill_process.cold+0x10/0x15 [ 1715.241280][ T9060] out_of_memory+0x79a/0x12d0 [ 1715.245959][ T9060] ? lock_downgrade+0x920/0x920 [ 1715.250799][ T9060] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1715.256592][ T9060] ? oom_killer_disable+0x280/0x280 [ 1715.261795][ T9060] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1715.267342][ T9060] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1715.272970][ T9060] ? do_raw_spin_unlock+0x57/0x270 [ 1715.278063][ T9060] ? _raw_spin_unlock+0x23/0x30 [ 1715.282912][ T9060] try_charge+0x1053/0x1430 [ 1715.287411][ T9060] ? __lock_acquire+0x7b0/0x4c30 [ 1715.292365][ T9060] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1715.297895][ T9060] ? cache_grow_begin+0x124/0xc90 [ 1715.303549][ T9060] ? find_held_lock+0x35/0x130 [ 1715.308307][ T9060] ? cache_grow_begin+0x124/0xc90 [ 1715.313320][ T9060] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1715.319118][ T9060] ? memcg_kmem_put_cache+0x1b0/0x1b0 [ 1715.324486][ T9060] cache_grow_begin+0x601/0xc90 [ 1715.329316][ T9060] ? write_comp_data+0x31/0x70 [ 1715.334082][ T9060] ? mempolicy_slab_node+0x139/0x390 [ 1715.339365][ T9060] fallback_alloc+0x1fd/0x2d0 [ 1715.344036][ T9060] ____cache_alloc_node+0x1bc/0x1d0 [ 1715.349218][ T9060] ? trace_hardirqs_off+0x62/0x210 [ 1715.354306][ T9060] kmem_cache_alloc+0x1e8/0x700 [ 1715.359155][ T9060] ? inet_create+0x2f4/0xe00 [ 1715.363752][ T9060] ? __sock_create+0x386/0x740 [ 1715.368533][ T9060] sk_prot_alloc+0x67/0x310 [ 1715.373135][ T9060] sk_alloc+0x39/0xf60 [ 1715.377189][ T9060] inet_create+0x36c/0xe00 [ 1715.381607][ T9060] __sock_create+0x3de/0x740 [ 1715.386191][ T9060] ? _raw_spin_unlock_irq+0x28/0x70 [ 1715.391376][ T9060] __sys_socket+0x103/0x220 [ 1715.395880][ T9060] ? move_addr_to_kernel+0x80/0x80 [ 1715.400992][ T9060] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1715.406458][ T9060] ? do_syscall_64+0x26/0x6a0 [ 1715.411154][ T9060] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1715.417327][ T9060] ? do_syscall_64+0x26/0x6a0 [ 1715.422015][ T9060] __x64_sys_socket+0x73/0xb0 [ 1715.426720][ T9060] do_syscall_64+0xfd/0x6a0 [ 1715.431225][ T9060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1715.437102][ T9060] RIP: 0033:0x45c377 [ 1715.440993][ T9060] Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1715.460609][ T9060] RSP: 002b:00007ffd23b92e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1715.469028][ T9060] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 000000000045c377 [ 1715.477010][ T9060] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 1715.484971][ T9060] RBP: 0000000000000f18 R08: 0000000000000000 R09: 000000000000000a [ 1715.493020][ T9060] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1715.500990][ T9060] R13: 00007ffd23b93540 R14: 00000000001a2410 R15: 00007ffd23b93550 [ 1715.509046][ T9060] memory: usage 5792kB, limit 0kB, failcnt 18 [ 1715.515119][ T9060] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1715.522048][ T9060] Memory cgroup stats for /syz0: [ 1715.522199][ T9060] anon 311296 [ 1715.522199][ T9060] file 167936 [ 1715.522199][ T9060] kernel_stack 65536 [ 1715.522199][ T9060] slab 5255168 [ 1715.522199][ T9060] sock 0 [ 1715.522199][ T9060] shmem 143360 [ 1715.522199][ T9060] file_mapped 135168 [ 1715.522199][ T9060] file_dirty 0 [ 1715.522199][ T9060] file_writeback 