LOB, @ANYRES32=0x0, @ANYBLOB="e1dbfd330000000020001200100001006970366772657461700000000c0002000800", @ANYRES32], 0x4}}, 0x0) sendmsg$inet6(r8, &(0x7f0000000700)={&(0x7f0000000300)={0xa, 0x4e24, 0xa16a, @rand_addr="b1cc02d8a64a533f9b75a7b0f54316ae", 0x6}, 0x1c, &(0x7f0000000380)=[{0x0}, {0x0}], 0x2, &(0x7f00000006c0)=[@pktinfo={{0x24, 0x29, 0x32, {@local, r11}}}], 0x28}, 0x40080) getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@multicast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000200)=0xe8) r13 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r13, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0xc) setresgid(0x0, 0x0, r14) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000580)={{0x9, 0x0, 0x0, r12, r14, 0x17528577f06cc64}, 0x90, 0x7ff, 0x4}) connect$inet6(r4, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 03:37:28 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'bond0\x00\xe1\x03\n\x00!!SS\x9e\x00', @ifru_names='bond_slave_1\x00'}) [ 979.314763][T31314] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 979.358620][T31314] CPU: 0 PID: 31314 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 979.366373][T31314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 979.376428][T31314] Call Trace: [ 979.379717][T31314] dump_stack+0x1d8/0x2f8 [ 979.384049][T31314] dump_header+0xd8/0x960 [ 979.388386][T31314] oom_kill_process+0xcd/0x350 [ 979.393152][T31314] out_of_memory+0x5fa/0x8b0 [ 979.397741][T31314] try_charge+0x125a/0x1910 [ 979.402355][T31314] mem_cgroup_try_charge+0x20c/0x680 [ 979.407644][T31314] mem_cgroup_try_charge_delay+0x25/0xa0 [ 979.413269][T31314] wp_page_copy+0x349/0x1890 [ 979.417860][T31314] ? __kasan_check_read+0x11/0x20 [ 979.422877][T31314] ? do_raw_spin_unlock+0x49/0x260 [ 979.427993][T31314] do_wp_page+0x5e5/0x1cc0 [ 979.432406][T31314] ? __kasan_check_write+0x14/0x20 [ 979.437520][T31314] handle_mm_fault+0x2ada/0x5ff0 [ 979.442482][T31314] do_user_addr_fault+0x589/0xaf0 [ 979.447514][T31314] __do_page_fault+0xd3/0x1f0 [ 979.452190][T31314] do_page_fault+0x99/0xb0 [ 979.456600][T31314] page_fault+0x39/0x40 [ 979.460749][T31314] RIP: 0033:0x430b06 [ 979.464637][T31314] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 979.484238][T31314] RSP: 002b:00007ffd3f3ed880 EFLAGS: 00010206 [ 979.490295][T31314] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 979.490302][T31314] RDX: 0000000001f53930 RSI: 0000000001f5b970 RDI: 0000000000000003 03:37:28 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000100)={'bond0\x00\xe1\x03\n\x00!!SS\x9e\x00', @ifru_names='bond_slave_1\x00'}) 03:37:28 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) getpid() [ 979.490307][T31314] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001f52940 [ 979.490313][T31314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 979.490318][T31314] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 979.493701][T31314] memory: usage 17828kB, limit 0kB, failcnt 465 03:37:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000100)={'bond0\x00\xe1\x03\n\x00!!SS\x9e\x00', @ifru_names='bond_slave_1\x00'}) [ 979.677523][T31347] overlayfs: workdir and upperdir must reside under the same mount [ 979.741834][T31314] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 979.760150][ C0] net_ratelimit: 10 callbacks suppressed [ 979.760156][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 979.771771][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 979.777621][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 979.783450][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 979.789276][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 979.795099][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 979.799972][T31314] Memory cgroup stats for /syz3: [ 979.800055][T31314] anon 0 [ 979.800055][T31314] file 221184 [ 979.800055][T31314] kernel_stack 0 [ 979.800055][T31314] slab 18173952 [ 979.800055][T31314] sock 0 [ 979.800055][T31314] shmem 0 [ 979.800055][T31314] file_mapped 0 [ 979.800055][T31314] file_dirty 0 [ 979.800055][T31314] file_writeback 0 [ 979.800055][T31314] anon_thp 0 [ 979.800055][T31314] inactive_anon 0 [ 979.800055][T31314] active_anon 0 [ 979.800055][T31314] inactive_file 0 [ 979.800055][T31314] active_file 135168 [ 979.800055][T31314] unevictable 0 [ 979.800055][T31314] slab_reclaimable 17571840 [ 979.800055][T31314] slab_unreclaimable 602112 [ 979.800055][T31314] pgfault 67320 [ 979.800055][T31314] pgmajfault 0 [ 979.800055][T31314] workingset_refault 0 [ 979.800055][T31314] workingset_activate 0 [ 979.800055][T31314] workingset_nodereclaim 0 [ 979.800055][T31314] pgrefill 66 [ 979.800055][T31314] pgscan 66 [ 979.800055][T31314] pgsteal 35 03:37:29 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) fcntl$setsig(r1, 0xa, 0x2d) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x60, 0x400001) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(r2, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = open(0x0, 0x0, 0x0) r5 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r5, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) geteuid() fcntl$getownex(r3, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), &(0x7f00000008c0), 0x0) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc) fstat(0xffffffffffffffff, 0x0) getresgid(0x0, &(0x7f0000000200), &(0x7f0000001680)) getresuid(0x0, &(0x7f0000001740), &(0x7f0000001780)) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) getgid() r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, 0x0, 0x0) listen(r7, 0x0) listen(0xffffffffffffffff, 0x0) sendmmsg$unix(r5, &(0x7f0000001c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002880)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYRES64, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32], 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44081}, {&(0x7f0000001a80)=@abs, 0x6e, &(0x7f0000001b00), 0x0, 0x0, 0x0, 0x4048850}], 0x3, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, &(0x7f00000016c0)=0xe8) getresgid(0x0, &(0x7f0000001740), 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r9 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r10 = open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r10, 0xc4c85512, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) lstat(0x0, &(0x7f0000000c00)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(0xffffffffffffffff, 0x0) getresuid(&(0x7f0000001700), 0x0, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000001840), &(0x7f0000001880)=0xc) getgid() sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001c40), 0x0, 0x20000000) stat(0x0, 0x0) [ 979.800055][T31314] pgactivate 0 [ 979.800943][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 979.805800][T31314] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=31314,uid=0 [ 979.894072][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:37:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000100)={'bond0\x00\xe1\x03\n\x00!!SS\x9e\x00', @ifru_names='bond_slave_1\x00'}) [ 980.001719][T31314] Memory cgroup out of memory: Killed process 31314 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 980.062784][ T1066] oom_reaper: reaped process 31314 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:37:29 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) getresuid(0x0, 0x0, &(0x7f0000001780)) getsockopt$sock_cred(r7, 0x1, 0x11, 0x0, &(0x7f0000001880)) [ 980.319999][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 980.320002][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 980.342224][T31359] overlayfs: workdir and upperdir must reside under the same mount 03:37:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 981.559444][T31482] IPVS: ftp: loaded support on port[0] = 21 [ 981.754377][T31482] chnl_net:caif_netlink_parms(): no params data found [ 981.844513][T31482] bridge0: port 1(bridge_slave_0) entered blocking state [ 981.852057][T31482] bridge0: port 1(bridge_slave_0) entered disabled state [ 981.860827][T31482] device bridge_slave_0 entered promiscuous mode [ 981.869295][T31482] bridge0: port 2(bridge_slave_1) entered blocking state [ 981.876623][T31482] bridge0: port 2(bridge_slave_1) entered disabled state [ 981.885141][T31482] device bridge_slave_1 entered promiscuous mode [ 981.907677][T31482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 981.965051][T31482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 981.989257][T31482] team0: Port device team_slave_0 added [ 981.997520][T31482] team0: Port device team_slave_1 added [ 982.133151][T31482] device hsr_slave_0 entered promiscuous mode [ 982.180898][T31482] device hsr_slave_1 entered promiscuous mode [ 982.230054][T31482] debugfs: Directory 'hsr0' with parent '/' already present! [ 982.304469][T31482] bridge0: port 2(bridge_slave_1) entered blocking state [ 982.311595][T31482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 982.318933][T31482] bridge0: port 1(bridge_slave_0) entered blocking state [ 982.326073][T31482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 982.419206][T31482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 982.502897][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 982.512002][T16142] bridge0: port 1(bridge_slave_0) entered disabled state [ 982.521115][T16142] bridge0: port 2(bridge_slave_1) entered disabled state [ 982.531256][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 982.546966][T31482] 8021q: adding VLAN 0 to HW filter on device team0 [ 982.603229][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 982.612322][T25319] bridge0: port 1(bridge_slave_0) entered blocking state [ 982.619596][T25319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 982.642118][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 982.651108][ T3773] bridge0: port 2(bridge_slave_1) entered blocking state [ 982.658263][ T3773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 982.745372][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 982.757447][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 982.776522][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 982.785701][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 982.794924][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 982.804014][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 982.813252][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 982.876294][T31482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 982.956020][T31482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 983.072818][T31490] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 983.122616][T31490] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 983.133363][T31490] CPU: 0 PID: 31490 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 983.140936][T31490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.150989][T31490] Call Trace: [ 983.151010][T31490] dump_stack+0x1d8/0x2f8 [ 983.151026][T31490] dump_header+0xd8/0x960 [ 983.151039][T31490] oom_kill_process+0xcd/0x350 [ 983.151050][T31490] out_of_memory+0x5fa/0x8b0 [ 983.151066][T31490] memory_max_write+0x4ba/0x600 [ 983.163432][T31490] ? memory_max_show+0xa0/0xa0 [ 983.163445][T31490] cgroup_file_write+0x223/0x5f0 [ 983.172799][T31490] ? cgroup_seqfile_stop+0xc0/0xc0 [ 983.172811][T31490] kernfs_fop_write+0x3e4/0x4e0 [ 983.172823][T31490] ? kernfs_fop_read+0x580/0x580 [ 983.172835][T31490] __vfs_write+0xb8/0x740 [ 983.172851][T31490] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 983.197256][T31490] ? __sb_start_write+0x382/0x430 [ 983.197273][T31490] vfs_write+0x275/0x590 [ 983.212054][T31490] ksys_write+0x117/0x220 [ 983.225598][T31490] __x64_sys_write+0x7b/0x90 [ 983.225612][T31490] do_syscall_64+0xf7/0x1c0 [ 983.235225][T31490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 983.235237][T31490] RIP: 0033:0x459a29 [ 983.245022][T31490] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 983.245028][T31490] RSP: 002b:00007f1722018c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 983.245037][T31490] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 983.245047][T31490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 983.273611][T31490] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 983.273618][T31490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17220196d4 [ 983.273623][T31490] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 983.282624][T31490] memory: usage 4016kB, limit 0kB, failcnt 448 [ 983.282670][T31490] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 983.282689][T31490] Memory cgroup stats for /syz2: [ 983.283214][T31490] anon 2211840 [ 983.283214][T31490] file 155648 [ 983.283214][T31490] kernel_stack 65536 [ 983.283214][T31490] slab 1703936 [ 983.283214][T31490] sock 0 [ 983.283214][T31490] shmem 0 [ 983.283214][T31490] file_mapped 135168 [ 983.283214][T31490] file_dirty 135168 [ 983.283214][T31490] file_writeback 0 [ 983.283214][T31490] anon_thp 2097152 [ 983.283214][T31490] inactive_anon 135168 [ 983.283214][T31490] active_anon 2211840 [ 983.283214][T31490] inactive_file 0 [ 983.283214][T31490] active_file 0 [ 983.283214][T31490] unevictable 0 [ 983.283214][T31490] slab_reclaimable 811008 [ 983.283214][T31490] slab_unreclaimable 892928 [ 983.283214][T31490] pgfault 209616 [ 983.283214][T31490] pgmajfault 0 [ 983.283214][T31490] workingset_refault 0 [ 983.283214][T31490] workingset_activate 0 [ 983.283214][T31490] workingset_nodereclaim 0 [ 983.283214][T31490] pgrefill 282 [ 983.283214][T31490] pgscan 276 [ 983.283214][T31490] pgsteal 37 [ 983.283214][T31490] pgactivate 231 [ 983.431678][T31490] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31488,uid=0 [ 983.451777][T31490] Memory cgroup out of memory: Killed process 31488 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 983.473090][ T1066] oom_reaper: reaped process 31488 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:37:32 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:32 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r0, 0x89f0, 0x0) 03:37:32 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) getpid() 03:37:32 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) getresuid(0x0, 0x0, &(0x7f0000001780)) getsockopt$sock_cred(r7, 0x1, 0x11, 0x0, &(0x7f0000001880)) 03:37:32 executing program 0: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) getresuid(0x0, 0x0, &(0x7f0000001780)) getsockopt$sock_cred(r7, 0x1, 0x11, 0x0, &(0x7f0000001880)) 03:37:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 983.592845][T31482] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 983.647181][T31482] CPU: 1 PID: 31482 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 983.654773][T31482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.664831][T31482] Call Trace: [ 983.668385][T31482] dump_stack+0x1d8/0x2f8 [ 983.672720][T31482] dump_header+0xd8/0x960 [ 983.677051][T31482] oom_kill_process+0xcd/0x350 [ 983.681849][T31482] out_of_memory+0x5fa/0x8b0 [ 983.686453][T31482] try_charge+0x125a/0x1910 [ 983.690983][T31482] mem_cgroup_try_charge+0x20c/0x680 [ 983.696280][T31482] mem_cgroup_try_charge_delay+0x25/0xa0 [ 983.701914][T31482] wp_page_copy+0x349/0x1890 [ 983.706524][T31482] ? __kasan_check_read+0x11/0x20 [ 983.711550][T31482] ? do_raw_spin_unlock+0x49/0x260 [ 983.716667][T31482] do_wp_page+0x5e5/0x1cc0 [ 983.721081][T31482] ? __kasan_check_write+0x14/0x20 [ 983.726198][T31482] handle_mm_fault+0x2ada/0x5ff0 [ 983.731159][T31482] do_user_addr_fault+0x589/0xaf0 [ 983.736284][T31482] __do_page_fault+0xd3/0x1f0 [ 983.741205][T31482] do_page_fault+0x99/0xb0 [ 983.745628][T31482] page_fault+0x39/0x40 [ 983.749781][T31482] RIP: 0033:0x430b06 [ 983.753674][T31482] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 983.773297][T31482] RSP: 002b:00007fff2a9ec470 EFLAGS: 00010206 [ 983.779373][T31482] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 983.787436][T31482] RDX: 0000000002419930 RSI: 0000000002421970 RDI: 0000000000000003 [ 983.795414][T31482] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002418940 [ 983.803393][T31482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 983.811374][T31482] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:37:33 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r0, 0x89f0, 0x0) 03:37:33 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) getresuid(0x0, 0x0, &(0x7f0000001780)) getsockopt$sock_cred(r7, 0x1, 0x11, 0x0, &(0x7f0000001880)) [ 983.870027][T31482] memory: usage 1688kB, limit 0kB, failcnt 456 [ 983.878539][T31482] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 983.946625][T31482] Memory cgroup stats for /syz2: [ 983.946700][T31482] anon 106496 [ 983.946700][T31482] file 155648 [ 983.946700][T31482] kernel_stack 0 [ 983.946700][T31482] slab 1703936 [ 983.946700][T31482] sock 0 [ 983.946700][T31482] shmem 0 [ 983.946700][T31482] file_mapped 135168 [ 983.946700][T31482] file_dirty 135168 [ 983.946700][T31482] file_writeback 0 [ 983.946700][T31482] anon_thp 0 [ 983.946700][T31482] inactive_anon 135168 [ 983.946700][T31482] active_anon 106496 [ 983.946700][T31482] inactive_file 0 [ 983.946700][T31482] active_file 0 [ 983.946700][T31482] unevictable 0 [ 983.946700][T31482] slab_reclaimable 811008 [ 983.946700][T31482] slab_unreclaimable 892928 [ 983.946700][T31482] pgfault 209616 [ 983.946700][T31482] pgmajfault 0 [ 983.946700][T31482] workingset_refault 0 [ 983.946700][T31482] workingset_activate 0 [ 983.946700][T31482] workingset_nodereclaim 0 [ 983.946700][T31482] pgrefill 282 [ 983.946700][T31482] pgscan 276 [ 983.946700][T31482] pgsteal 37 [ 983.946700][T31482] pgactivate 231 03:37:33 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) getpid() 03:37:33 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x8008af00, &(0x7f00000001c0)) 03:37:33 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000140)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r0, 0x89f0, 0x0) 03:37:33 executing program 0: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x5dc291) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x98) [ 984.498470][T31482] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31482,uid=0 [ 984.521931][T31482] Memory cgroup out of memory: Killed process 31482 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 984.577918][ T1066] oom_reaper: reaped process 31482 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:37:34 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:34 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x7, &(0x7f0000000040)) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1}) dup3(r1, r2, 0x0) 03:37:34 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) getresuid(0x0, 0x0, &(0x7f0000001780)) getsockopt$sock_cred(r7, 0x1, 0x11, 0x0, &(0x7f0000001880)) 03:37:34 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) getpid() 03:37:34 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYRES32], 0x4) [ 985.781107][T31838] IPVS: ftp: loaded support on port[0] = 21 [ 985.976467][T31838] chnl_net:caif_netlink_parms(): no params data found [ 986.055507][T31838] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.063518][T31838] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.080982][T31838] device bridge_slave_0 entered promiscuous mode [ 986.089413][T31838] bridge0: port 2(bridge_slave_1) entered blocking state [ 986.097559][T31838] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.106154][T31838] device bridge_slave_1 entered promiscuous mode [ 986.176360][T31838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 986.188841][T31838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 986.221426][T31838] team0: Port device team_slave_0 added [ 986.292216][T31838] team0: Port device team_slave_1 added [ 986.363106][T31838] device hsr_slave_0 entered promiscuous mode [ 986.420926][T31838] device hsr_slave_1 entered promiscuous mode [ 986.480019][T31838] debugfs: Directory 'hsr0' with parent '/' already present! [ 986.666710][T31838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 986.683738][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 986.695917][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 986.704975][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 986.717301][T31838] 8021q: adding VLAN 0 to HW filter on device team0 [ 986.833719][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 986.843237][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 986.852088][T25324] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.859141][T25324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 986.912472][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 986.921085][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 986.930457][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 986.938947][T14644] bridge0: port 2(bridge_slave_1) entered blocking state [ 986.946061][T14644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 987.024419][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 987.034509][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 987.044618][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 987.056221][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 987.076651][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 987.085260][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 987.100907][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 987.113273][T31838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 987.187531][T31838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 987.388296][T31847] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 03:37:36 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:37:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x2feffbfaa}, 0xc) r1 = socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r1, 0x0, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0xb, 0x81) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:36 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) getresuid(0x0, 0x0, &(0x7f0000001780)) 03:37:36 executing program 5: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000380)='./file0\x00') r0 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$UHID_INPUT(r0, &(0x7f0000001cc0)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0x1000}, 0x1006) sendfile(r0, r0, &(0x7f0000000240), 0x2008000fffffffe) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000400), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) 03:37:36 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:36 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) getpid() 03:37:37 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) getpid() 03:37:37 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:37 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) getresgid(&(0x7f0000001600), &(0x7f0000000200), 0x0) [ 987.994280][T31967] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 988.030484][T31967] CPU: 1 PID: 31967 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 988.038091][T31967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 988.048148][T31967] Call Trace: [ 988.051445][T31967] dump_stack+0x1d8/0x2f8 [ 988.055784][T31967] dump_header+0xd8/0x960 [ 988.060119][T31967] oom_kill_process+0xcd/0x350 [ 988.064889][T31967] out_of_memory+0x5fa/0x8b0 [ 988.069493][T31967] memory_max_write+0x4ba/0x600 [ 988.074354][T31967] ? memory_max_show+0xa0/0xa0 [ 988.079125][T31967] cgroup_file_write+0x223/0x5f0 [ 988.084071][T31967] ? cgroup_seqfile_stop+0xc0/0xc0 [ 988.089188][T31967] kernfs_fop_write+0x3e4/0x4e0 [ 988.094045][T31967] ? kernfs_fop_read+0x580/0x580 [ 988.099007][T31967] __vfs_write+0xb8/0x740 [ 988.103349][T31967] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 988.108916][T31967] ? __sb_start_write+0x382/0x430 [ 988.113948][T31967] vfs_write+0x275/0x590 [ 988.118201][T31967] ksys_write+0x117/0x220 [ 988.122540][T31967] __x64_sys_write+0x7b/0x90 [ 988.127134][T31967] do_syscall_64+0xf7/0x1c0 [ 988.131637][T31967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 988.137515][T31967] RIP: 0033:0x459a29 [ 988.141395][T31967] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 988.141401][T31967] RSP: 002b:00007f69efaa2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 988.141411][T31967] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 988.141416][T31967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 03:37:37 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) fstat(r8, &(0x7f0000000d00)) [ 988.141422][T31967] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 988.141428][T31967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f69efaa36d4 [ 988.141434][T31967] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff 03:37:37 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = syz_open_procfs(0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000280)=0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f00000005c0)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8) r5 = getegid() getpgid(0x0) r6 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xc230, 0x0) gettid() r7 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(r7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) gettid() r9 = socket(0x1, 0x0, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(0x0, r10) sendmsg$unix(r6, 0x0, 0x0) r11 = getpid() syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xc230, 0x0) r12 = gettid() timer_create(0x9, &(0x7f0000000140)={0x0, 0x16, 0x4, @tid=r12}, 0x0) r13 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r13, 0x0) setgid(0x0) r14 = socket(0x1, 0x0, 0x0) getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(0x0, r15) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)=@abs={0x3}, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000240)=[@cred={{0x1c, 0x1, 0x2, {r12}}}], 0x20}, 0x0) r16 = gettid() timer_create(0x9, &(0x7f0000000140)={0x0, 0x0, 0x0, @tid=r16}, 0x0) setgid(0x0) gettid() socket(0x0, 0x0, 0x0) setreuid(0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)=@abs={0x3}, 0x6e, &(0x7f0000000100)}, 0x0) sendmsg$unix(r0, &(0x7f0000000780)={&(0x7f00000003c0)=@file={0x2, './bus\x00'}, 0x6e, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2, &(0x7f00000006c0)=ANY=[@ANYRES32=r2, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="00000000100000000100000001000000010000001c000000000000000100000002", @ANYRES32=0xee00, @ANYRES32=r8, @ANYBLOB, @ANYRES32=r11, @ANYRES32, @ANYBLOB="000000001800000000", @ANYRES32], 0x4a, 0x80}, 0x4000020) r17 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r17, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', &(0x7f0000000200)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) r18 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000240)='./bus\x00', &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) sendfile(r17, r18, 0x0, 0x8000fffffffe) creat(&(0x7f0000000800)='./bus\x00', 0x100000010) 03:37:37 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) getpid() [ 988.325512][T31967] memory: usage 20260kB, limit 0kB, failcnt 466 [ 988.349809][T31967] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 988.397385][T31967] Memory cgroup stats for /syz3: [ 988.399154][T31967] anon 2256896 [ 988.399154][T31967] file 221184 [ 988.399154][T31967] kernel_stack 0 [ 988.399154][T31967] slab 18309120 [ 988.399154][T31967] sock 0 [ 988.399154][T31967] shmem 0 [ 988.399154][T31967] file_mapped 0 [ 988.399154][T31967] file_dirty 0 [ 988.399154][T31967] file_writeback 0 [ 988.399154][T31967] anon_thp 2097152 [ 988.399154][T31967] inactive_anon 0 [ 988.399154][T31967] active_anon 2179072 [ 988.399154][T31967] inactive_file 0 03:37:37 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RGETATTR(r0, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) 03:37:37 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) [ 988.399154][T31967] active_file 135168 [ 988.399154][T31967] unevictable 0 [ 988.399154][T31967] slab_reclaimable 17571840 [ 988.399154][T31967] slab_unreclaimable 737280 [ 988.399154][T31967] pgfault 67518 [ 988.399154][T31967] pgmajfault 0 [ 988.399154][T31967] workingset_refault 0 [ 988.399154][T31967] workingset_activate 0 [ 988.399154][T31967] workingset_nodereclaim 0 [ 988.399154][T31967] pgrefill 66 [ 988.399154][T31967] pgscan 66 [ 988.399154][T31967] pgsteal 35 [ 988.399154][T31967] pgactivate 0 03:37:37 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) getpid() [ 988.570568][ T26] audit: type=1804 audit(2000000257.909:264): pid=32080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir113475519/syzkaller.9Gtm6p/12/bus" dev="sda1" ino=17201 res=1 [ 988.716961][ T26] audit: type=1804 audit(2000000257.959:265): pid=32087 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir113475519/syzkaller.9Gtm6p/12/bus" dev="sda1" ino=17201 res=1 03:37:38 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000100)) [ 988.878291][T31967] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=31966,uid=0 [ 988.968288][T31967] Memory cgroup out of memory: Killed process 31967 (syz-executor.3) total-vm:72576kB, anon-rss:2188kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 989.033976][T31838] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 989.047673][T31838] CPU: 0 PID: 31838 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 989.055236][T31838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 989.065286][T31838] Call Trace: [ 989.068574][T31838] dump_stack+0x1d8/0x2f8 [ 989.072900][T31838] dump_header+0xd8/0x960 [ 989.077223][T31838] oom_kill_process+0xcd/0x350 [ 989.081982][T31838] out_of_memory+0x5fa/0x8b0 [ 989.086576][T31838] try_charge+0x125a/0x1910 [ 989.091095][T31838] __memcg_kmem_charge_memcg+0x37/0xc0 [ 989.096673][T31838] kmem_getpages+0x449/0xa00 [ 989.101238][T31838] cache_grow_begin+0x7e/0x2c0 [ 989.106015][T31838] ? __cpuset_node_allowed+0x195/0x510 [ 989.111492][T31838] fallback_alloc+0x134/0x1c0 [ 989.116144][T31838] ____cache_alloc_node+0x22a/0x250 [ 989.121329][T31838] kmem_cache_alloc+0x163/0x2e0 [ 989.126161][T31838] ? ext4_alloc_inode+0x1f/0x560 [ 989.131070][T31838] ? set_qf_name+0x3c0/0x3c0 [ 989.135641][T31838] ext4_alloc_inode+0x1f/0x560 [ 989.140377][T31838] ? set_qf_name+0x3c0/0x3c0 [ 989.144983][T31838] iget_locked+0x182/0x8a0 [ 989.149380][T31838] __ext4_iget+0x265/0x4670 [ 989.153872][T31838] ? ext4_lookup+0x392/0xc30 [ 989.158436][T31838] ? rcu_read_lock_sched_held+0x10b/0x170 [ 989.164130][T31838] ext4_lookup+0x659/0xc30 [ 989.168530][T31838] __lookup_slow+0x285/0x380 [ 989.173100][T31838] path_mountpoint+0x257/0x720 [ 989.177845][T31838] filename_mountpoint+0x1b1/0x610 [ 989.182938][T31838] ? strncpy_from_user+0x361/0x3f0 [ 989.188042][T31838] user_path_mountpoint_at+0x39/0x50 [ 989.193338][T31838] ksys_umount+0x102/0xf30 [ 989.197759][T31838] ? switch_fpu_return+0xe/0x10 [ 989.202593][T31838] ? prepare_exit_to_usermode+0x1f7/0x580 [ 989.208309][T31838] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 989.214004][T31838] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 989.219434][T31838] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 989.225126][T31838] ? do_syscall_64+0x1d/0x1c0 [ 989.229788][T31838] __x64_sys_umount+0x5a/0x70 [ 989.234448][T31838] do_syscall_64+0xf7/0x1c0 [ 989.238926][T31838] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 989.244791][T31838] RIP: 0033:0x45c457 [ 989.248661][T31838] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 989.268328][T31838] RSP: 002b:00007ffecabe3bd8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 989.276720][T31838] RAX: ffffffffffffffda RBX: 00000000000f170b RCX: 000000000045c457 [ 989.284667][T31838] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffecabe3c80 [ 989.292613][T31838] RBP: 0000000000000006 R08: 0000000000000000 R09: 000000000000000e [ 989.300557][T31838] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffecabe4d10 [ 989.308674][T31838] R13: 0000000001a26940 R14: 0000000000000000 R15: 00007ffecabe4d10 [ 989.327039][T31838] memory: usage 17924kB, limit 0kB, failcnt 478 [ 989.333689][T31838] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 989.340731][T31838] Memory cgroup stats for /syz3: [ 989.340799][T31838] anon 143360 [ 989.340799][T31838] file 221184 [ 989.340799][T31838] kernel_stack 0 [ 989.340799][T31838] slab 18309120 [ 989.340799][T31838] sock 0 [ 989.340799][T31838] shmem 0 [ 989.340799][T31838] file_mapped 0 [ 989.340799][T31838] file_dirty 0 [ 989.340799][T31838] file_writeback 0 [ 989.340799][T31838] anon_thp 0 [ 989.340799][T31838] inactive_anon 0 [ 989.340799][T31838] active_anon 65536 [ 989.340799][T31838] inactive_file 0 [ 989.340799][T31838] active_file 135168 [ 989.340799][T31838] unevictable 0 [ 989.340799][T31838] slab_reclaimable 17571840 [ 989.340799][T31838] slab_unreclaimable 737280 [ 989.340799][T31838] pgfault 67518 [ 989.340799][T31838] pgmajfault 0 [ 989.340799][T31838] workingset_refault 0 [ 989.340799][T31838] workingset_activate 0 [ 989.340799][T31838] workingset_nodereclaim 0 [ 989.340799][T31838] pgrefill 66 [ 989.340799][T31838] pgscan 66 [ 989.340799][T31838] pgsteal 35 [ 989.340799][T31838] pgactivate 0 [ 989.437297][T31838] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=31838,uid=0 [ 989.455113][T31838] Memory cgroup out of memory: Killed process 31838 (syz-executor.3) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 989.473316][ T1066] oom_reaper: reaped process 31838 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 989.898917][T32212] IPVS: ftp: loaded support on port[0] = 21 [ 990.085470][T32212] chnl_net:caif_netlink_parms(): no params data found [ 990.195033][T32212] bridge0: port 1(bridge_slave_0) entered blocking state [ 990.203015][T32212] bridge0: port 1(bridge_slave_0) entered disabled state [ 990.211716][T32212] device bridge_slave_0 entered promiscuous mode [ 990.220719][T32212] bridge0: port 2(bridge_slave_1) entered blocking state [ 990.227838][T32212] bridge0: port 2(bridge_slave_1) entered disabled state [ 990.241308][T32212] device bridge_slave_1 entered promiscuous mode [ 990.319164][T32212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 990.332454][T32212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 990.356096][T32212] team0: Port device team_slave_0 added [ 990.364758][T32212] team0: Port device team_slave_1 added [ 990.495035][T32212] device hsr_slave_0 entered promiscuous mode [ 990.580840][T32212] device hsr_slave_1 entered promiscuous mode [ 990.680133][T32212] debugfs: Directory 'hsr0' with parent '/' already present! [ 990.918374][T32212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 990.944044][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 990.953294][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 990.967167][T32212] 8021q: adding VLAN 0 to HW filter on device team0 [ 991.071283][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 991.081054][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 991.089548][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.096658][ T7967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 991.201668][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 991.210561][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 991.231197][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 991.239668][T16143] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.246799][T16143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 991.257238][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 991.322973][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 991.336969][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 991.347396][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 991.358190][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 991.370982][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 991.388108][T32212] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 991.399738][T32212] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 991.414436][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 991.423440][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 991.432665][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 991.443108][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 991.452376][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 991.514437][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 991.537007][T32212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 991.750594][T32220] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 991.805459][T32220] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 991.824143][T32220] CPU: 1 PID: 32220 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 991.831732][T32220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 991.841877][T32220] Call Trace: [ 991.845185][T32220] dump_stack+0x1d8/0x2f8 [ 991.849519][T32220] dump_header+0xd8/0x960 [ 991.853848][T32220] oom_kill_process+0xcd/0x350 [ 991.858710][T32220] out_of_memory+0x5fa/0x8b0 [ 991.863302][T32220] memory_max_write+0x4ba/0x600 [ 991.868158][T32220] ? memory_max_show+0xa0/0xa0 [ 991.872920][T32220] cgroup_file_write+0x223/0x5f0 [ 991.877853][T32220] ? cgroup_seqfile_stop+0xc0/0xc0 [ 991.882962][T32220] kernfs_fop_write+0x3e4/0x4e0 [ 991.887810][T32220] ? kernfs_fop_read+0x580/0x580 [ 991.892751][T32220] __vfs_write+0xb8/0x740 [ 991.897072][T32220] ? __sb_start_write+0x379/0x430 [ 991.902177][T32220] ? __sanitizer_cov_trace_const_cmp4+0x4/0x90 [ 991.908334][T32220] ? __sb_start_write+0x382/0x430 [ 991.913354][T32220] vfs_write+0x275/0x590 [ 991.917593][T32220] ksys_write+0x117/0x220 [ 991.921922][T32220] __x64_sys_write+0x7b/0x90 [ 991.926514][T32220] do_syscall_64+0xf7/0x1c0 [ 991.931015][T32220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 991.937083][T32220] RIP: 0033:0x459a29 [ 991.940972][T32220] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 991.960574][T32220] RSP: 002b:00007f758054cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 991.968985][T32220] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 991.976952][T32220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 991.984924][T32220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 991.992892][T32220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f758054d6d4 [ 992.000861][T32220] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 992.023645][T32220] memory: usage 3852kB, limit 0kB, failcnt 457 [ 992.030950][T32220] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 992.037996][T32220] Memory cgroup stats for /syz2: [ 992.038411][T32220] anon 2191360 [ 992.038411][T32220] file 155648 [ 992.038411][T32220] kernel_stack 0 [ 992.038411][T32220] slab 1568768 [ 992.038411][T32220] sock 0 [ 992.038411][T32220] shmem 0 [ 992.038411][T32220] file_mapped 135168 [ 992.038411][T32220] file_dirty 135168 [ 992.038411][T32220] file_writeback 0 [ 992.038411][T32220] anon_thp 2097152 [ 992.038411][T32220] inactive_anon 135168 [ 992.038411][T32220] active_anon 2191360 [ 992.038411][T32220] inactive_file 0 [ 992.038411][T32220] active_file 0 [ 992.038411][T32220] unevictable 0 [ 992.038411][T32220] slab_reclaimable 675840 [ 992.038411][T32220] slab_unreclaimable 892928 [ 992.038411][T32220] pgfault 209682 [ 992.038411][T32220] pgmajfault 0 [ 992.038411][T32220] workingset_refault 0 [ 992.038411][T32220] workingset_activate 0 [ 992.038411][T32220] workingset_nodereclaim 0 [ 992.038411][T32220] pgrefill 282 [ 992.038411][T32220] pgscan 276 [ 992.038411][T32220] pgsteal 37 [ 992.038411][T32220] pgactivate 231 [ 992.142279][T32220] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32219,uid=0 [ 992.159667][T32220] Memory cgroup out of memory: Killed process 32219 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 992.183535][ T1066] oom_reaper: reaped process 32219 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:37:41 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:41 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000cc0)) 03:37:41 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x400000000000302, 0x4008800) syz_open_procfs(0x0, 0x0) 03:37:41 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, 0x0, 0x8) getpid() 03:37:41 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x1000000000000277, 0x400000000000) 03:37:41 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 992.285587][T32212] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 992.342332][T32212] CPU: 1 PID: 32212 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 992.349930][T32212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 992.359991][T32212] Call Trace: [ 992.363286][T32212] dump_stack+0x1d8/0x2f8 [ 992.376051][T32212] dump_header+0xd8/0x960 [ 992.380388][T32212] oom_kill_process+0xcd/0x350 [ 992.385161][T32212] out_of_memory+0x5fa/0x8b0 [ 992.389758][T32212] try_charge+0x125a/0x1910 [ 992.394279][T32212] mem_cgroup_try_charge+0x20c/0x680 [ 992.399576][T32212] mem_cgroup_try_charge_delay+0x25/0xa0 [ 992.405224][T32212] wp_page_copy+0x349/0x1890 [ 992.409831][T32212] ? __kasan_check_read+0x11/0x20 [ 992.414866][T32212] ? do_raw_spin_unlock+0x49/0x260 [ 992.419975][T32212] do_wp_page+0x5e5/0x1cc0 [ 992.424398][T32212] ? __kasan_check_write+0x14/0x20 [ 992.429521][T32212] handle_mm_fault+0x2ada/0x5ff0 [ 992.434488][T32212] do_user_addr_fault+0x589/0xaf0 [ 992.439532][T32212] __do_page_fault+0xd3/0x1f0 [ 992.444219][T32212] do_page_fault+0x99/0xb0 [ 992.448663][T32212] page_fault+0x39/0x40 [ 992.452826][T32212] RIP: 0033:0x430b06 [ 992.456716][T32212] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 992.476349][T32212] RSP: 002b:00007ffcfde4a0c0 EFLAGS: 00010206 [ 992.482421][T32212] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 03:37:41 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) getresgid(&(0x7f0000000880), 0x0, 0x0) 03:37:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_udp(0xa, 0x2, 0x0) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x6e6bbf, 0x1, 0x0, 0x3}, {{@in=@multicast1}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6}}, 0xe8) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0) fadvise64(r5, 0x0, 0x1cc84e98, 0x1) prctl$PR_SET_PTRACER(0x59616d61, 0x0) [ 992.490399][T32212] RDX: 0000000001af2930 RSI: 0000000001afa970 RDI: 0000000000000003 [ 992.498381][T32212] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001af1940 [ 992.506360][T32212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 992.514335][T32212] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:37:42 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$getflags(r8, 0x401) fcntl$getownex(r7, 0x10, &(0x7f0000000780)) 03:37:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)=ANY=[@ANYBLOB]) [ 992.750070][T32212] memory: usage 1520kB, limit 0kB, failcnt 465 [ 992.758578][T32212] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:37:42 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, 0x0, 0x8) getpid() [ 993.020596][T32212] Memory cgroup stats for /syz2: [ 993.020677][T32212] anon 24576 [ 993.020677][T32212] file 155648 [ 993.020677][T32212] kernel_stack 0 [ 993.020677][T32212] slab 1568768 [ 993.020677][T32212] sock 0 [ 993.020677][T32212] shmem 0 [ 993.020677][T32212] file_mapped 135168 [ 993.020677][T32212] file_dirty 135168 [ 993.020677][T32212] file_writeback 0 [ 993.020677][T32212] anon_thp 0 [ 993.020677][T32212] inactive_anon 135168 [ 993.020677][T32212] active_anon 24576 [ 993.020677][T32212] inactive_file 0 [ 993.020677][T32212] active_file 0 [ 993.020677][T32212] unevictable 0 [ 993.020677][T32212] slab_reclaimable 675840 [ 993.020677][T32212] slab_unreclaimable 892928 [ 993.020677][T32212] pgfault 209682 [ 993.020677][T32212] pgmajfault 0 [ 993.020677][T32212] workingset_refault 0 [ 993.020677][T32212] workingset_activate 0 [ 993.020677][T32212] workingset_nodereclaim 0 [ 993.020677][T32212] pgrefill 282 [ 993.020677][T32212] pgscan 276 [ 993.020677][T32212] pgsteal 37 [ 993.020677][T32212] pgactivate 231 03:37:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 993.332680][T32212] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32212,uid=0 [ 993.365108][T32212] Memory cgroup out of memory: Killed process 32212 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 993.402085][ T1066] oom_reaper: reaped process 32212 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:37:43 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:43 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r7 = open(0x0, 0x0, 0x0) fcntl$getflags(r7, 0x401) 03:37:43 executing program 1: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="fd0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e7066696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed6a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e20f296c9beedf74e5ee0cdcd20600e316205c61a40dfa646510d062feb37b3c304d85a2fc84c69295f3c6669f5f63b5971a095ed037fa3b0fa5898c5c2e860be071e0a558a3146da922616932fb0d00ac5707af5f2b0fd46d8c3904d146586216fa0374ecbbdf103f97cb7195ec3be622d00000000000182d8baa708b1f97806b4c8a4e338e791e256ab473fbdeaa6916a1e4a63a56cb2cd4247ad0dde57520654b0a28ce74c466b0151fcc8ebc4dffe614153f9e357c793e6072621acbce88e01b86dd8c5105967b23a7a5f50719fce094a9b0aa5381a68975250e7bda49817c04322c71c957a9657887e26f3de9078c7c03dadc9cd61da70c895488f15852dae5304d4dafb38be564158bd0038d6191e853fa837bd12dfed522ed18783b2ff6d19beb14a3ba93e4500dcb48adb2d47d57381000"/434], 0xd8) socket(0x3, 0x4, 0x0) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/mcfilter\x00') write$P9_RAUTH(r2, &(0x7f00000002c0)={0x14, 0x67, 0x1, {0x102, 0x0, 0x6}}, 0x14) r3 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000600)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x400, &(0x7f0000000640)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L='version=9p2000.L'}, {@dfltuid={'dfltuid'}}], [{@measure='measure'}, {@euid_lt={'euid<', r4}}, {@obj_role={'obj_role', 0x3d, '9p\x00'}}]}}) bind$tipc(r2, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x3}}, 0x1ac417f0bcad037c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer2\x00', 0x90d082, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x18e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, 0x0, 0x8) getpid() 03:37:43 executing program 5: 03:37:43 executing program 5: [ 994.466059][T32574] IPVS: ftp: loaded support on port[0] = 21 [ 994.756068][T32574] chnl_net:caif_netlink_parms(): no params data found [ 994.915634][T32574] bridge0: port 1(bridge_slave_0) entered blocking state [ 994.924374][T32574] bridge0: port 1(bridge_slave_0) entered disabled state [ 994.933148][T32574] device bridge_slave_0 entered promiscuous mode [ 994.942248][T32574] bridge0: port 2(bridge_slave_1) entered blocking state [ 994.949386][T32574] bridge0: port 2(bridge_slave_1) entered disabled state [ 994.958249][T32574] device bridge_slave_1 entered promiscuous mode [ 994.984264][T32574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 995.067787][T32574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 995.092233][T32574] team0: Port device team_slave_0 added [ 995.100182][T32574] team0: Port device team_slave_1 added [ 995.153298][T32574] device hsr_slave_0 entered promiscuous mode [ 995.190849][T32574] device hsr_slave_1 entered promiscuous mode [ 995.230325][T32574] debugfs: Directory 'hsr0' with parent '/' already present! [ 995.357562][T32574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 995.413693][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 995.425208][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 995.433752][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 995.446442][T32574] 8021q: adding VLAN 0 to HW filter on device team0 [ 995.501810][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 995.511753][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 995.521154][T25324] bridge0: port 1(bridge_slave_0) entered blocking state [ 995.528216][T25324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 995.588176][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 995.597341][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 995.606606][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 995.615708][T25319] bridge0: port 2(bridge_slave_1) entered blocking state [ 995.622824][T25319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 995.696918][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 995.714027][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 995.722805][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 995.741008][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 995.749861][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 995.763394][T32574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 995.848275][T32574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 996.004244][T32582] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 996.049443][T32582] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 996.060111][T32582] CPU: 0 PID: 32582 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 996.067665][T32582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 996.077811][T32582] Call Trace: [ 996.081108][T32582] dump_stack+0x1d8/0x2f8 [ 996.085438][T32582] dump_header+0xd8/0x960 [ 996.089762][T32582] oom_kill_process+0xcd/0x350 [ 996.094518][T32582] out_of_memory+0x5fa/0x8b0 [ 996.099104][T32582] memory_max_write+0x4ba/0x600 [ 996.103957][T32582] ? memory_max_show+0xa0/0xa0 [ 996.108703][T32582] cgroup_file_write+0x223/0x5f0 [ 996.113614][T32582] ? cgroup_seqfile_stop+0xc0/0xc0 [ 996.118699][T32582] kernfs_fop_write+0x3e4/0x4e0 [ 996.123608][T32582] ? kernfs_fop_read+0x580/0x580 [ 996.128522][T32582] __vfs_write+0xb8/0x740 [ 996.132833][T32582] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 996.138352][T32582] ? __sb_start_write+0x382/0x430 [ 996.143357][T32582] vfs_write+0x275/0x590 [ 996.147576][T32582] ksys_write+0x117/0x220 [ 996.151882][T32582] __x64_sys_write+0x7b/0x90 [ 996.156447][T32582] do_syscall_64+0xf7/0x1c0 [ 996.161016][T32582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 996.167511][T32582] RIP: 0033:0x459a29 [ 996.171683][T32582] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 996.191358][T32582] RSP: 002b:00007f0292414c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 996.199741][T32582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 996.207704][T32582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 996.215656][T32582] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 996.223603][T32582] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02924156d4 [ 996.231566][T32582] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 996.255367][T32582] memory: usage 20276kB, limit 0kB, failcnt 479 [ 996.263379][T32582] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 996.271130][T32582] Memory cgroup stats for /syz3: [ 996.271525][T32582] anon 2252800 [ 996.271525][T32582] file 221184 [ 996.271525][T32582] kernel_stack 65536 [ 996.271525][T32582] slab 18309120 [ 996.271525][T32582] sock 0 [ 996.271525][T32582] shmem 0 [ 996.271525][T32582] file_mapped 0 [ 996.271525][T32582] file_dirty 0 [ 996.271525][T32582] file_writeback 0 [ 996.271525][T32582] anon_thp 2097152 [ 996.271525][T32582] inactive_anon 0 [ 996.271525][T32582] active_anon 2174976 [ 996.271525][T32582] inactive_file 0 [ 996.271525][T32582] active_file 135168 [ 996.271525][T32582] unevictable 0 [ 996.271525][T32582] slab_reclaimable 17571840 [ 996.271525][T32582] slab_unreclaimable 737280 [ 996.271525][T32582] pgfault 67584 [ 996.271525][T32582] pgmajfault 0 [ 996.271525][T32582] workingset_refault 0 [ 996.271525][T32582] workingset_activate 0 [ 996.271525][T32582] workingset_nodereclaim 0 [ 996.271525][T32582] pgrefill 66 [ 996.271525][T32582] pgscan 66 [ 996.271525][T32582] pgsteal 35 [ 996.271525][T32582] pgactivate 0 [ 996.371115][T32582] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=32581,uid=0 [ 996.388642][T32582] Memory cgroup out of memory: Killed process 32581 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 996.410905][ T1066] oom_reaper: reaped process 32581 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:37:45 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:45 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 03:37:45 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:45 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) 03:37:45 executing program 5: 03:37:45 executing program 1: 03:37:45 executing program 5: 03:37:45 executing program 1: [ 996.533750][T32574] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 996.572349][T32574] CPU: 1 PID: 32574 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 996.579943][T32574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 996.579948][T32574] Call Trace: [ 996.579965][T32574] dump_stack+0x1d8/0x2f8 [ 996.579979][T32574] dump_header+0xd8/0x960 [ 996.579992][T32574] oom_kill_process+0xcd/0x350 [ 996.580003][T32574] out_of_memory+0x5fa/0x8b0 [ 996.580016][T32574] try_charge+0x125a/0x1910 [ 996.580048][T32574] mem_cgroup_try_charge+0x20c/0x680 [ 996.580063][T32574] mem_cgroup_try_charge_delay+0x25/0xa0 [ 996.580076][T32574] wp_page_copy+0x349/0x1890 [ 996.580097][T32574] ? __kasan_check_read+0x11/0x20 [ 996.631338][T32574] ? do_raw_spin_unlock+0x49/0x260 [ 996.631355][T32574] do_wp_page+0x5e5/0x1cc0 [ 996.631364][T32574] ? __kasan_check_write+0x14/0x20 [ 996.631382][T32574] handle_mm_fault+0x2ada/0x5ff0 [ 996.631414][T32574] do_user_addr_fault+0x589/0xaf0 [ 996.631434][T32574] __do_page_fault+0xd3/0x1f0 [ 996.631445][T32574] do_page_fault+0x99/0xb0 [ 996.651045][T32574] page_fault+0x39/0x40 [ 996.651056][T32574] RIP: 0033:0x430b06 [ 996.651065][T32574] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 996.651074][T32574] RSP: 002b:00007fff8f67e6c0 EFLAGS: 00010206 [ 996.670051][T32574] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 996.670058][T32574] RDX: 0000000002626930 RSI: 000000000262e970 RDI: 0000000000000003 [ 996.670064][T32574] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002625940 03:37:46 executing program 1: [ 996.670070][T32574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 996.670075][T32574] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:37:46 executing program 5: 03:37:46 executing program 1: [ 996.840028][T32574] memory: usage 17944kB, limit 0kB, failcnt 487 [ 996.847460][T32574] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 996.889287][T32574] Memory cgroup stats for /syz3: [ 996.889372][T32574] anon 102400 [ 996.889372][T32574] file 221184 [ 996.889372][T32574] kernel_stack 0 [ 996.889372][T32574] slab 18309120 [ 996.889372][T32574] sock 0 [ 996.889372][T32574] shmem 0 [ 996.889372][T32574] file_mapped 0 [ 996.889372][T32574] file_dirty 0 [ 996.889372][T32574] file_writeback 0 [ 996.889372][T32574] anon_thp 0 [ 996.889372][T32574] inactive_anon 0 [ 996.889372][T32574] active_anon 24576 [ 996.889372][T32574] inactive_file 0 03:37:46 executing program 1: [ 996.889372][T32574] active_file 135168 [ 996.889372][T32574] unevictable 0 [ 996.889372][T32574] slab_reclaimable 17571840 [ 996.889372][T32574] slab_unreclaimable 737280 [ 996.889372][T32574] pgfault 67584 [ 996.889372][T32574] pgmajfault 0 [ 996.889372][T32574] workingset_refault 0 [ 996.889372][T32574] workingset_activate 0 [ 996.889372][T32574] workingset_nodereclaim 0 [ 996.889372][T32574] pgrefill 66 [ 996.889372][T32574] pgscan 66 [ 996.889372][T32574] pgsteal 35 [ 996.889372][T32574] pgactivate 0 [ 997.090046][T32574] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=32574,uid=0 [ 997.154791][T32574] Memory cgroup out of memory: Killed process 32574 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 997.212855][ T1066] oom_reaper: reaped process 32574 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:37:47 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:37:47 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) [ 998.385921][T32610] IPVS: ftp: loaded support on port[0] = 21 [ 998.599336][T32610] chnl_net:caif_netlink_parms(): no params data found [ 998.711963][T32610] bridge0: port 1(bridge_slave_0) entered blocking state [ 998.719125][T32610] bridge0: port 1(bridge_slave_0) entered disabled state [ 998.727877][T32610] device bridge_slave_0 entered promiscuous mode [ 998.736559][T32610] bridge0: port 2(bridge_slave_1) entered blocking state [ 998.743857][T32610] bridge0: port 2(bridge_slave_1) entered disabled state [ 998.752474][T32610] device bridge_slave_1 entered promiscuous mode [ 998.816536][T32610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 998.828679][T32610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 998.850788][T32610] team0: Port device team_slave_0 added [ 998.858446][T32610] team0: Port device team_slave_1 added [ 999.032772][T32610] device hsr_slave_0 entered promiscuous mode [ 999.071141][T32610] device hsr_slave_1 entered promiscuous mode [ 999.120050][T32610] debugfs: Directory 'hsr0' with parent '/' already present! [ 999.177406][T32610] bridge0: port 2(bridge_slave_1) entered blocking state [ 999.184558][T32610] bridge0: port 2(bridge_slave_1) entered forwarding state [ 999.191938][T32610] bridge0: port 1(bridge_slave_0) entered blocking state [ 999.198982][T32610] bridge0: port 1(bridge_slave_0) entered forwarding state [ 999.292087][T32610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 999.311319][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 999.323503][T25323] bridge0: port 1(bridge_slave_0) entered disabled state [ 999.332661][T25323] bridge0: port 2(bridge_slave_1) entered disabled state [ 999.342640][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 999.357797][T32610] 8021q: adding VLAN 0 to HW filter on device team0 [ 999.413120][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 999.430410][T16142] bridge0: port 1(bridge_slave_0) entered blocking state [ 999.437465][T16142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 999.498369][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 999.508621][T25323] bridge0: port 2(bridge_slave_1) entered blocking state [ 999.515739][T25323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 999.541016][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 999.549690][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 999.667163][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 999.676955][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 999.694900][T32610] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 999.707511][T32610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 999.776839][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 999.787306][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 999.815132][T32610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1000.040219][T32618] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1000.095977][T32618] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1000.113946][T32618] CPU: 1 PID: 32618 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1000.121524][T32618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1000.131574][T32618] Call Trace: [ 1000.134865][T32618] dump_stack+0x1d8/0x2f8 [ 1000.139188][T32618] dump_header+0xd8/0x960 [ 1000.143532][T32618] oom_kill_process+0xcd/0x350 [ 1000.148298][T32618] out_of_memory+0x5fa/0x8b0 [ 1000.152888][T32618] memory_max_write+0x4ba/0x600 [ 1000.157774][T32618] ? memory_max_show+0xa0/0xa0 [ 1000.162534][T32618] cgroup_file_write+0x223/0x5f0 [ 1000.167485][T32618] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1000.172616][T32618] kernfs_fop_write+0x3e4/0x4e0 [ 1000.177461][T32618] ? kernfs_fop_read+0x580/0x580 [ 1000.182392][T32618] __vfs_write+0xb8/0x740 [ 1000.186728][T32618] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1000.192276][T32618] ? __sb_start_write+0x382/0x430 [ 1000.197293][T32618] vfs_write+0x275/0x590 [ 1000.201533][T32618] ksys_write+0x117/0x220 [ 1000.205854][T32618] __x64_sys_write+0x7b/0x90 [ 1000.210437][T32618] do_syscall_64+0xf7/0x1c0 [ 1000.214938][T32618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1000.220821][T32618] RIP: 0033:0x459a29 [ 1000.224703][T32618] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1000.244300][T32618] RSP: 002b:00007fb06ff16c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1000.252726][T32618] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1000.260689][T32618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1000.268654][T32618] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1000.276614][T32618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb06ff176d4 [ 1000.284574][T32618] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1000.300872][T32618] memory: usage 3672kB, limit 0kB, failcnt 466 [ 1000.311702][T32618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1000.318740][T32618] Memory cgroup stats for /syz2: [ 1000.319187][T32618] anon 2183168 [ 1000.319187][T32618] file 155648 [ 1000.319187][T32618] kernel_stack 65536 [ 1000.319187][T32618] slab 1433600 [ 1000.319187][T32618] sock 0 [ 1000.319187][T32618] shmem 0 [ 1000.319187][T32618] file_mapped 135168 [ 1000.319187][T32618] file_dirty 135168 [ 1000.319187][T32618] file_writeback 0 [ 1000.319187][T32618] anon_thp 2097152 [ 1000.319187][T32618] inactive_anon 135168 [ 1000.319187][T32618] active_anon 2183168 [ 1000.319187][T32618] inactive_file 0 [ 1000.319187][T32618] active_file 0 [ 1000.319187][T32618] unevictable 0 [ 1000.319187][T32618] slab_reclaimable 540672 [ 1000.319187][T32618] slab_unreclaimable 892928 [ 1000.319187][T32618] pgfault 209748 [ 1000.319187][T32618] pgmajfault 0 [ 1000.319187][T32618] workingset_refault 0 [ 1000.319187][T32618] workingset_activate 0 [ 1000.319187][T32618] workingset_nodereclaim 0 [ 1000.319187][T32618] pgrefill 282 [ 1000.319187][T32618] pgscan 276 [ 1000.319187][T32618] pgsteal 37 [ 1000.319187][T32618] pgactivate 231 [ 1000.428258][T32618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32617,uid=0 03:37:49 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:49 executing program 5: 03:37:49 executing program 1: 03:37:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 03:37:49 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:37:49 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 1000.444545][T32618] Memory cgroup out of memory: Killed process 32617 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1000.465786][ T1066] oom_reaper: reaped process 32617 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:37:49 executing program 1: 03:37:49 executing program 5: [ 1000.553042][T32610] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1000.646057][T32610] CPU: 1 PID: 32610 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1000.653649][T32610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1000.663711][T32610] Call Trace: [ 1000.667010][T32610] dump_stack+0x1d8/0x2f8 [ 1000.671352][T32610] dump_header+0xd8/0x960 [ 1000.675694][T32610] oom_kill_process+0xcd/0x350 [ 1000.680467][T32610] out_of_memory+0x5fa/0x8b0 [ 1000.685059][T32610] try_charge+0x125a/0x1910 [ 1000.689594][T32610] mem_cgroup_try_charge+0x20c/0x680 [ 1000.694879][T32610] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1000.700538][T32610] handle_mm_fault+0x310e/0x5ff0 [ 1000.705494][T32610] do_user_addr_fault+0x589/0xaf0 [ 1000.710528][T32610] __do_page_fault+0xd3/0x1f0 [ 1000.715200][T32610] do_page_fault+0x99/0xb0 [ 1000.719609][T32610] page_fault+0x39/0x40 [ 1000.723759][T32610] RIP: 0033:0x42ff4f 03:37:50 executing program 1: [ 1000.727649][T32610] Code: 28 49 4e 00 ba 59 0a 00 00 be 48 3a 4e 00 bf f0 41 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 <41> 56 48 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb [ 1000.747255][T32610] RSP: 002b:00007fff81b06000 EFLAGS: 00010217 [ 1000.753323][T32610] RAX: 0000000000008030 RBX: 0000000000715640 RCX: 0000000000458d94 [ 1000.761298][T32610] RDX: 00007fff81b06030 RSI: 0000000000008030 RDI: 0000000000715640 [ 1000.769267][T32610] RBP: 0000000000008030 R08: 0000000000000001 R09: 00000000024fe940 [ 1000.777227][T32610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff81b07210 [ 1000.785185][T32610] R13: 00007fff81b07200 R14: 0000000000000000 R15: 00007fff81b07210 03:37:50 executing program 4: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) fcntl$getflags(r3, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000021c0)) 03:37:50 executing program 5: 03:37:50 executing program 1: [ 1001.190064][T32610] memory: usage 1348kB, limit 0kB, failcnt 478 [ 1001.196272][T32610] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1001.214747][T32610] Memory cgroup stats for /syz2: [ 1001.214826][T32610] anon 77824 [ 1001.214826][T32610] file 155648 [ 1001.214826][T32610] kernel_stack 0 [ 1001.214826][T32610] slab 1433600 [ 1001.214826][T32610] sock 0 [ 1001.214826][T32610] shmem 0 [ 1001.214826][T32610] file_mapped 135168 [ 1001.214826][T32610] file_dirty 135168 [ 1001.214826][T32610] file_writeback 0 [ 1001.214826][T32610] anon_thp 0 [ 1001.214826][T32610] inactive_anon 135168 [ 1001.214826][T32610] active_anon 77824 [ 1001.214826][T32610] inactive_file 0 [ 1001.214826][T32610] active_file 0 [ 1001.214826][T32610] unevictable 0 [ 1001.214826][T32610] slab_reclaimable 540672 [ 1001.214826][T32610] slab_unreclaimable 892928 [ 1001.214826][T32610] pgfault 209748 [ 1001.214826][T32610] pgmajfault 0 [ 1001.214826][T32610] workingset_refault 0 [ 1001.214826][T32610] workingset_activate 0 [ 1001.214826][T32610] workingset_nodereclaim 0 [ 1001.214826][T32610] pgrefill 282 [ 1001.214826][T32610] pgscan 276 [ 1001.214826][T32610] pgsteal 37 [ 1001.214826][T32610] pgactivate 231 [ 1001.316042][T32610] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32610,uid=0 [ 1001.331964][T32610] Memory cgroup out of memory: Killed process 32610 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1001.351980][ T1066] oom_reaper: reaped process 32610 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:37:51 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:51 executing program 5: 03:37:51 executing program 1: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f0000000300)={&(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0) 03:37:51 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) 03:37:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 1002.405033][T32656] IPVS: ftp: loaded support on port[0] = 21 [ 1002.685405][T32656] chnl_net:caif_netlink_parms(): no params data found [ 1002.725331][T32656] bridge0: port 1(bridge_slave_0) entered blocking state [ 1002.733207][T32656] bridge0: port 1(bridge_slave_0) entered disabled state [ 1002.741945][T32656] device bridge_slave_0 entered promiscuous mode [ 1002.751022][T32656] bridge0: port 2(bridge_slave_1) entered blocking state [ 1002.758160][T32656] bridge0: port 2(bridge_slave_1) entered disabled state [ 1002.767105][T32656] device bridge_slave_1 entered promiscuous mode [ 1002.835807][T32656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1002.848044][T32656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1002.871971][T32656] team0: Port device team_slave_0 added [ 1002.962422][T32656] team0: Port device team_slave_1 added [ 1003.103101][T32656] device hsr_slave_0 entered promiscuous mode [ 1003.151039][T32656] device hsr_slave_1 entered promiscuous mode [ 1003.201686][T32656] debugfs: Directory 'hsr0' with parent '/' already present! [ 1003.401958][T32656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1003.418993][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1003.432468][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1003.441015][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1003.496901][T32656] 8021q: adding VLAN 0 to HW filter on device team0 [ 1003.514608][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1003.526292][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1003.535600][T25319] bridge0: port 1(bridge_slave_0) entered blocking state [ 1003.542766][T25319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1003.635076][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1003.645469][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1003.654778][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1003.663894][T25324] bridge0: port 2(bridge_slave_1) entered blocking state [ 1003.671017][T25324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1003.680640][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1003.775139][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1003.787194][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1003.807057][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1003.816134][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1003.825104][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1003.895375][T32656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1003.907859][T32656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1003.917720][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1004.024014][T32656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1004.229188][T32665] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1004.281129][T32665] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1004.300423][T32665] CPU: 0 PID: 32665 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1004.307997][T32665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.318054][T32665] Call Trace: [ 1004.321435][T32665] dump_stack+0x1d8/0x2f8 [ 1004.325774][T32665] dump_header+0xd8/0x960 [ 1004.330104][T32665] oom_kill_process+0xcd/0x350 [ 1004.334867][T32665] out_of_memory+0x5fa/0x8b0 [ 1004.339458][T32665] memory_max_write+0x4ba/0x600 [ 1004.344316][T32665] ? memory_max_show+0xa0/0xa0 [ 1004.349082][T32665] cgroup_file_write+0x223/0x5f0 [ 1004.354023][T32665] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1004.359141][T32665] kernfs_fop_write+0x3e4/0x4e0 [ 1004.363989][T32665] ? kernfs_fop_read+0x580/0x580 [ 1004.368919][T32665] __vfs_write+0xb8/0x740 [ 1004.373250][T32665] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1004.378774][T32665] ? __sb_start_write+0x382/0x430 [ 1004.383775][T32665] vfs_write+0x275/0x590 [ 1004.387998][T32665] ksys_write+0x117/0x220 [ 1004.392316][T32665] __x64_sys_write+0x7b/0x90 [ 1004.399928][T32665] do_syscall_64+0xf7/0x1c0 [ 1004.404411][T32665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1004.410302][T32665] RIP: 0033:0x459a29 [ 1004.414196][T32665] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1004.433864][T32665] RSP: 002b:00007fda43ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1004.442364][T32665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1004.450321][T32665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 1004.458417][T32665] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1004.466371][T32665] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda43ae26d4 [ 1004.474422][T32665] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1004.492280][T32665] memory: usage 20268kB, limit 0kB, failcnt 488 [ 1004.499310][T32665] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1004.506587][T32665] Memory cgroup stats for /syz3: [ 1004.506969][T32665] anon 2207744 [ 1004.506969][T32665] file 221184 [ 1004.506969][T32665] kernel_stack 65536 [ 1004.506969][T32665] slab 18309120 [ 1004.506969][T32665] sock 0 [ 1004.506969][T32665] shmem 0 [ 1004.506969][T32665] file_mapped 0 [ 1004.506969][T32665] file_dirty 0 [ 1004.506969][T32665] file_writeback 0 [ 1004.506969][T32665] anon_thp 2097152 [ 1004.506969][T32665] inactive_anon 0 [ 1004.506969][T32665] active_anon 2129920 [ 1004.506969][T32665] inactive_file 0 [ 1004.506969][T32665] active_file 135168 [ 1004.506969][T32665] unevictable 0 [ 1004.506969][T32665] slab_reclaimable 17571840 [ 1004.506969][T32665] slab_unreclaimable 737280 [ 1004.506969][T32665] pgfault 67650 [ 1004.506969][T32665] pgmajfault 0 [ 1004.506969][T32665] workingset_refault 0 [ 1004.506969][T32665] workingset_activate 0 [ 1004.506969][T32665] workingset_nodereclaim 0 [ 1004.506969][T32665] pgrefill 66 [ 1004.506969][T32665] pgscan 66 [ 1004.506969][T32665] pgsteal 35 [ 1004.506969][T32665] pgactivate 0 [ 1004.616104][T32665] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=32664,uid=0 03:37:54 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:37:54 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket$kcm(0x10, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e1310a40c97a606fe530cb7d7f933eda02ba18ad181867514fe600777199167aee38f728d4dd90123d3ee7cf43548ee858e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90b0c4825878dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602763e0d70d404da006a3d6eef8fb7fcdd823567c567"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000540)={&(0x7f0000000500)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x0, 0xe, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000880)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) r2 = socket$kcm(0x2c, 0x3, 0x0) close(r2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x3600000000000000, 0x44, 0x0, &(0x7f0000000080)="4d50b441e692763113ef8745ffa3a30538bd7ee5e39d9d59026786dd223ec75b4e1a9ae934c8f49b21f35c012238103650e1c4f9ed85e2cc4f890f3ee6312a7400021522", 0x0, 0x400}, 0x28) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 03:37:54 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x0, @loopback}], 0x10) sendto$inet(r0, &(0x7f0000000180)='7', 0x1, 0x44, &(0x7f0000618000)={0x2, 0x0, @local}, 0x10) 03:37:54 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:54 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) 03:37:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 1004.633176][T32665] Memory cgroup out of memory: Killed process 32664 (syz-executor.3) total-vm:72580kB, anon-rss:2184kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1004.656741][ T1066] oom_reaper: reaped process 32664 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1004.717642][T32656] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1004.767115][T32656] CPU: 0 PID: 32656 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1004.774742][T32656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.784808][T32656] Call Trace: [ 1004.788105][T32656] dump_stack+0x1d8/0x2f8 [ 1004.792442][T32656] dump_header+0xd8/0x960 [ 1004.797565][T32656] oom_kill_process+0xcd/0x350 [ 1004.802329][T32656] out_of_memory+0x5fa/0x8b0 [ 1004.807199][T32656] try_charge+0x125a/0x1910 [ 1004.811732][T32656] mem_cgroup_try_charge+0x20c/0x680 [ 1004.817029][T32656] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1004.822673][T32656] handle_mm_fault+0x310e/0x5ff0 [ 1004.827649][T32656] do_user_addr_fault+0x589/0xaf0 [ 1004.832691][T32656] __do_page_fault+0xd3/0x1f0 [ 1004.837466][T32656] do_page_fault+0x99/0xb0 [ 1004.841899][T32656] page_fault+0x39/0x40 [ 1004.846056][T32656] RIP: 0033:0x42ff7c 03:37:54 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) [ 1004.849956][T32656] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d ea 4f 64 00 77 70 89 ef [ 1004.869654][T32656] RSP: 002b:00007ffdf3cdff80 EFLAGS: 00010202 [ 1004.875727][T32656] RAX: 0000000000000020 RBX: 0000000000715640 RCX: 0000000000458d94 [ 1004.883705][T32656] RDX: 00007ffdf3ce0070 RSI: 0000000000008030 RDI: 0000000000715640 [ 1004.891684][T32656] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000000001fbc940 [ 1004.899865][T32656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf3ce1250 [ 1004.907848][T32656] R13: 00007ffdf3ce1240 R14: 0000000000000000 R15: 00007ffdf3ce1250 03:37:54 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() [ 1005.020879][T32656] memory: usage 17940kB, limit 0kB, failcnt 496 [ 1005.028328][T32656] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1005.051091][T32656] Memory cgroup stats for /syz3: [ 1005.052148][T32656] anon 102400 [ 1005.052148][T32656] file 221184 [ 1005.052148][T32656] kernel_stack 0 [ 1005.052148][T32656] slab 18309120 [ 1005.052148][T32656] sock 0 [ 1005.052148][T32656] shmem 0 [ 1005.052148][T32656] file_mapped 0 [ 1005.052148][T32656] file_dirty 0 [ 1005.052148][T32656] file_writeback 0 [ 1005.052148][T32656] anon_thp 0 [ 1005.052148][T32656] inactive_anon 0 [ 1005.052148][T32656] active_anon 24576 [ 1005.052148][T32656] inactive_file 0 [ 1005.052148][T32656] active_file 135168 [ 1005.052148][T32656] unevictable 0 [ 1005.052148][T32656] slab_reclaimable 17571840 [ 1005.052148][T32656] slab_unreclaimable 737280 [ 1005.052148][T32656] pgfault 67683 [ 1005.052148][T32656] pgmajfault 0 [ 1005.052148][T32656] workingset_refault 0 [ 1005.052148][T32656] workingset_activate 0 [ 1005.052148][T32656] workingset_nodereclaim 0 [ 1005.052148][T32656] pgrefill 66 [ 1005.052148][T32656] pgscan 66 [ 1005.052148][T32656] pgsteal 35 [ 1005.052148][T32656] pgactivate 0 03:37:54 executing program 1: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06030000a843089100fe80390008000800020000dc13382d0000009b7a136ef75afb83de448daa72540d8102d2c55327c43ab8220000060cec4fab91d4000000000001ae", 0x55}], 0x1}, 0x0) 03:37:54 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) 03:37:54 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) 03:37:54 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) [ 1005.720004][T32656] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=32656,uid=0 [ 1005.760722][T32656] Memory cgroup out of memory: Killed process 32656 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1005.779041][ T1066] oom_reaper: reaped process 32656 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:37:55 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:55 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) 03:37:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 1006.836252][T32708] IPVS: ftp: loaded support on port[0] = 21 [ 1007.288100][T32708] chnl_net:caif_netlink_parms(): no params data found [ 1007.423792][T32708] bridge0: port 1(bridge_slave_0) entered blocking state [ 1007.431919][T32708] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.440982][T32708] device bridge_slave_0 entered promiscuous mode [ 1007.449585][T32708] bridge0: port 2(bridge_slave_1) entered blocking state [ 1007.457932][T32708] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.467594][T32708] device bridge_slave_1 entered promiscuous mode [ 1007.533592][T32708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1007.552205][T32708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1007.574854][T32708] team0: Port device team_slave_0 added [ 1007.657418][T32708] team0: Port device team_slave_1 added [ 1007.783257][T32708] device hsr_slave_0 entered promiscuous mode [ 1007.861005][T32708] device hsr_slave_1 entered promiscuous mode [ 1007.970085][T32708] debugfs: Directory 'hsr0' with parent '/' already present! [ 1008.056621][T32708] bridge0: port 2(bridge_slave_1) entered blocking state [ 1008.063755][T32708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1008.071131][T32708] bridge0: port 1(bridge_slave_0) entered blocking state [ 1008.078184][T32708] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1008.239386][T32708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1008.256860][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1008.265822][T25324] bridge0: port 1(bridge_slave_0) entered disabled state [ 1008.274316][T25324] bridge0: port 2(bridge_slave_1) entered disabled state [ 1008.283513][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1008.299836][T32708] 8021q: adding VLAN 0 to HW filter on device team0 [ 1008.394007][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1008.403998][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1008.413482][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1008.420590][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1008.495926][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1008.506673][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1008.515741][T25319] bridge0: port 2(bridge_slave_1) entered blocking state [ 1008.522878][T25319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1008.532731][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1008.542702][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1008.635179][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1008.649578][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1008.658901][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1008.669485][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1008.743928][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1008.752446][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1008.761529][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1008.771491][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1008.780627][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1008.790778][T32708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1008.889370][T32708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1009.138612][T32717] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1009.182510][T32717] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1009.192997][T32717] CPU: 0 PID: 32717 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1009.200543][T32717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.210598][T32717] Call Trace: [ 1009.213893][T32717] dump_stack+0x1d8/0x2f8 [ 1009.218311][T32717] dump_header+0xd8/0x960 [ 1009.222653][T32717] oom_kill_process+0xcd/0x350 [ 1009.227461][T32717] out_of_memory+0x5fa/0x8b0 [ 1009.232050][T32717] memory_max_write+0x4ba/0x600 [ 1009.236907][T32717] ? memory_max_show+0xa0/0xa0 [ 1009.241670][T32717] cgroup_file_write+0x223/0x5f0 [ 1009.246606][T32717] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1009.251715][T32717] kernfs_fop_write+0x3e4/0x4e0 [ 1009.256561][T32717] ? kernfs_fop_read+0x580/0x580 [ 1009.261577][T32717] __vfs_write+0xb8/0x740 [ 1009.265912][T32717] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1009.271537][T32717] ? __sb_start_write+0x382/0x430 [ 1009.276555][T32717] vfs_write+0x275/0x590 [ 1009.280805][T32717] ksys_write+0x117/0x220 [ 1009.285155][T32717] __x64_sys_write+0x7b/0x90 [ 1009.289745][T32717] do_syscall_64+0xf7/0x1c0 [ 1009.294689][T32717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1009.301057][T32717] RIP: 0033:0x459a29 [ 1009.305511][T32717] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1009.326403][T32717] RSP: 002b:00007f7690a61c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1009.334818][T32717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1009.343064][T32717] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1009.351123][T32717] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1009.359119][T32717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7690a626d4 [ 1009.367303][T32717] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1009.395071][T32717] memory: usage 3592kB, limit 0kB, failcnt 479 [ 1009.407118][T32717] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1009.417906][T32717] Memory cgroup stats for /syz2: [ 1009.418345][T32717] anon 2179072 [ 1009.418345][T32717] file 155648 [ 1009.418345][T32717] kernel_stack 0 [ 1009.418345][T32717] slab 1298432 [ 1009.418345][T32717] sock 0 [ 1009.418345][T32717] shmem 0 [ 1009.418345][T32717] file_mapped 135168 [ 1009.418345][T32717] file_dirty 135168 [ 1009.418345][T32717] file_writeback 0 [ 1009.418345][T32717] anon_thp 2097152 [ 1009.418345][T32717] inactive_anon 135168 [ 1009.418345][T32717] active_anon 2179072 [ 1009.418345][T32717] inactive_file 0 [ 1009.418345][T32717] active_file 0 [ 1009.418345][T32717] unevictable 0 [ 1009.418345][T32717] slab_reclaimable 405504 [ 1009.418345][T32717] slab_unreclaimable 892928 [ 1009.418345][T32717] pgfault 209847 [ 1009.418345][T32717] pgmajfault 0 [ 1009.418345][T32717] workingset_refault 0 [ 1009.418345][T32717] workingset_activate 0 [ 1009.418345][T32717] workingset_nodereclaim 0 [ 1009.418345][T32717] pgrefill 282 [ 1009.418345][T32717] pgscan 276 [ 1009.418345][T32717] pgsteal 37 [ 1009.418345][T32717] pgactivate 231 [ 1009.529229][T32717] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32716,uid=0 [ 1009.545986][T32717] Memory cgroup out of memory: Killed process 32716 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1009.567050][ T1066] oom_reaper: reaped process 32716 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:37:59 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:59 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) 03:37:59 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) 03:37:59 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket$kcm(0x10, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e1310a40c97a606fe530cb7d7f933eda02ba18ad181867514fe600777199167aee38f728d4dd90123d3ee7cf43548ee858e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90b0c4825878dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602763e0d70d404da006a3d6eef8fb7fcdd823567c567"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000540)={&(0x7f0000000500)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x0, 0xe, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000880)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) r2 = socket$kcm(0x2c, 0x3, 0x0) close(r2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x3600000000000000, 0x44, 0x0, &(0x7f0000000080)="4d50b441e692763113ef8745ffa3a30538bd7ee5e39d9d59026786dd223ec75b4e1a9ae934c8f49b21f35c012238103650e1c4f9ed85e2cc4f890f3ee6312a7400021522", 0x0, 0x400}, 0x28) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 03:37:59 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:37:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 1009.656734][T32708] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1009.702597][T32708] CPU: 0 PID: 32708 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1009.710195][T32708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.720253][T32708] Call Trace: [ 1009.723548][T32708] dump_stack+0x1d8/0x2f8 [ 1009.727893][T32708] dump_header+0xd8/0x960 [ 1009.732229][T32708] oom_kill_process+0xcd/0x350 [ 1009.736998][T32708] out_of_memory+0x5fa/0x8b0 [ 1009.741600][T32708] try_charge+0x125a/0x1910 [ 1009.746145][T32708] mem_cgroup_try_charge+0x20c/0x680 [ 1009.751445][T32708] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1009.757086][T32708] handle_mm_fault+0x310e/0x5ff0 [ 1009.762051][T32708] do_user_addr_fault+0x589/0xaf0 [ 1009.767092][T32708] __do_page_fault+0xd3/0x1f0 [ 1009.771790][T32708] do_page_fault+0x99/0xb0 [ 1009.776228][T32708] page_fault+0x39/0x40 [ 1009.780387][T32708] RIP: 0033:0x4034f2 [ 1009.784287][T32708] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1009.803899][T32708] RSP: 002b:00007fff5e33ffe0 EFLAGS: 00010246 [ 1009.809969][T32708] RAX: 0000000000000000 RBX: 00000000000f6606 RCX: 0000000000413630 [ 1009.817972][T32708] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff5e341110 [ 1009.825950][T32708] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000022b5940 [ 1009.834017][T32708] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff5e341110 [ 1009.841995][T32708] R13: 00007fff5e341100 R14: 0000000000000000 R15: 00007fff5e341110 03:37:59 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 03:37:59 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) getresgid(&(0x7f0000001700), &(0x7f0000001740), &(0x7f0000001780)) [ 1010.090300][T32708] memory: usage 1260kB, limit 0kB, failcnt 487 [ 1010.100365][T32708] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1010.135332][T32708] Memory cgroup stats for /syz2: [ 1010.135424][T32708] anon 77824 [ 1010.135424][T32708] file 155648 [ 1010.135424][T32708] kernel_stack 0 [ 1010.135424][T32708] slab 1298432 [ 1010.135424][T32708] sock 0 [ 1010.135424][T32708] shmem 0 [ 1010.135424][T32708] file_mapped 135168 [ 1010.135424][T32708] file_dirty 135168 [ 1010.135424][T32708] file_writeback 0 [ 1010.135424][T32708] anon_thp 0 [ 1010.135424][T32708] inactive_anon 135168 [ 1010.135424][T32708] active_anon 77824 [ 1010.135424][T32708] inactive_file 0 [ 1010.135424][T32708] active_file 0 [ 1010.135424][T32708] unevictable 0 [ 1010.135424][T32708] slab_reclaimable 405504 [ 1010.135424][T32708] slab_unreclaimable 892928 [ 1010.135424][T32708] pgfault 209847 [ 1010.135424][T32708] pgmajfault 0 [ 1010.135424][T32708] workingset_refault 0 [ 1010.135424][T32708] workingset_activate 0 [ 1010.135424][T32708] workingset_nodereclaim 0 [ 1010.135424][T32708] pgrefill 282 [ 1010.135424][T32708] pgscan 276 [ 1010.135424][T32708] pgsteal 37 [ 1010.135424][T32708] pgactivate 231 03:37:59 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) 03:37:59 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000015c0)={{{@in6=@ipv4, @in6=@empty}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @empty}}}, 0x0) 03:37:59 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) 03:37:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 1010.609997][T32708] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32708,uid=0 [ 1010.671587][T32708] Memory cgroup out of memory: Killed process 32708 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1010.744520][ T1066] oom_reaper: reaped process 32708 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:00 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:00 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket$kcm(0x10, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e1310a40c97a606fe530cb7d7f933eda02ba18ad181867514fe600777199167aee38f728d4dd90123d3ee7cf43548ee858e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90b0c4825878dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602763e0d70d404da006a3d6eef8fb7fcdd823567c567"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000540)={&(0x7f0000000500)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x0, 0xe, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000880)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) r2 = socket$kcm(0x2c, 0x3, 0x0) close(r2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x3600000000000000, 0x44, 0x0, &(0x7f0000000080)="4d50b441e692763113ef8745ffa3a30538bd7ee5e39d9d59026786dd223ec75b4e1a9ae934c8f49b21f35c012238103650e1c4f9ed85e2cc4f890f3ee6312a7400021522", 0x0, 0x400}, 0x28) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 03:38:00 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) 03:38:00 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1011.813592][ T397] IPVS: ftp: loaded support on port[0] = 21 [ 1012.111781][ T397] chnl_net:caif_netlink_parms(): no params data found [ 1012.197319][ T397] bridge0: port 1(bridge_slave_0) entered blocking state [ 1012.205547][ T397] bridge0: port 1(bridge_slave_0) entered disabled state [ 1012.214274][ T397] device bridge_slave_0 entered promiscuous mode [ 1012.295117][ T397] bridge0: port 2(bridge_slave_1) entered blocking state [ 1012.303922][ T397] bridge0: port 2(bridge_slave_1) entered disabled state [ 1012.312747][ T397] device bridge_slave_1 entered promiscuous mode [ 1012.338051][ T397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1012.351213][ T397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1012.443604][ T397] team0: Port device team_slave_0 added [ 1012.451614][ T397] team0: Port device team_slave_1 added [ 1012.513464][ T397] device hsr_slave_0 entered promiscuous mode [ 1012.640871][ T397] device hsr_slave_1 entered promiscuous mode [ 1012.770161][ T397] debugfs: Directory 'hsr0' with parent '/' already present! [ 1012.855104][ T397] bridge0: port 2(bridge_slave_1) entered blocking state [ 1012.862257][ T397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1012.869595][ T397] bridge0: port 1(bridge_slave_0) entered blocking state [ 1012.876722][ T397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1012.984059][ T397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1013.008416][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1013.017759][T16143] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.033757][T16143] bridge0: port 2(bridge_slave_1) entered disabled state [ 1013.043647][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1013.059034][ T397] 8021q: adding VLAN 0 to HW filter on device team0 [ 1013.143750][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1013.153512][T16143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.160631][T16143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1013.181505][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1013.193510][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1013.202162][T16142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.209408][T16142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1013.218500][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1013.227915][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1013.305226][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1013.314825][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1013.324090][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1013.334157][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1013.397251][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1013.407765][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1013.416927][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1013.426283][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1013.435440][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1013.448515][ T397] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1013.584214][ T397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1013.741443][ T405] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1013.799777][ T405] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1013.817473][ T405] CPU: 1 PID: 405 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1013.825930][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1013.835993][ T405] Call Trace: [ 1013.839373][ T405] dump_stack+0x1d8/0x2f8 [ 1013.843796][ T405] dump_header+0xd8/0x960 [ 1013.848136][ T405] oom_kill_process+0xcd/0x350 [ 1013.852897][ T405] out_of_memory+0x5fa/0x8b0 [ 1013.857485][ T405] memory_max_write+0x4ba/0x600 [ 1013.862339][ T405] ? memory_max_show+0xa0/0xa0 [ 1013.867090][ T405] cgroup_file_write+0x223/0x5f0 [ 1013.872016][ T405] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1013.877112][ T405] kernfs_fop_write+0x3e4/0x4e0 [ 1013.882056][ T405] ? kernfs_fop_read+0x580/0x580 [ 1013.886970][ T405] __vfs_write+0xb8/0x740 [ 1013.891279][ T405] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1013.896799][ T405] ? __sb_start_write+0x382/0x430 [ 1013.901808][ T405] vfs_write+0x275/0x590 [ 1013.906029][ T405] ksys_write+0x117/0x220 [ 1013.910333][ T405] __x64_sys_write+0x7b/0x90 [ 1013.914898][ T405] do_syscall_64+0xf7/0x1c0 [ 1013.919375][ T405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1013.925238][ T405] RIP: 0033:0x459a29 [ 1013.929105][ T405] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1013.948705][ T405] RSP: 002b:00007f5c788e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1013.957090][ T405] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1013.965033][ T405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1013.972994][ T405] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1013.980944][ T405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c788e76d4 [ 1013.988909][ T405] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1014.013950][ T405] memory: usage 20284kB, limit 0kB, failcnt 497 [ 1014.020633][ T405] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1014.027567][ T405] Memory cgroup stats for /syz3: [ 1014.027994][ T405] anon 2199552 [ 1014.027994][ T405] file 221184 [ 1014.027994][ T405] kernel_stack 65536 [ 1014.027994][ T405] slab 18309120 [ 1014.027994][ T405] sock 0 [ 1014.027994][ T405] shmem 0 [ 1014.027994][ T405] file_mapped 0 [ 1014.027994][ T405] file_dirty 0 [ 1014.027994][ T405] file_writeback 0 [ 1014.027994][ T405] anon_thp 2097152 [ 1014.027994][ T405] inactive_anon 0 [ 1014.027994][ T405] active_anon 2121728 [ 1014.027994][ T405] inactive_file 0 [ 1014.027994][ T405] active_file 135168 [ 1014.027994][ T405] unevictable 0 [ 1014.027994][ T405] slab_reclaimable 17571840 [ 1014.027994][ T405] slab_unreclaimable 737280 [ 1014.027994][ T405] pgfault 67716 [ 1014.027994][ T405] pgmajfault 0 [ 1014.027994][ T405] workingset_refault 0 [ 1014.027994][ T405] workingset_activate 0 [ 1014.027994][ T405] workingset_nodereclaim 0 [ 1014.027994][ T405] pgrefill 66 [ 1014.027994][ T405] pgscan 66 [ 1014.027994][ T405] pgsteal 35 [ 1014.027994][ T405] pgactivate 0 [ 1014.127850][ T405] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=404,uid=0 [ 1014.144799][ T405] Memory cgroup out of memory: Killed process 404 (syz-executor.3) total-vm:72580kB, anon-rss:2184kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 03:38:03 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:03 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 03:38:03 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) 03:38:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 03:38:03 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:03 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket$kcm(0x10, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e1310a40c97a606fe530cb7d7f933eda02ba18ad181867514fe600777199167aee38f728d4dd90123d3ee7cf43548ee858e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90b0c4825878dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602763e0d70d404da006a3d6eef8fb7fcdd823567c567"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000540)={&(0x7f0000000500)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x0, 0xe, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000880)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) r2 = socket$kcm(0x2c, 0x3, 0x0) close(r2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x3600000000000000, 0x44, 0x0, &(0x7f0000000080)="4d50b441e692763113ef8745ffa3a30538bd7ee5e39d9d59026786dd223ec75b4e1a9ae934c8f49b21f35c012238103650e1c4f9ed85e2cc4f890f3ee6312a7400021522", 0x0, 0x400}, 0x28) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) [ 1014.172307][ T1066] oom_reaper: reaped process 404 (syz-executor.3), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 1014.221992][ T397] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1014.250298][ T397] CPU: 0 PID: 397 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1014.257722][ T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1014.268138][ T397] Call Trace: [ 1014.271435][ T397] dump_stack+0x1d8/0x2f8 [ 1014.275779][ T397] dump_header+0xd8/0x960 [ 1014.280116][ T397] oom_kill_process+0xcd/0x350 [ 1014.284890][ T397] out_of_memory+0x5fa/0x8b0 [ 1014.289485][ T397] try_charge+0x125a/0x1910 [ 1014.294034][ T397] mem_cgroup_try_charge+0x20c/0x680 [ 1014.299330][ T397] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1014.304968][ T397] wp_page_copy+0x349/0x1890 [ 1014.309581][ T397] ? __kasan_check_read+0x11/0x20 [ 1014.314608][ T397] ? do_raw_spin_unlock+0x49/0x260 [ 1014.319728][ T397] do_wp_page+0x5e5/0x1cc0 [ 1014.324151][ T397] ? __kasan_check_write+0x14/0x20 [ 1014.329272][ T397] handle_mm_fault+0x2ada/0x5ff0 [ 1014.334228][ T397] do_user_addr_fault+0x589/0xaf0 [ 1014.339267][ T397] __do_page_fault+0xd3/0x1f0 [ 1014.343951][ T397] do_page_fault+0x99/0xb0 [ 1014.348369][ T397] page_fault+0x39/0x40 [ 1014.352519][ T397] RIP: 0033:0x430b06 03:38:03 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) [ 1014.356416][ T397] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1014.376023][ T397] RSP: 002b:00007ffc0dc053e0 EFLAGS: 00010206 [ 1014.382092][ T397] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1014.390071][ T397] RDX: 0000000000fea930 RSI: 0000000000ff2970 RDI: 0000000000000003 [ 1014.398050][ T397] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000fe9940 [ 1014.406028][ T397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1014.414006][ T397] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:38:03 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) socket$inet6_tcp(0xa, 0x1, 0x0) 03:38:04 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) [ 1014.660751][ T397] memory: usage 17952kB, limit 0kB, failcnt 509 [ 1014.668247][ T397] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1014.730855][ T397] Memory cgroup stats for /syz3: [ 1014.730933][ T397] anon 90112 [ 1014.730933][ T397] file 221184 [ 1014.730933][ T397] kernel_stack 0 [ 1014.730933][ T397] slab 18309120 [ 1014.730933][ T397] sock 0 [ 1014.730933][ T397] shmem 0 [ 1014.730933][ T397] file_mapped 0 [ 1014.730933][ T397] file_dirty 0 [ 1014.730933][ T397] file_writeback 0 [ 1014.730933][ T397] anon_thp 0 [ 1014.730933][ T397] inactive_anon 0 [ 1014.730933][ T397] active_anon 12288 [ 1014.730933][ T397] inactive_file 0 03:38:04 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000001c40)=[{&(0x7f0000000ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000001000)}], 0x1}, {0x0, 0x0, &(0x7f0000001b00)}], 0x2, 0x20000000) [ 1014.730933][ T397] active_file 135168 [ 1014.730933][ T397] unevictable 0 [ 1014.730933][ T397] slab_reclaimable 17571840 [ 1014.730933][ T397] slab_unreclaimable 737280 [ 1014.730933][ T397] pgfault 67716 [ 1014.730933][ T397] pgmajfault 0 [ 1014.730933][ T397] workingset_refault 0 [ 1014.730933][ T397] workingset_activate 0 [ 1014.730933][ T397] workingset_nodereclaim 0 [ 1014.730933][ T397] pgrefill 66 [ 1014.730933][ T397] pgscan 66 [ 1014.730933][ T397] pgsteal 35 [ 1014.730933][ T397] pgactivate 0 03:38:04 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 03:38:04 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) [ 1015.307470][ T397] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=397,uid=0 [ 1015.338783][ T397] Memory cgroup out of memory: Killed process 397 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1015.360900][ T1066] oom_reaper: reaped process 397 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:38:05 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 03:38:05 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket$kcm(0x10, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e1310a40c97a606fe530cb7d7f933eda02ba18ad181867514fe600777199167aee38f728d4dd90123d3ee7cf43548ee858e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90b0c4825878dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602763e0d70d404da006a3d6eef8fb7fcdd823567c567"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000540)={&(0x7f0000000500)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x0, 0xe, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000880)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) r2 = socket$kcm(0x2c, 0x3, 0x0) close(r2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x3600000000000000, 0x44, 0x0, &(0x7f0000000080)="4d50b441e692763113ef8745ffa3a30538bd7ee5e39d9d59026786dd223ec75b4e1a9ae934c8f49b21f35c012238103650e1c4f9ed85e2cc4f890f3ee6312a7400021522", 0x0, 0x400}, 0x28) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 03:38:05 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1016.333657][ T450] IPVS: ftp: loaded support on port[0] = 21 [ 1016.683462][ T450] chnl_net:caif_netlink_parms(): no params data found [ 1016.783003][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 1016.790596][ T450] bridge0: port 1(bridge_slave_0) entered disabled state [ 1016.799035][ T450] device bridge_slave_0 entered promiscuous mode [ 1016.808910][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 1016.816628][ T450] bridge0: port 2(bridge_slave_1) entered disabled state [ 1016.825461][ T450] device bridge_slave_1 entered promiscuous mode [ 1016.851948][ T450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1016.908160][ T450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1016.933141][ T450] team0: Port device team_slave_0 added [ 1016.941780][ T450] team0: Port device team_slave_1 added [ 1017.033412][ T450] device hsr_slave_0 entered promiscuous mode [ 1017.071213][ T450] device hsr_slave_1 entered promiscuous mode [ 1017.110149][ T450] debugfs: Directory 'hsr0' with parent '/' already present! [ 1017.171926][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.179008][ T450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1017.186590][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 1017.193679][ T450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1017.299139][ T450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1017.357106][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1017.367701][T14644] bridge0: port 1(bridge_slave_0) entered disabled state [ 1017.376474][T14644] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.385969][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1017.402319][ T450] 8021q: adding VLAN 0 to HW filter on device team0 [ 1017.422000][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1017.430757][T25324] bridge0: port 1(bridge_slave_0) entered blocking state [ 1017.437805][T25324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1017.446112][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1017.454882][T25324] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.461990][T25324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1017.527401][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1017.536584][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1017.666249][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1017.687822][ T450] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1017.698312][ T450] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1017.728419][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1017.737815][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1017.746948][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1017.794745][ T450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1017.948857][ T459] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1017.974955][ T459] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1017.986668][ T459] CPU: 1 PID: 459 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1017.994054][ T459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1018.004105][ T459] Call Trace: [ 1018.007395][ T459] dump_stack+0x1d8/0x2f8 [ 1018.011721][ T459] dump_header+0xd8/0x960 [ 1018.016046][ T459] oom_kill_process+0xcd/0x350 [ 1018.020805][ T459] out_of_memory+0x5fa/0x8b0 [ 1018.025389][ T459] memory_max_write+0x4ba/0x600 [ 1018.030254][ T459] ? memory_max_show+0xa0/0xa0 [ 1018.035047][ T459] cgroup_file_write+0x223/0x5f0 [ 1018.039975][ T459] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1018.045081][ T459] kernfs_fop_write+0x3e4/0x4e0 [ 1018.049931][ T459] ? kernfs_fop_read+0x580/0x580 [ 1018.054864][ T459] __vfs_write+0xb8/0x740 [ 1018.059188][ T459] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1018.064730][ T459] ? __sb_start_write+0x382/0x430 [ 1018.069748][ T459] vfs_write+0x275/0x590 [ 1018.073993][ T459] ksys_write+0x117/0x220 [ 1018.078321][ T459] __x64_sys_write+0x7b/0x90 [ 1018.082904][ T459] do_syscall_64+0xf7/0x1c0 [ 1018.087400][ T459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1018.093288][ T459] RIP: 0033:0x459a29 [ 1018.097176][ T459] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1018.116783][ T459] RSP: 002b:00007f5a5bcaac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1018.125460][ T459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1018.133431][ T459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1018.141403][ T459] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1018.149808][ T459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a5bcab6d4 [ 1018.157825][ T459] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1018.170841][ T459] memory: usage 3560kB, limit 0kB, failcnt 488 [ 1018.177132][ T459] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1018.184461][ T459] Memory cgroup stats for /syz2: [ 1018.184538][ T459] anon 2183168 [ 1018.184538][ T459] file 155648 [ 1018.184538][ T459] kernel_stack 65536 [ 1018.184538][ T459] slab 1298432 [ 1018.184538][ T459] sock 0 [ 1018.184538][ T459] shmem 0 [ 1018.184538][ T459] file_mapped 135168 [ 1018.184538][ T459] file_dirty 135168 [ 1018.184538][ T459] file_writeback 0 [ 1018.184538][ T459] anon_thp 2097152 [ 1018.184538][ T459] inactive_anon 135168 [ 1018.184538][ T459] active_anon 2183168 [ 1018.184538][ T459] inactive_file 0 [ 1018.184538][ T459] active_file 0 [ 1018.184538][ T459] unevictable 0 [ 1018.184538][ T459] slab_reclaimable 405504 [ 1018.184538][ T459] slab_unreclaimable 892928 [ 1018.184538][ T459] pgfault 209880 [ 1018.184538][ T459] pgmajfault 0 [ 1018.184538][ T459] workingset_refault 0 [ 1018.184538][ T459] workingset_activate 0 [ 1018.184538][ T459] workingset_nodereclaim 0 [ 1018.184538][ T459] pgrefill 282 [ 1018.184538][ T459] pgscan 276 [ 1018.184538][ T459] pgsteal 37 [ 1018.184538][ T459] pgactivate 231 [ 1018.289501][ T459] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=457,uid=0 [ 1018.306065][ T459] Memory cgroup out of memory: Killed process 457 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1018.325685][ T1066] oom_reaper: reaped process 457 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:38:07 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:07 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) 03:38:07 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:07 executing program 5: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) 03:38:07 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) 03:38:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 1018.357865][ T450] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1018.501969][ T450] CPU: 0 PID: 450 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1018.509381][ T450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1018.519613][ T450] Call Trace: [ 1018.522907][ T450] dump_stack+0x1d8/0x2f8 [ 1018.527244][ T450] dump_header+0xd8/0x960 [ 1018.531587][ T450] oom_kill_process+0xcd/0x350 [ 1018.536356][ T450] out_of_memory+0x5fa/0x8b0 [ 1018.540944][ T450] try_charge+0x125a/0x1910 [ 1018.545471][ T450] mem_cgroup_try_charge+0x20c/0x680 [ 1018.550762][ T450] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1018.556392][ T450] wp_page_copy+0x349/0x1890 [ 1018.560987][ T450] ? __kasan_check_read+0x11/0x20 [ 1018.566007][ T450] ? do_raw_spin_unlock+0x49/0x260 [ 1018.571115][ T450] do_wp_page+0x5e5/0x1cc0 [ 1018.576658][ T450] ? __kasan_check_write+0x14/0x20 [ 1018.581777][ T450] handle_mm_fault+0x2ada/0x5ff0 [ 1018.586739][ T450] do_user_addr_fault+0x589/0xaf0 [ 1018.591774][ T450] __do_page_fault+0xd3/0x1f0 [ 1018.596455][ T450] do_page_fault+0x99/0xb0 03:38:07 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 03:38:07 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1018.600869][ T450] page_fault+0x39/0x40 [ 1018.605017][ T450] RIP: 0033:0x430b06 [ 1018.608906][ T450] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1018.628679][ T450] RSP: 002b:00007ffdb14b0520 EFLAGS: 00010206 [ 1018.634752][ T450] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1018.642723][ T450] RDX: 0000000001085930 RSI: 000000000108d970 RDI: 0000000000000003 03:38:08 executing program 5: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) [ 1018.650701][ T450] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001084940 [ 1018.658678][ T450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1018.666665][ T450] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:38:08 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() socket$inet6_tcp(0xa, 0x1, 0x0) [ 1018.780019][ T450] memory: usage 1232kB, limit 0kB, failcnt 500 [ 1018.788537][ T450] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1018.838176][ T450] Memory cgroup stats for /syz2: [ 1018.838248][ T450] anon 77824 [ 1018.838248][ T450] file 155648 [ 1018.838248][ T450] kernel_stack 65536 [ 1018.838248][ T450] slab 1298432 [ 1018.838248][ T450] sock 0 [ 1018.838248][ T450] shmem 0 [ 1018.838248][ T450] file_mapped 135168 [ 1018.838248][ T450] file_dirty 135168 [ 1018.838248][ T450] file_writeback 0 [ 1018.838248][ T450] anon_thp 0 [ 1018.838248][ T450] inactive_anon 135168 [ 1018.838248][ T450] active_anon 77824 [ 1018.838248][ T450] inactive_file 0 03:38:08 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) [ 1018.838248][ T450] active_file 0 [ 1018.838248][ T450] unevictable 0 [ 1018.838248][ T450] slab_reclaimable 405504 [ 1018.838248][ T450] slab_unreclaimable 892928 [ 1018.838248][ T450] pgfault 209913 [ 1018.838248][ T450] pgmajfault 0 [ 1018.838248][ T450] workingset_refault 0 [ 1018.838248][ T450] workingset_activate 0 [ 1018.838248][ T450] workingset_nodereclaim 0 [ 1018.838248][ T450] pgrefill 282 [ 1018.838248][ T450] pgscan 276 [ 1018.838248][ T450] pgsteal 37 [ 1018.838248][ T450] pgactivate 231 03:38:08 executing program 5: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) [ 1019.344849][ T450] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=450,uid=0 [ 1019.360794][ T450] Memory cgroup out of memory: Killed process 450 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1019.380101][ T1066] oom_reaper: reaped process 450 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:09 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:09 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() [ 1020.424092][ T495] IPVS: ftp: loaded support on port[0] = 21 [ 1020.655637][ T495] chnl_net:caif_netlink_parms(): no params data found [ 1020.695747][ T495] bridge0: port 1(bridge_slave_0) entered blocking state [ 1020.703713][ T495] bridge0: port 1(bridge_slave_0) entered disabled state [ 1020.712548][ T495] device bridge_slave_0 entered promiscuous mode [ 1020.721731][ T495] bridge0: port 2(bridge_slave_1) entered blocking state [ 1020.728958][ T495] bridge0: port 2(bridge_slave_1) entered disabled state [ 1020.738103][ T495] device bridge_slave_1 entered promiscuous mode [ 1020.812233][ T495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1020.826475][ T495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1020.903876][ T495] team0: Port device team_slave_0 added [ 1020.912478][ T495] team0: Port device team_slave_1 added [ 1021.003237][ T495] device hsr_slave_0 entered promiscuous mode [ 1021.151574][ T495] device hsr_slave_1 entered promiscuous mode [ 1021.270060][ T495] debugfs: Directory 'hsr0' with parent '/' already present! [ 1021.373619][ T495] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.380769][ T495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1021.388097][ T495] bridge0: port 1(bridge_slave_0) entered blocking state [ 1021.395204][ T495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1021.597805][ T495] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1021.615190][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1021.624234][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state [ 1021.632934][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state [ 1021.642316][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1021.658401][ T495] 8021q: adding VLAN 0 to HW filter on device team0 [ 1021.810984][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1021.819774][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1021.829357][T16142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1021.836470][T16142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1021.941375][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1021.950818][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1021.960662][T16142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.967717][T16142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1021.976830][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1022.001630][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1022.088633][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1022.099545][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1022.108754][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1022.118410][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1022.138185][ T495] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1022.150240][ T495] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1022.312220][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1022.326881][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1022.336418][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1022.361595][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1022.370678][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1022.434967][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1022.454698][ T495] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1022.599147][ T503] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1022.611652][ T503] CPU: 1 PID: 503 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1022.619044][ T503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.629102][ T503] Call Trace: [ 1022.632406][ T503] dump_stack+0x1d8/0x2f8 [ 1022.636744][ T503] dump_header+0xd8/0x960 [ 1022.641085][ T503] oom_kill_process+0xcd/0x350 [ 1022.646008][ T503] out_of_memory+0x5fa/0x8b0 [ 1022.650610][ T503] memory_max_write+0x4ba/0x600 [ 1022.655479][ T503] ? memory_max_show+0xa0/0xa0 [ 1022.660246][ T503] cgroup_file_write+0x223/0x5f0 [ 1022.665182][ T503] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1022.670293][ T503] kernfs_fop_write+0x3e4/0x4e0 [ 1022.675144][ T503] ? kernfs_fop_read+0x580/0x580 [ 1022.680163][ T503] __vfs_write+0xb8/0x740 [ 1022.684494][ T503] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1022.690148][ T503] ? __sb_start_write+0x382/0x430 [ 1022.695179][ T503] vfs_write+0x275/0x590 [ 1022.699425][ T503] ksys_write+0x117/0x220 [ 1022.703756][ T503] __x64_sys_write+0x7b/0x90 [ 1022.708361][ T503] do_syscall_64+0xf7/0x1c0 [ 1022.712867][ T503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1022.718756][ T503] RIP: 0033:0x459a29 [ 1022.722648][ T503] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1022.742287][ T503] RSP: 002b:00007fe7b3a15c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1022.751222][ T503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1022.759195][ T503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1022.767266][ T503] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1022.775234][ T503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe7b3a166d4 [ 1022.783219][ T503] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1022.810655][ T503] memory: usage 20184kB, limit 0kB, failcnt 510 [ 1022.817083][ T503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1022.825916][ T503] Memory cgroup stats for /syz3: [ 1022.826324][ T503] anon 2191360 [ 1022.826324][ T503] file 221184 [ 1022.826324][ T503] kernel_stack 65536 [ 1022.826324][ T503] slab 18448384 [ 1022.826324][ T503] sock 0 [ 1022.826324][ T503] shmem 0 [ 1022.826324][ T503] file_mapped 0 [ 1022.826324][ T503] file_dirty 0 [ 1022.826324][ T503] file_writeback 0 [ 1022.826324][ T503] anon_thp 2097152 [ 1022.826324][ T503] inactive_anon 0 [ 1022.826324][ T503] active_anon 2191360 [ 1022.826324][ T503] inactive_file 0 [ 1022.826324][ T503] active_file 135168 [ 1022.826324][ T503] unevictable 0 [ 1022.826324][ T503] slab_reclaimable 17571840 [ 1022.826324][ T503] slab_unreclaimable 876544 [ 1022.826324][ T503] pgfault 67782 [ 1022.826324][ T503] pgmajfault 0 [ 1022.826324][ T503] workingset_refault 0 [ 1022.826324][ T503] workingset_activate 0 [ 1022.826324][ T503] workingset_nodereclaim 0 [ 1022.826324][ T503] pgrefill 66 [ 1022.826324][ T503] pgscan 66 [ 1022.826324][ T503] pgsteal 35 [ 1022.826324][ T503] pgactivate 0 [ 1022.937491][ T503] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=501,uid=0 03:38:12 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:12 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 03:38:12 executing program 5: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 03:38:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:38:12 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) 03:38:12 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1022.953990][ T503] Memory cgroup out of memory: Killed process 501 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1022.975465][ T1066] oom_reaper: reaped process 501 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1023.049521][ T495] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1023.080107][ T495] CPU: 0 PID: 495 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1023.087886][ T495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1023.098385][ T495] Call Trace: [ 1023.101683][ T495] dump_stack+0x1d8/0x2f8 [ 1023.106018][ T495] dump_header+0xd8/0x960 [ 1023.110375][ T495] oom_kill_process+0xcd/0x350 [ 1023.115146][ T495] out_of_memory+0x5fa/0x8b0 [ 1023.119743][ T495] try_charge+0x125a/0x1910 [ 1023.124303][ T495] mem_cgroup_try_charge+0x20c/0x680 [ 1023.129596][ T495] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1023.135230][ T495] wp_page_copy+0x349/0x1890 [ 1023.139827][ T495] ? __kasan_check_read+0x11/0x20 [ 1023.144848][ T495] ? do_raw_spin_unlock+0x49/0x260 03:38:12 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) [ 1023.149960][ T495] do_wp_page+0x5e5/0x1cc0 [ 1023.154384][ T495] ? __kasan_check_write+0x14/0x20 [ 1023.159509][ T495] handle_mm_fault+0x2ada/0x5ff0 [ 1023.164469][ T495] do_user_addr_fault+0x589/0xaf0 [ 1023.169506][ T495] __do_page_fault+0xd3/0x1f0 [ 1023.174183][ T495] do_page_fault+0x99/0xb0 [ 1023.178600][ T495] page_fault+0x39/0x40 [ 1023.182745][ T495] RIP: 0033:0x4034f2 [ 1023.186630][ T495] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1023.206225][ T495] RSP: 002b:00007fff22b7cb80 EFLAGS: 00010246 [ 1023.206235][ T495] RAX: 0000000000000000 RBX: 00000000000f9a67 RCX: 0000000000413630 [ 1023.206241][ T495] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff22b7dcb0 [ 1023.206246][ T495] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000e72940 [ 1023.206256][ T495] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff22b7dcb0 03:38:12 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0xf7) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000001c0)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) tkill(0x0, 0x0) [ 1023.220303][ T495] R13: 00007fff22b7dca0 R14: 0000000000000000 R15: 00007fff22b7dcb0 03:38:12 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 03:38:12 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) [ 1023.287847][ T495] memory: usage 17864kB, limit 0kB, failcnt 522 [ 1023.316263][ T495] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1023.345343][ T495] Memory cgroup stats for /syz3: [ 1023.345453][ T495] anon 0 [ 1023.345453][ T495] file 221184 [ 1023.345453][ T495] kernel_stack 0 [ 1023.345453][ T495] slab 18448384 [ 1023.345453][ T495] sock 0 [ 1023.345453][ T495] shmem 0 [ 1023.345453][ T495] file_mapped 0 [ 1023.345453][ T495] file_dirty 0 [ 1023.345453][ T495] file_writeback 0 [ 1023.345453][ T495] anon_thp 0 [ 1023.345453][ T495] inactive_anon 0 [ 1023.345453][ T495] active_anon 0 [ 1023.345453][ T495] inactive_file 0 [ 1023.345453][ T495] active_file 135168 [ 1023.345453][ T495] unevictable 0 [ 1023.345453][ T495] slab_reclaimable 17571840 [ 1023.345453][ T495] slab_unreclaimable 876544 [ 1023.345453][ T495] pgfault 67815 [ 1023.345453][ T495] pgmajfault 0 [ 1023.345453][ T495] workingset_refault 0 [ 1023.345453][ T495] workingset_activate 0 [ 1023.345453][ T495] workingset_nodereclaim 0 [ 1023.345453][ T495] pgrefill 66 [ 1023.345453][ T495] pgscan 66 [ 1023.345453][ T495] pgsteal 35 [ 1023.345453][ T495] pgactivate 0 03:38:12 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x0) [ 1023.470673][ C0] net_ratelimit: 34 callbacks suppressed [ 1023.470680][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1023.470721][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1023.471408][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1023.471447][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1023.471534][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1023.471575][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1023.471662][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1023.471701][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1023.599995][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1023.605963][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:38:13 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) [ 1023.700134][ T495] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=495,uid=0 [ 1023.750654][ T495] Memory cgroup out of memory: Killed process 495 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1023.814995][ T1066] oom_reaper: reaped process 495 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 1023.901817][ T517] bridge0: port 1(bridge_slave_0) entered disabled state [ 1023.982083][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1024.000457][T16142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1024.008252][T16142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1024.150204][ T521] bridge0: port 1(bridge_slave_0) entered disabled state [ 1024.228535][ T522] bridge0: port 1(bridge_slave_0) entered blocking state [ 1024.235705][ T522] bridge0: port 1(bridge_slave_0) entered forwarding state 03:38:13 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:13 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 03:38:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:38:13 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) 03:38:13 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0xf7) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000001c0)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) tkill(0x0, 0x0) [ 1024.790140][ T542] bridge0: port 1(bridge_slave_0) entered disabled state [ 1024.916355][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1024.932672][T16142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1024.939802][T16142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1025.154087][ T550] IPVS: ftp: loaded support on port[0] = 21 [ 1025.401060][ T550] chnl_net:caif_netlink_parms(): no params data found [ 1025.529575][ T550] bridge0: port 1(bridge_slave_0) entered blocking state [ 1025.537941][ T550] bridge0: port 1(bridge_slave_0) entered disabled state [ 1025.546517][ T550] device bridge_slave_0 entered promiscuous mode [ 1025.605102][ T550] bridge0: port 2(bridge_slave_1) entered blocking state [ 1025.613759][ T550] bridge0: port 2(bridge_slave_1) entered disabled state [ 1025.622567][ T550] device bridge_slave_1 entered promiscuous mode [ 1025.647159][ T550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1025.659752][ T550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1025.685639][ T550] team0: Port device team_slave_0 added [ 1025.827372][ T550] team0: Port device team_slave_1 added [ 1025.925682][ T550] device hsr_slave_0 entered promiscuous mode [ 1025.981087][ T550] device hsr_slave_1 entered promiscuous mode [ 1026.070106][ T550] debugfs: Directory 'hsr0' with parent '/' already present! [ 1026.309763][ T550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1026.327016][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1026.335642][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1026.350244][ T550] 8021q: adding VLAN 0 to HW filter on device team0 [ 1026.421919][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1026.431804][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1026.441156][T25324] bridge0: port 1(bridge_slave_0) entered blocking state [ 1026.448211][T25324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1026.476344][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1026.486248][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1026.495808][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1026.504626][T14644] bridge0: port 2(bridge_slave_1) entered blocking state [ 1026.511725][T14644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1026.521057][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1026.591250][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1026.600952][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1026.610338][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1026.693876][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1026.702205][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1026.711360][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1026.722022][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1026.730986][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1026.745272][ T550] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1026.761470][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1026.802432][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1026.812834][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1026.850820][ T550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1027.051812][ T559] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1027.076007][ T559] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1027.086314][ T559] CPU: 0 PID: 559 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1027.093693][ T559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.103754][ T559] Call Trace: [ 1027.107051][ T559] dump_stack+0x1d8/0x2f8 [ 1027.111390][ T559] dump_header+0xd8/0x960 [ 1027.115807][ T559] oom_kill_process+0xcd/0x350 [ 1027.120575][ T559] out_of_memory+0x5fa/0x8b0 [ 1027.125167][ T559] memory_max_write+0x4ba/0x600 [ 1027.130027][ T559] ? memory_max_show+0xa0/0xa0 [ 1027.134792][ T559] cgroup_file_write+0x223/0x5f0 [ 1027.139723][ T559] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1027.144843][ T559] kernfs_fop_write+0x3e4/0x4e0 [ 1027.149689][ T559] ? kernfs_fop_read+0x580/0x580 [ 1027.156966][ T559] __vfs_write+0xb8/0x740 [ 1027.161296][ T559] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1027.166833][ T559] ? __sb_start_write+0x382/0x430 [ 1027.171852][ T559] vfs_write+0x275/0x590 [ 1027.176091][ T559] ksys_write+0x117/0x220 [ 1027.180420][ T559] __x64_sys_write+0x7b/0x90 [ 1027.185005][ T559] do_syscall_64+0xf7/0x1c0 [ 1027.189505][ T559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1027.195388][ T559] RIP: 0033:0x459a29 [ 1027.199274][ T559] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1027.218968][ T559] RSP: 002b:00007f04c70c1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1027.227382][ T559] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1027.235349][ T559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1027.243317][ T559] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1027.251284][ T559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04c70c26d4 [ 1027.259255][ T559] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1027.271804][ T559] memory: usage 3540kB, limit 0kB, failcnt 501 [ 1027.278058][ T559] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1027.285729][ T559] Memory cgroup stats for /syz2: [ 1027.285806][ T559] anon 2179072 [ 1027.285806][ T559] file 155648 [ 1027.285806][ T559] kernel_stack 65536 [ 1027.285806][ T559] slab 1298432 [ 1027.285806][ T559] sock 0 [ 1027.285806][ T559] shmem 0 [ 1027.285806][ T559] file_mapped 135168 [ 1027.285806][ T559] file_dirty 135168 [ 1027.285806][ T559] file_writeback 0 [ 1027.285806][ T559] anon_thp 2097152 [ 1027.285806][ T559] inactive_anon 135168 [ 1027.285806][ T559] active_anon 2179072 [ 1027.285806][ T559] inactive_file 0 [ 1027.285806][ T559] active_file 0 [ 1027.285806][ T559] unevictable 0 [ 1027.285806][ T559] slab_reclaimable 405504 [ 1027.285806][ T559] slab_unreclaimable 892928 [ 1027.285806][ T559] pgfault 209946 [ 1027.285806][ T559] pgmajfault 0 [ 1027.285806][ T559] workingset_refault 0 [ 1027.285806][ T559] workingset_activate 0 [ 1027.285806][ T559] workingset_nodereclaim 0 [ 1027.285806][ T559] pgrefill 282 [ 1027.285806][ T559] pgscan 276 [ 1027.285806][ T559] pgsteal 37 [ 1027.285806][ T559] pgactivate 231 [ 1027.383387][ T559] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=557,uid=0 03:38:16 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:16 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) 03:38:16 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:38:16 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:16 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="008e656d6f767920"], 0xda00) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 03:38:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1027.399160][ T559] Memory cgroup out of memory: Killed process 557 (syz-executor.2) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1027.417790][ T1066] oom_reaper: reaped process 557 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1027.471277][ T550] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1027.503708][ T550] CPU: 0 PID: 550 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1027.511156][ T550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.521219][ T550] Call Trace: [ 1027.524531][ T550] dump_stack+0x1d8/0x2f8 [ 1027.528864][ T550] dump_header+0xd8/0x960 [ 1027.533222][ T550] oom_kill_process+0xcd/0x350 [ 1027.538020][ T550] out_of_memory+0x5fa/0x8b0 [ 1027.542610][ T550] try_charge+0x125a/0x1910 [ 1027.547145][ T550] mem_cgroup_try_charge+0x20c/0x680 [ 1027.552435][ T550] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1027.558069][ T550] wp_page_copy+0x349/0x1890 [ 1027.562667][ T550] ? __kasan_check_read+0x11/0x20 [ 1027.567735][ T550] ? do_raw_spin_unlock+0x49/0x260 [ 1027.573201][ T550] do_wp_page+0x5e5/0x1cc0 [ 1027.577628][ T550] ? __kasan_check_write+0x14/0x20 [ 1027.582750][ T550] handle_mm_fault+0x2ada/0x5ff0 [ 1027.587705][ T550] do_user_addr_fault+0x589/0xaf0 [ 1027.592740][ T550] __do_page_fault+0xd3/0x1f0 [ 1027.597422][ T550] do_page_fault+0x99/0xb0 [ 1027.601847][ T550] page_fault+0x39/0x40 [ 1027.606004][ T550] RIP: 0033:0x4034f2 [ 1027.607340][ T26] audit: type=1804 audit(2000000296.939:266): pid=571 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir316432435/syzkaller.UzM6eX/213/memory.events" dev="sda1" ino=17503 res=1 [ 1027.609912][ T550] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1027.609919][ T550] RSP: 002b:00007ffd967bcbc0 EFLAGS: 00010246 [ 1027.609929][ T550] RAX: 0000000000000000 RBX: 00000000000fabf5 RCX: 0000000000413630 03:38:17 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) 03:38:17 executing program 5: unshare(0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) listen(r1, 0x0) [ 1027.609935][ T550] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd967bdcf0 [ 1027.609941][ T550] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000201b940 [ 1027.609946][ T550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd967bdcf0 [ 1027.609951][ T550] R13: 00007ffd967bdce0 R14: 0000000000000000 R15: 00007ffd967bdcf0 [ 1027.660798][ T550] memory: usage 1220kB, limit 0kB, failcnt 509 [ 1027.748144][ T26] audit: type=1804 audit(2000000296.949:267): pid=566 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir316432435/syzkaller.UzM6eX/213/memory.events" dev="sda1" ino=17503 res=1 03:38:17 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) 03:38:17 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x40) r1 = geteuid() setxattr$security_capability(&(0x7f0000000400)='./file1\x00', 0x0, &(0x7f0000000500)=@v3={0x3000000, [{0x6}], r1}, 0x18, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff577, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x10, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000002bc0)='./file0\x00', 0x40c2, 0x0) socket(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000200)='9p\x00', 0x100c9, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=tcp,port=0x00000000000', @ANYRESHEX=0xee00, @ANYBLOB]) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x10000067f) ioctl$TIOCCONS(r2, 0x541d) ioctl$IOC_PR_CLEAR(r4, 0x401070cd, &(0x7f0000000380)={0x5}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r3, &(0x7f0000000600)='4', 0x4100) 03:38:17 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) 03:38:17 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() [ 1028.108119][ T550] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1028.129475][ T550] Memory cgroup stats for /syz2: [ 1028.129556][ T550] anon 36864 [ 1028.129556][ T550] file 155648 [ 1028.129556][ T550] kernel_stack 0 [ 1028.129556][ T550] slab 1298432 [ 1028.129556][ T550] sock 0 [ 1028.129556][ T550] shmem 0 [ 1028.129556][ T550] file_mapped 135168 [ 1028.129556][ T550] file_dirty 135168 [ 1028.129556][ T550] file_writeback 0 [ 1028.129556][ T550] anon_thp 0 [ 1028.129556][ T550] inactive_anon 135168 [ 1028.129556][ T550] active_anon 36864 [ 1028.129556][ T550] inactive_file 0 [ 1028.129556][ T550] active_file 0 [ 1028.129556][ T550] unevictable 0 [ 1028.129556][ T550] slab_reclaimable 405504 [ 1028.129556][ T550] slab_unreclaimable 892928 [ 1028.129556][ T550] pgfault 209946 [ 1028.129556][ T550] pgmajfault 0 [ 1028.129556][ T550] workingset_refault 0 [ 1028.129556][ T550] workingset_activate 0 [ 1028.129556][ T550] workingset_nodereclaim 0 [ 1028.129556][ T550] pgrefill 282 [ 1028.129556][ T550] pgscan 276 [ 1028.129556][ T550] pgsteal 37 [ 1028.129556][ T550] pgactivate 231 [ 1028.229109][ T26] audit: type=1800 audit(2000000297.569:268): pid=688 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17498 res=0 [ 1028.373996][ T550] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=550,uid=0 [ 1028.390210][ T550] Memory cgroup out of memory: Killed process 550 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1028.418023][ T1066] oom_reaper: reaped process 550 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:18 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:18 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:38:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1029.365052][ T713] IPVS: ftp: loaded support on port[0] = 21 [ 1029.613525][ T713] chnl_net:caif_netlink_parms(): no params data found [ 1029.655275][ T713] bridge0: port 1(bridge_slave_0) entered blocking state [ 1029.662613][ T713] bridge0: port 1(bridge_slave_0) entered disabled state [ 1029.671463][ T713] device bridge_slave_0 entered promiscuous mode [ 1029.793283][ T713] bridge0: port 2(bridge_slave_1) entered blocking state [ 1029.820084][ T713] bridge0: port 2(bridge_slave_1) entered disabled state [ 1029.828944][ T713] device bridge_slave_1 entered promiscuous mode [ 1029.856665][ T713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1029.897839][ T713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1029.978146][ T713] team0: Port device team_slave_0 added [ 1029.987570][ T713] team0: Port device team_slave_1 added [ 1030.053240][ T713] device hsr_slave_0 entered promiscuous mode [ 1030.101033][ T713] device hsr_slave_1 entered promiscuous mode [ 1030.200055][ T713] debugfs: Directory 'hsr0' with parent '/' already present! [ 1030.391368][ T713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1030.414585][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1030.423973][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1030.475532][ T713] 8021q: adding VLAN 0 to HW filter on device team0 [ 1030.493449][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1030.502524][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1030.511887][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1030.518943][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1030.611982][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1030.620770][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1030.629816][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1030.638735][T25324] bridge0: port 2(bridge_slave_1) entered blocking state [ 1030.645866][T25324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1030.657689][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1030.743657][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1030.753110][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1030.762751][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1030.773290][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1030.837337][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1030.846658][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1030.865967][ T713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1030.877712][ T713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1030.887801][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1030.976810][ T713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1031.177815][ T722] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1031.195257][ T722] CPU: 0 PID: 722 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1031.202660][ T722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.212712][ T722] Call Trace: [ 1031.216001][ T722] dump_stack+0x1d8/0x2f8 [ 1031.220328][ T722] dump_header+0xd8/0x960 [ 1031.224662][ T722] oom_kill_process+0xcd/0x350 [ 1031.229421][ T722] out_of_memory+0x5fa/0x8b0 [ 1031.234005][ T722] memory_max_write+0x4ba/0x600 [ 1031.238858][ T722] ? memory_max_show+0xa0/0xa0 [ 1031.243613][ T722] cgroup_file_write+0x223/0x5f0 [ 1031.248521][ T722] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1031.253679][ T722] kernfs_fop_write+0x3e4/0x4e0 [ 1031.258516][ T722] ? kernfs_fop_read+0x580/0x580 [ 1031.263445][ T722] __vfs_write+0xb8/0x740 [ 1031.267761][ T722] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1031.273281][ T722] ? __sb_start_write+0x382/0x430 [ 1031.278308][ T722] vfs_write+0x275/0x590 [ 1031.282527][ T722] ksys_write+0x117/0x220 [ 1031.286870][ T722] __x64_sys_write+0x7b/0x90 [ 1031.291445][ T722] do_syscall_64+0xf7/0x1c0 [ 1031.295925][ T722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1031.301789][ T722] RIP: 0033:0x459a29 [ 1031.305653][ T722] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1031.330574][ T722] RSP: 002b:00007f536b253c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1031.338972][ T722] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1031.346953][ T722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1031.354990][ T722] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1031.362938][ T722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f536b2546d4 [ 1031.370886][ T722] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1031.389309][ T722] memory: usage 20192kB, limit 0kB, failcnt 523 [ 1031.396073][ T722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1031.403673][ T722] Memory cgroup stats for /syz3: [ 1031.404216][ T722] anon 2195456 [ 1031.404216][ T722] file 221184 [ 1031.404216][ T722] kernel_stack 0 [ 1031.404216][ T722] slab 18448384 [ 1031.404216][ T722] sock 0 [ 1031.404216][ T722] shmem 0 [ 1031.404216][ T722] file_mapped 0 [ 1031.404216][ T722] file_dirty 0 [ 1031.404216][ T722] file_writeback 0 [ 1031.404216][ T722] anon_thp 2097152 [ 1031.404216][ T722] inactive_anon 0 [ 1031.404216][ T722] active_anon 2195456 [ 1031.404216][ T722] inactive_file 0 [ 1031.404216][ T722] active_file 135168 [ 1031.404216][ T722] unevictable 0 [ 1031.404216][ T722] slab_reclaimable 17571840 [ 1031.404216][ T722] slab_unreclaimable 876544 [ 1031.404216][ T722] pgfault 67881 [ 1031.404216][ T722] pgmajfault 0 [ 1031.404216][ T722] workingset_refault 0 [ 1031.404216][ T722] workingset_activate 0 [ 1031.404216][ T722] workingset_nodereclaim 0 [ 1031.404216][ T722] pgrefill 66 [ 1031.404216][ T722] pgscan 66 [ 1031.404216][ T722] pgsteal 35 [ 1031.404216][ T722] pgactivate 0 [ 1031.501132][ T722] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=721,uid=0 [ 1031.517539][ T722] Memory cgroup out of memory: Killed process 721 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1031.541850][ T1066] oom_reaper: reaped process 721 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:38:20 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:20 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) 03:38:20 executing program 5: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f000069affb)={0x2, 0x0, @rand_addr=0x845d}, 0x10) 03:38:20 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:20 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:38:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006080), 0x3ea818461ad51e9, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1031.658644][ T713] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1031.690192][ T713] CPU: 1 PID: 713 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1031.697620][ T713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.708208][ T713] Call Trace: [ 1031.711511][ T713] dump_stack+0x1d8/0x2f8 [ 1031.715849][ T713] dump_header+0xd8/0x960 [ 1031.720188][ T713] oom_kill_process+0xcd/0x350 [ 1031.725059][ T713] out_of_memory+0x5fa/0x8b0 [ 1031.729654][ T713] try_charge+0x125a/0x1910 [ 1031.734187][ T713] mem_cgroup_try_charge+0x20c/0x680 [ 1031.739493][ T713] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1031.745131][ T713] handle_mm_fault+0x310e/0x5ff0 [ 1031.750090][ T713] do_user_addr_fault+0x589/0xaf0 [ 1031.755126][ T713] __do_page_fault+0xd3/0x1f0 [ 1031.759804][ T713] do_page_fault+0x99/0xb0 [ 1031.764222][ T713] page_fault+0x39/0x40 [ 1031.768376][ T713] RIP: 0033:0x4034f2 [ 1031.772273][ T713] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1031.792048][ T713] RSP: 002b:00007ffd1acbeff0 EFLAGS: 00010246 [ 1031.798378][ T713] RAX: 0000000000000000 RBX: 00000000000fbbf1 RCX: 0000000000413630 03:38:21 executing program 5: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f000069affb)={0x2, 0x0, @rand_addr=0x845d}, 0x10) [ 1031.807140][ T713] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd1acc0120 [ 1031.807146][ T713] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000acc940 [ 1031.807151][ T713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1acc0120 [ 1031.807156][ T713] R13: 00007ffd1acc0110 R14: 0000000000000000 R15: 00007ffd1acc0120 03:38:21 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) 03:38:21 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) 03:38:21 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x40) r1 = geteuid() setxattr$security_capability(&(0x7f0000000400)='./file1\x00', 0x0, &(0x7f0000000500)=@v3={0x3000000, [{0x6}], r1}, 0x18, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff577, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x10, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000002bc0)='./file0\x00', 0x40c2, 0x0) socket(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000001d00)) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000200)='9p\x00', 0x100c9, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=tcp,port=0x00000000000', @ANYRESHEX=0xee00, @ANYBLOB]) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x10000067f) ioctl$TIOCCONS(r2, 0x541d) ioctl$IOC_PR_CLEAR(r4, 0x401070cd, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r3, &(0x7f0000000600)='4', 0x4100) 03:38:21 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) [ 1032.144496][ T26] audit: type=1800 audit(2000000301.479:269): pid=748 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17548 res=0 03:38:21 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r3, 0x0) [ 1032.224705][ T713] memory: usage 17864kB, limit 0kB, failcnt 531 [ 1032.247948][ T713] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1032.269189][ T713] Memory cgroup stats for /syz3: [ 1032.269263][ T713] anon 45056 [ 1032.269263][ T713] file 221184 [ 1032.269263][ T713] kernel_stack 0 [ 1032.269263][ T713] slab 18448384 [ 1032.269263][ T713] sock 0 [ 1032.269263][ T713] shmem 0 [ 1032.269263][ T713] file_mapped 0 [ 1032.269263][ T713] file_dirty 0 [ 1032.269263][ T713] file_writeback 0 [ 1032.269263][ T713] anon_thp 0 [ 1032.269263][ T713] inactive_anon 0 [ 1032.269263][ T713] active_anon 45056 [ 1032.269263][ T713] inactive_file 0 [ 1032.269263][ T713] active_file 135168 [ 1032.269263][ T713] unevictable 0 [ 1032.269263][ T713] slab_reclaimable 17571840 [ 1032.269263][ T713] slab_unreclaimable 876544 [ 1032.269263][ T713] pgfault 67881 [ 1032.269263][ T713] pgmajfault 0 [ 1032.269263][ T713] workingset_refault 0 [ 1032.269263][ T713] workingset_activate 0 [ 1032.269263][ T713] workingset_nodereclaim 0 [ 1032.269263][ T713] pgrefill 66 [ 1032.269263][ T713] pgscan 66 [ 1032.269263][ T713] pgsteal 35 [ 1032.269263][ T713] pgactivate 0 [ 1032.385574][ T713] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=713,uid=0 [ 1032.402520][ T713] Memory cgroup out of memory: Killed process 713 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1032.421872][ T1066] oom_reaper: reaped process 713 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:22 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$getflags(r1, 0x401) 03:38:22 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:22 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000000300)=""/97) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) geteuid() setxattr$security_capability(&(0x7f0000000400)='./file1\x00', 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff577, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x10, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000002bc0)='./file0\x00', 0x40c2, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000001cc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001d00)=0x14) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r3, &(0x7f00000000c0)=""/31, 0x10000067f) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) ioctl$IOC_PR_CLEAR(r3, 0x401070cd, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r2, &(0x7f0000000600)='4', 0x4100) [ 1032.908572][ T26] audit: type=1800 audit(2000000302.239:270): pid=770 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17570 res=0 [ 1033.512862][ T777] IPVS: ftp: loaded support on port[0] = 21 [ 1033.709366][ T777] chnl_net:caif_netlink_parms(): no params data found [ 1033.834816][ T777] bridge0: port 1(bridge_slave_0) entered blocking state [ 1033.844361][ T777] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.853883][ T777] device bridge_slave_0 entered promiscuous mode [ 1033.862702][ T777] bridge0: port 2(bridge_slave_1) entered blocking state [ 1033.869816][ T777] bridge0: port 2(bridge_slave_1) entered disabled state [ 1033.878864][ T777] device bridge_slave_1 entered promiscuous mode [ 1033.908964][ T777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1033.922102][ T777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1033.987062][ T777] team0: Port device team_slave_0 added [ 1033.995787][ T777] team0: Port device team_slave_1 added [ 1034.073414][ T777] device hsr_slave_0 entered promiscuous mode [ 1034.151264][ T777] device hsr_slave_1 entered promiscuous mode [ 1034.210314][ T777] debugfs: Directory 'hsr0' with parent '/' already present! [ 1034.292399][ T777] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.299485][ T777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.306858][ T777] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.313961][ T777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.396493][ T777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1034.414830][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1034.424142][T14644] bridge0: port 1(bridge_slave_0) entered disabled state [ 1034.432181][T14644] bridge0: port 2(bridge_slave_1) entered disabled state [ 1034.441668][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1034.458293][ T777] 8021q: adding VLAN 0 to HW filter on device team0 [ 1034.514899][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1034.523950][T16142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.531082][T16142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.586126][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1034.595865][T16143] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.603004][T16143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.666613][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1034.685557][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1034.695223][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1034.714400][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1034.723937][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1034.736165][ T777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1034.938660][ T777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1035.171392][ T785] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1035.198172][ T785] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1035.208677][ T785] CPU: 1 PID: 785 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1035.216059][ T785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.226461][ T785] Call Trace: [ 1035.229763][ T785] dump_stack+0x1d8/0x2f8 [ 1035.234096][ T785] dump_header+0xd8/0x960 [ 1035.238422][ T785] oom_kill_process+0xcd/0x350 [ 1035.243179][ T785] out_of_memory+0x5fa/0x8b0 [ 1035.247767][ T785] memory_max_write+0x4ba/0x600 [ 1035.252623][ T785] ? memory_max_show+0xa0/0xa0 [ 1035.257371][ T785] cgroup_file_write+0x223/0x5f0 [ 1035.262326][ T785] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1035.267414][ T785] kernfs_fop_write+0x3e4/0x4e0 [ 1035.272241][ T785] ? kernfs_fop_read+0x580/0x580 [ 1035.277170][ T785] __vfs_write+0xb8/0x740 [ 1035.281487][ T785] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1035.287018][ T785] ? __sb_start_write+0x382/0x430 [ 1035.292038][ T785] vfs_write+0x275/0x590 [ 1035.296261][ T785] ksys_write+0x117/0x220 [ 1035.300568][ T785] __x64_sys_write+0x7b/0x90 [ 1035.305131][ T785] do_syscall_64+0xf7/0x1c0 [ 1035.309610][ T785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.315487][ T785] RIP: 0033:0x459a29 [ 1035.319368][ T785] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.338947][ T785] RSP: 002b:00007fb0f266ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1035.347329][ T785] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1035.355274][ T785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1035.363232][ T785] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1035.371210][ T785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0f266b6d4 [ 1035.379164][ T785] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1035.388592][ T785] memory: usage 3512kB, limit 0kB, failcnt 510 [ 1035.395075][ T785] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1035.402078][ T785] Memory cgroup stats for /syz2: [ 1035.402163][ T785] anon 2138112 [ 1035.402163][ T785] file 155648 [ 1035.402163][ T785] kernel_stack 65536 [ 1035.402163][ T785] slab 1298432 [ 1035.402163][ T785] sock 0 [ 1035.402163][ T785] shmem 0 [ 1035.402163][ T785] file_mapped 135168 [ 1035.402163][ T785] file_dirty 135168 [ 1035.402163][ T785] file_writeback 0 [ 1035.402163][ T785] anon_thp 2097152 [ 1035.402163][ T785] inactive_anon 135168 [ 1035.402163][ T785] active_anon 2138112 [ 1035.402163][ T785] inactive_file 0 [ 1035.402163][ T785] active_file 0 [ 1035.402163][ T785] unevictable 0 [ 1035.402163][ T785] slab_reclaimable 405504 [ 1035.402163][ T785] slab_unreclaimable 892928 [ 1035.402163][ T785] pgfault 210012 [ 1035.402163][ T785] pgmajfault 0 [ 1035.402163][ T785] workingset_refault 0 [ 1035.402163][ T785] workingset_activate 0 [ 1035.402163][ T785] workingset_nodereclaim 0 [ 1035.402163][ T785] pgrefill 282 [ 1035.402163][ T785] pgscan 276 [ 1035.402163][ T785] pgsteal 37 [ 1035.402163][ T785] pgactivate 231 [ 1035.498814][ T785] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=784,uid=0 03:38:24 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:24 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 03:38:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket(0x10, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 03:38:24 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$getflags(r1, 0x401) 03:38:24 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:24 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000280)='lo\x00\x96o\xd6Q\xb9Y\xa9dJ,\x00\xd2\x97\x04\x03\xdc\r') [ 1035.515099][ T785] Memory cgroup out of memory: Killed process 784 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1035.538353][ T1066] oom_reaper: reaped process 784 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1035.591630][ T777] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1035.630905][ T777] CPU: 1 PID: 777 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1035.638313][ T777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.648366][ T777] Call Trace: [ 1035.651659][ T777] dump_stack+0x1d8/0x2f8 [ 1035.656002][ T777] dump_header+0xd8/0x960 [ 1035.660344][ T777] oom_kill_process+0xcd/0x350 [ 1035.665202][ T777] out_of_memory+0x5fa/0x8b0 [ 1035.669794][ T777] try_charge+0x125a/0x1910 [ 1035.674325][ T777] mem_cgroup_try_charge+0x20c/0x680 [ 1035.679614][ T777] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1035.685251][ T777] wp_page_copy+0x349/0x1890 [ 1035.689848][ T777] ? __kasan_check_read+0x11/0x20 [ 1035.694874][ T777] ? do_raw_spin_unlock+0x49/0x260 [ 1035.699989][ T777] do_wp_page+0x5e5/0x1cc0 [ 1035.704419][ T777] ? __kasan_check_write+0x14/0x20 [ 1035.709540][ T777] handle_mm_fault+0x2ada/0x5ff0 [ 1035.714492][ T777] do_user_addr_fault+0x589/0xaf0 [ 1035.719529][ T777] __do_page_fault+0xd3/0x1f0 [ 1035.724206][ T777] do_page_fault+0x99/0xb0 [ 1035.728622][ T777] page_fault+0x39/0x40 [ 1035.732773][ T777] RIP: 0033:0x4034f2 [ 1035.736663][ T777] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1035.756269][ T777] RSP: 002b:00007fff70fabdf0 EFLAGS: 00010246 [ 1035.762353][ T777] RAX: 0000000000000000 RBX: 00000000000fcbae RCX: 0000000000413630 [ 1035.770332][ T777] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff70facf20 [ 1035.778310][ T777] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002031940 03:38:25 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() socket$inet6_tcp(0xa, 0x1, 0x0) 03:38:25 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000200)={'team_slave_1\x00', @ifru_data=&(0x7f0000000680)="0a03533c97440cd7c73ddab45ccd702520ffdfeeaa6aa87fd5c346894c336396"}) [ 1035.786283][ T777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff70facf20 [ 1035.794276][ T777] R13: 00007fff70facf10 R14: 0000000000000000 R15: 00007fff70facf20 03:38:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 03:38:25 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) getgid() 03:38:25 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$getflags(r1, 0x401) 03:38:25 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r4, 0x40045612, 0x0) close(r4) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, 0x0, &(0x7f0000000040)) [ 1036.170128][ T777] memory: usage 1192kB, limit 0kB, failcnt 522 [ 1036.177538][ T777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1036.204771][ T777] Memory cgroup stats for /syz2: [ 1036.204851][ T777] anon 32768 [ 1036.204851][ T777] file 155648 [ 1036.204851][ T777] kernel_stack 65536 [ 1036.204851][ T777] slab 1298432 [ 1036.204851][ T777] sock 0 [ 1036.204851][ T777] shmem 0 [ 1036.204851][ T777] file_mapped 135168 [ 1036.204851][ T777] file_dirty 135168 [ 1036.204851][ T777] file_writeback 0 [ 1036.204851][ T777] anon_thp 0 [ 1036.204851][ T777] inactive_anon 135168 [ 1036.204851][ T777] active_anon 32768 [ 1036.204851][ T777] inactive_file 0 [ 1036.204851][ T777] active_file 0 [ 1036.204851][ T777] unevictable 0 [ 1036.204851][ T777] slab_reclaimable 405504 [ 1036.204851][ T777] slab_unreclaimable 892928 [ 1036.204851][ T777] pgfault 210012 [ 1036.204851][ T777] pgmajfault 0 [ 1036.204851][ T777] workingset_refault 0 [ 1036.204851][ T777] workingset_activate 0 [ 1036.204851][ T777] workingset_nodereclaim 0 [ 1036.204851][ T777] pgrefill 282 [ 1036.204851][ T777] pgscan 276 [ 1036.204851][ T777] pgsteal 37 [ 1036.204851][ T777] pgactivate 231 [ 1036.371966][ T777] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=777,uid=0 [ 1036.398769][ T777] Memory cgroup out of memory: Killed process 777 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1036.425065][ T1066] oom_reaper: reaped process 777 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:26 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:26 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:38:26 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) 03:38:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1037.532203][ T832] IPVS: ftp: loaded support on port[0] = 21 [ 1037.718705][ T832] chnl_net:caif_netlink_parms(): no params data found [ 1037.756767][ T832] bridge0: port 1(bridge_slave_0) entered blocking state [ 1037.764892][ T832] bridge0: port 1(bridge_slave_0) entered disabled state [ 1037.773748][ T832] device bridge_slave_0 entered promiscuous mode [ 1037.782657][ T832] bridge0: port 2(bridge_slave_1) entered blocking state [ 1037.789779][ T832] bridge0: port 2(bridge_slave_1) entered disabled state [ 1037.798787][ T832] device bridge_slave_1 entered promiscuous mode [ 1037.823421][ T832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1037.919045][ T832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1037.946277][ T832] team0: Port device team_slave_0 added [ 1037.954725][ T832] team0: Port device team_slave_1 added [ 1038.091545][ T832] device hsr_slave_0 entered promiscuous mode [ 1038.141307][ T832] device hsr_slave_1 entered promiscuous mode [ 1038.210808][ T832] debugfs: Directory 'hsr0' with parent '/' already present! [ 1038.324513][ T832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1038.377805][ T832] 8021q: adding VLAN 0 to HW filter on device team0 [ 1038.390384][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1038.398398][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1038.481396][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1038.490744][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1038.499227][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1038.506353][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1038.515244][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1038.524304][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1038.540176][T14644] bridge0: port 2(bridge_slave_1) entered blocking state [ 1038.547234][T14644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1038.555613][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1038.632011][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1038.641243][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1038.669978][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1038.679230][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1038.699127][ T832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1038.712152][ T832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1038.846068][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1038.855931][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1038.865299][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1039.005414][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1039.028714][ T832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1039.204722][ T840] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1039.233105][ T840] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1039.243775][ T840] CPU: 1 PID: 840 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1039.251145][ T840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.261199][ T840] Call Trace: [ 1039.264492][ T840] dump_stack+0x1d8/0x2f8 [ 1039.268832][ T840] dump_header+0xd8/0x960 [ 1039.273162][ T840] oom_kill_process+0xcd/0x350 [ 1039.277921][ T840] out_of_memory+0x5fa/0x8b0 [ 1039.282512][ T840] memory_max_write+0x4ba/0x600 [ 1039.287375][ T840] ? memory_max_show+0xa0/0xa0 [ 1039.292140][ T840] cgroup_file_write+0x223/0x5f0 [ 1039.297069][ T840] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1039.302176][ T840] kernfs_fop_write+0x3e4/0x4e0 [ 1039.307019][ T840] ? kernfs_fop_read+0x580/0x580 [ 1039.311950][ T840] __vfs_write+0xb8/0x740 [ 1039.316275][ T840] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1039.321818][ T840] ? __sb_start_write+0x382/0x430 [ 1039.326946][ T840] vfs_write+0x275/0x590 [ 1039.331186][ T840] ksys_write+0x117/0x220 [ 1039.335514][ T840] __x64_sys_write+0x7b/0x90 [ 1039.340094][ T840] do_syscall_64+0xf7/0x1c0 [ 1039.344591][ T840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.350647][ T840] RIP: 0033:0x459a29 [ 1039.354617][ T840] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1039.375351][ T840] RSP: 002b:00007fbbf09dbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1039.383763][ T840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1039.391754][ T840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1039.399718][ T840] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1039.410288][ T840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbf09dc6d4 [ 1039.418254][ T840] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1039.429669][ T840] memory: usage 20152kB, limit 0kB, failcnt 532 [ 1039.436219][ T840] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1039.443773][ T840] Memory cgroup stats for /syz3: [ 1039.443854][ T840] anon 2166784 [ 1039.443854][ T840] file 221184 [ 1039.443854][ T840] kernel_stack 65536 [ 1039.443854][ T840] slab 18448384 [ 1039.443854][ T840] sock 0 [ 1039.443854][ T840] shmem 0 [ 1039.443854][ T840] file_mapped 0 [ 1039.443854][ T840] file_dirty 0 [ 1039.443854][ T840] file_writeback 0 [ 1039.443854][ T840] anon_thp 2097152 [ 1039.443854][ T840] inactive_anon 0 [ 1039.443854][ T840] active_anon 2166784 [ 1039.443854][ T840] inactive_file 0 [ 1039.443854][ T840] active_file 135168 [ 1039.443854][ T840] unevictable 0 [ 1039.443854][ T840] slab_reclaimable 17571840 [ 1039.443854][ T840] slab_unreclaimable 876544 [ 1039.443854][ T840] pgfault 67914 [ 1039.443854][ T840] pgmajfault 0 [ 1039.443854][ T840] workingset_refault 0 [ 1039.443854][ T840] workingset_activate 0 [ 1039.443854][ T840] workingset_nodereclaim 0 [ 1039.443854][ T840] pgrefill 66 [ 1039.443854][ T840] pgscan 66 [ 1039.443854][ T840] pgsteal 35 [ 1039.443854][ T840] pgactivate 0 03:38:28 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:28 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r4, 0x40045612, 0x0) close(r4) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, 0x0, &(0x7f0000000040)) 03:38:28 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:38:28 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000001880)) 03:38:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:28 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1039.546324][ T840] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=839,uid=0 [ 1039.564891][ T840] Memory cgroup out of memory: Killed process 839 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1039.585688][ T1066] oom_reaper: reaped process 839 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1039.660885][ T832] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1039.710415][ T832] CPU: 1 PID: 832 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1039.717855][ T832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.727914][ T832] Call Trace: [ 1039.732084][ T832] dump_stack+0x1d8/0x2f8 [ 1039.736419][ T832] dump_header+0xd8/0x960 [ 1039.740871][ T832] oom_kill_process+0xcd/0x350 [ 1039.745633][ T832] out_of_memory+0x5fa/0x8b0 [ 1039.750232][ T832] try_charge+0x125a/0x1910 [ 1039.754763][ T832] mem_cgroup_try_charge+0x20c/0x680 [ 1039.760056][ T832] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1039.766651][ T832] handle_mm_fault+0x310e/0x5ff0 [ 1039.771611][ T832] do_user_addr_fault+0x589/0xaf0 [ 1039.776641][ T832] __do_page_fault+0xd3/0x1f0 [ 1039.781320][ T832] do_page_fault+0x99/0xb0 [ 1039.786606][ T832] page_fault+0x39/0x40 [ 1039.790762][ T832] RIP: 0033:0x4034f2 03:38:29 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) getresuid(0x0, 0x0, 0x0) 03:38:29 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r4, 0x40045612, 0x0) close(r4) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, 0x0, &(0x7f0000000040)) 03:38:29 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) [ 1039.794649][ T832] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1039.814252][ T832] RSP: 002b:00007ffca979fe70 EFLAGS: 00010246 [ 1039.820313][ T832] RAX: 0000000000000000 RBX: 00000000000fdb6f RCX: 0000000000413630 [ 1039.820320][ T832] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffca97a0fa0 [ 1039.820326][ T832] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000174a940 [ 1039.820332][ T832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca97a0fa0 [ 1039.820337][ T832] R13: 00007ffca97a0f90 R14: 0000000000000000 R15: 00007ffca97a0fa0 03:38:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:29 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) 03:38:29 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d00)) [ 1040.194570][ T832] memory: usage 17832kB