0 [ 1715.522199][ T9060] anon_thp 0 [ 1715.522199][ T9060] inactive_anon 135168 [ 1715.522199][ T9060] active_anon 311296 [ 1715.522199][ T9060] inactive_file 135168 [ 1715.522199][ T9060] active_file 122880 [ 1715.522199][ T9060] unevictable 0 [ 1715.522199][ T9060] slab_reclaimable 2162688 [ 1715.522199][ T9060] slab_unreclaimable 3092480 [ 1715.522199][ T9060] pgfault 111540 [ 1715.522199][ T9060] pgmajfault 0 [ 1715.522199][ T9060] workingset_refault 0 [ 1715.522199][ T9060] workingset_activate 0 [ 1715.522199][ T9060] workingset_nodereclaim 0 [ 1715.522199][ T9060] pgrefill 0 [ 1715.522199][ T9060] pgscan 0 [ 1715.522199][ T9060] pgsteal 0 [ 1715.522199][ T9060] pgactivate 0 [ 1715.618103][ T9060] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9060,uid=0 [ 1715.633512][ T9060] Memory cgroup out of memory: Killed process 9060 (syz-executor.0) total-vm:72440kB, anon-rss:104kB, file-rss:35776kB, shmem-rss:0kB [ 1715.648028][ T1057] oom_reaper: reaped process 9060 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 23:17:52 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 23:17:52 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, 0x0, 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:17:52 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) close(r0) r1 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r1, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="160000001a0081aee4050c00000f00fe078bc36f0600", 0x16}], 0x1}, 0x0) 23:17:52 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, 0x0, 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 23:17:52 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030383030312c63726561746f723df70e49a22c63726561746f723d49ba8e032c66696c655f756d61736b3d30303030303030303030303030303030303030303030342c696f636861727365743d63703835352c756d61736b3d30303030303030303030303030303030303030303337352c", @ANYRESHEX]) 23:17:52 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000200)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r1, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xf4ad1e69669fbe32) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = socket$kcm(0x11, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r3, 0xffffffffffffffff, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 1820.748371][ C1] rcu: INFO: rcu_sched self-detected stall on CPU [ 1820.755216][ C1] rcu: 1-....: (10499 ticks this GP) idle=b36/1/0x4000000000000002 softirq=115901/115901 fqs=5216 [ 1820.766240][ C1] (t=10500 jiffies g=215313 q=438) [ 1820.771451][ C1] NMI backtrace for cpu 1 [ 1820.775767][ C1] CPU: 1 PID: 29661 Comm: syz-executor.4 Not tainted 5.2.0+ #71 [ 1820.783423][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1820.793460][ C1] Call Trace: [ 1820.796723][ C1] [ 1820.799563][ C1] dump_stack+0x16f/0x1f0 [ 1820.803893][ C1] ? lapic_can_unplug_cpu.cold+0x36/0x45 [ 1820.809510][ C1] nmi_cpu_backtrace.cold+0x70/0xb2 [ 1820.814689][ C1] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 1820.820301][ C1] nmi_trigger_cpumask_backtrace+0x22d/0x25c [ 1820.826265][ C1] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1820.832142][ C1] rcu_dump_cpu_stacks+0x183/0x1cf [ 1820.837236][ C1] ? find_next_bit+0x107/0x130 [ 1820.841989][ C1] rcu_sched_clock_irq.cold+0x491/0x8c0 [ 1820.847528][ C1] ? raise_softirq+0x163/0x370 [ 1820.852280][ C1] update_process_times+0x32/0x80 [ 1820.857286][ C1] tick_sched_handle+0xa2/0x190 [ 1820.862116][ C1] tick_sched_timer+0x47/0x130 [ 1820.866862][ C1] __hrtimer_run_queues+0x364/0xd90 [ 1820.872043][ C1] ? tick_sched_do_timer+0x1b0/0x1b0 [ 1820.877309][ C1] ? hrtimer_start_range_ns+0xbc0/0xbc0 [ 1820.882853][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1820.888555][ C1] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 1820.894787][ C1] hrtimer_interrupt+0x2ea/0x730 [ 1820.899728][ C1] smp_apic_timer_interrupt+0x10b/0x550 [ 1820.905259][ C1] apic_timer_interrupt+0xf/0x20 [ 1820.910173][ C1] [ 1820.913110][ C1] RIP: 0010:debug_lockdep_rcu_enabled+0x38/0xa0 [ 1820.919346][ C1] Code: 00 fc ff df 48 89 c1 83 e0 07 48 89 e5 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 04 84 d2 75 49 8b 15 0c 43 46 08 85 d2 74 3b <48> c7 c0 34 d9 a4 89 48 ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 [ 1820.938941][ C1] RSP: 0018:ffff88805ff971b8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 1820.947349][ C1] RAX: 0000000000000003 RBX: ffff88805ff972b8 RCX: 1ffffffff1349504 [ 1820.955318][ C1] RDX: 0000000000000002 RSI: ffffffff81945926 RDI: 0000000000000001 [ 1820.963297][ C1] RBP: ffff88805ff971b8 R08: ffff8880966b8340 R09: fffffbfff13494e8 [ 1820.971280][ C1] R10: fffffbfff13494e7 R11: ffffffff89a4a73f R12: 1ffff1100bff2e3b [ 1820.979259][ C1] R13: 0000000000000001 R14: ffff88812fffc000 R15: 0000000000000000 [ 1820.987237][ C1] ? try_to_free_mem_cgroup_pages+0x6d6/0xa00 [ 1820.993290][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1820.999511][ C1] try_to_free_mem_cgroup_pages+0x6e9/0xa00 [ 1821.005385][ C1] ? try_to_free_pages+0x900/0x900 [ 1821.010493][ C1] ? _raw_spin_unlock_irqrestore+0x67/0xd0 [ 1821.016283][ C1] ? cgroup_file_notify+0x140/0x1b0 [ 1821.021462][ C1] ? _raw_spin_unlock_irqrestore+0x67/0xd0 [ 1821.027260][ C1] ? cgroup_file_notify+0x140/0x1b0 [ 1821.032444][ C1] try_charge+0x648/0x1430 [ 1821.036844][ C1] ? __lock_acquire+0x7b1/0x4c30 [ 1821.041773][ C1] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1821.047299][ C1] ? cache_grow_begin+0x124/0xc90 [ 1821.052307][ C1] ? find_held_lock+0x35/0x130 [ 1821.057109][ C1] ? cache_grow_begin+0x124/0xc90 [ 1821.062140][ C1] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1821.067579][ C1] ? memcg_kmem_put_cache+0x1b0/0x1b0 [ 1821.072932][ C1] cache_grow_begin+0x601/0xc90 [ 1821.077765][ C1] ? write_comp_data+0x31/0x70 [ 1821.082512][ C1] ? mempolicy_slab_node+0x139/0x390 [ 1821.087777][ C1] fallback_alloc+0x1fd/0x2d0 [ 1821.092447][ C1] ____cache_alloc_node+0x1bc/0x1d0 [ 1821.097626][ C1] ? trace_hardirqs_off+0x62/0x210 [ 1821.102719][ C1] kmem_cache_alloc+0x1e8/0x700 [ 1821.107552][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 1821.112474][ C1] ? ratelimit_state_init+0xb0/0xb0 [ 1821.117655][ C1] ext4_alloc_inode+0x1f/0x640 [ 1821.122402][ C1] ? ratelimit_state_init+0xb0/0xb0 [ 1821.127580][ C1] alloc_inode+0x68/0x1e0 [ 1821.131893][ C1] iget_locked+0x1a6/0x4b0 [ 1821.136304][ C1] __ext4_iget+0x265/0x3d10 [ 1821.140793][ C1] ? ext4_get_projid+0x190/0x190 [ 1821.145711][ C1] ? ext4_lookup+0x557/0x7a0 [ 1821.150299][ C1] ? ext4_lookup+0x557/0x7a0 [ 1821.154872][ C1] ext4_lookup+0x3b1/0x7a0 [ 1821.159276][ C1] ? ext4_cross_rename+0x1430/0x1430 [ 1821.164546][ C1] ? __lock_acquire+0x1702/0x4c30 [ 1821.169551][ C1] ? __kasan_check_read+0x11/0x20 [ 1821.175037][ C1] ? lockdep_init_map+0x1be/0x6d0 [ 1821.180051][ C1] __lookup_slow+0x279/0x500 [ 1821.184640][ C1] ? vfs_unlink+0x620/0x620 [ 1821.189133][ C1] lookup_slow+0x58/0x80 [ 1821.193351][ C1] path_mountpoint+0x5d2/0x1e60 [ 1821.198180][ C1] ? __isolate_free_page+0x4c0/0x4c0 [ 1821.203449][ C1] ? path_openat+0x4630/0x4630 [ 1821.208196][ C1] ? cache_grow_end+0xa4/0x190 [ 1821.212948][ C1] filename_mountpoint+0x190/0x3c0 [ 1821.218076][ C1] ? filename_parentat.isra.0+0x410/0x410 [ 1821.224175][ C1] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1821.230410][ C1] ? __phys_addr_symbol+0x30/0x70 [ 1821.235418][ C1] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1821.241123][ C1] ? __check_object_size+0x3d/0x43c [ 1821.246307][ C1] ? strncpy_from_user+0x2b4/0x400 [ 1821.251410][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1821.257630][ C1] ? getname_flags+0x277/0x5b0 [ 1821.262378][ C1] user_path_mountpoint_at+0x3a/0x50 [ 1821.267646][ C1] ksys_umount+0x167/0xf00 [ 1821.272056][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1821.278288][ C1] ? __detach_mounts+0x2a0/0x2a0 [ 1821.283216][ C1] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1821.288654][ C1] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1821.294154][ C1] ? do_syscall_64+0x26/0x6a0 [ 1821.298888][ C1] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1821.304935][ C1] ? do_syscall_64+0x26/0x6a0 [ 1821.309594][ C1] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1821.315226][ C1] __x64_sys_umount+0x54/0x80 [ 1821.319886][ C1] do_syscall_64+0xfd/0x6a0 [ 1821.324381][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1821.330626][ C1] RIP: 0033:0x45c257 [ 1821.334505][ C1] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1821.354084][ C1] RSP: 002b:00007ffc5a5ade48 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 1821.362471][ C1] RAX: ffffffffffffffda RBX: 00000000001a2987 RCX: 000000000045c257 [ 1821.370419][ C1] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffc5a5adef0 [ 1821.378374][ C1] RBP: 00000000000005bd R08: 0000000000000000 R09: 0000000000000010 [ 1821.386334][ C1] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffc5a5aef80 [ 1821.394408][ C1] R13: 0000555556744940 R14: 0000000000000000 R15: 00007ffc5a5aef80 [ 1822.169127][ T9070] rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 1-... } 10651 jiffies s: 25137 root: 0x2/. [ 1822.181252][ T9070] rcu: blocking rcu_node structures: [ 1822.186547][ T9070] Task dump for CPU 1: [ 1822.190656][ T9070] syz-executor.4 R running task 24040 29661 29660 0x8000400a [ 1822.198593][ T9070] Call Trace: [ 1822.201916][ T9070] ? ktime_get+0x37/0x2f0 [ 1822.206258][ T9070] ? shrink_node_memcg+0x1430/0x1430 [ 1822.211583][ T9070] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1822.217308][ T9070] ? ktime_get+0x202/0x2f0 [ 1822.221769][ T9070] ? do_try_to_free_pages+0x3cb/0x11e0 [ 1822.227249][ T9070] ? shrink_node+0x1710/0x1710 [ 1822.232069][ T9070] ? _raw_spin_unlock_irq+0x28/0x70 [ 1822.237292][ T9070] ? rcu_read_unlock+0x35/0x70 [ 1822.242107][ T9070] ? try_to_free_pages+0x900/0x900 [ 1822.247234][ T9070] ? _raw_spin_unlock_irqrestore+0x67/0xd0 [ 1822.253090][ T9070] ? cgroup_file_notify+0x140/0x1b0 [ 1822.258302][ T9070] ? _raw_spin_unlock_irqrestore+0x67/0xd0 [ 1822.264196][ T9070] ? cgroup_file_notify+0x140/0x1b0 [ 1822.269455][ T9070] ? try_charge+0x648/0x1430 [ 1822.274085][ T9070] ? __lock_acquire+0x7b1/0x4c30 [ 1822.279080][ T9070] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1822.284809][ T9070] ? cache_grow_begin+0x124/0xc90 [ 1822.289873][ T9070] ? find_held_lock+0x35/0x130 [ 1822.294648][ T9070] ? cache_grow_begin+0x124/0xc90 [ 1822.299719][ T9070] ? __memcg_kmem_charge_memcg+0x71/0xf0 [ 1822.305363][ T9070] ? memcg_kmem_put_cache+0x1b0/0x1b0 [ 1822.310797][ T9070] ? cache_grow_begin+0x601/0xc90 [ 1822.315833][ T9070] ? write_comp_data+0x31/0x70 [ 1822.320641][ T9070] ? mempolicy_slab_node+0x139/0x390 [ 1822.325943][ T9070] ? fallback_alloc+0x1fd/0x2d0 [ 1822.330835][ T9070] ? ____cache_alloc_node+0x1bc/0x1d0 [ 1822.336214][ T9070] ? trace_hardirqs_off+0x62/0x210 [ 1822.341368][ T9070] ? kmem_cache_alloc+0x1e8/0x700 [ 1822.346400][ T9070] ? rwlock_bug.part.0+0x90/0x90 [ 1822.351383][ T9070] ? ratelimit_state_init+0xb0/0xb0 [ 1822.356587][ T9070] ? ext4_alloc_inode+0x1f/0x640 [ 1822.361559][ T9070] ? ratelimit_state_init+0xb0/0xb0 [ 1822.366763][ T9070] ? alloc_inode+0x68/0x1e0 [ 1822.371308][ T9070] ? iget_locked+0x1a6/0x4b0 [ 1822.375915][ T9070] ? __ext4_iget+0x265/0x3d10 [ 1822.380639][ T9070] ? ext4_get_projid+0x190/0x190 [ 1822.385583][ T9070] ? ext4_lookup+0x557/0x7a0 [ 1822.390212][ T9070] ? ext4_lookup+0x557/0x7a0 [ 1822.394822][ T9070] ? ext4_lookup+0x3b1/0x7a0 [ 1822.399455][ T9070] ? ext4_cross_rename+0x1430/0x1430 [ 1822.404750][ T9070] ? __lock_acquire+0x1702/0x4c30 [ 1822.409810][ T9070] ? __kasan_check_read+0x11/0x20 [ 1822.414854][ T9070] ? lockdep_init_map+0x1be/0x6d0 [ 1822.419935][ T9070] ? __lookup_slow+0x279/0x500 [ 1822.424710][ T9070] ? vfs_unlink+0x620/0x620 [ 1822.429276][ T9070] ? lookup_slow+0x58/0x80 [ 1822.433709][ T9070] ? path_mountpoint+0x5d2/0x1e60 [ 1822.438765][ T9070] ? __isolate_free_page+0x4c0/0x4c0 [ 1822.444081][ T9070] ? path_openat+0x4630/0x4630 [ 1822.448894][ T9070] ? cache_grow_end+0xa4/0x190 [ 1822.453682][ T9070] ? filename_mountpoint+0x190/0x3c0 [ 1822.459017][ T9070] ? filename_parentat.isra.0+0x410/0x410 [ 1822.464760][ T9070] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1822.471052][ T9070] ? __phys_addr_symbol+0x30/0x70 [ 1822.476094][ T9070] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1822.481869][ T9070] ? __check_object_size+0x3d/0x43c [ 1822.487098][ T9070] ? strncpy_from_user+0x2b4/0x400 [ 1822.492270][ T9070] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1822.498562][ T9070] ? getname_flags+0x277/0x5b0 [ 1822.503347][ T9070] ? user_path_mountpoint_at+0x3a/0x50 [ 1822.508857][ T9070] ? ksys_umount+0x167/0xf00 [ 1822.513469][ T9070] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1822.519757][ T9070] ? __detach_mounts+0x2a0/0x2a0 [ 1822.524708][ T9070] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1822.530215][ T9070] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1822.535690][ T9070] ? do_syscall_64+0x26/0x6a0 [ 1822.540413][ T9070] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1822.546493][ T9070] ? do_syscall_64+0x26/0x6a0 [ 1822.551224][ T9070] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1822.556527][ T9070] ? __x64_sys_umount+0x54/0x80 [ 1822.561421][ T9070] ? do_syscall_64+0xfd/0x6a0 [ 1822.566120][ T9070] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe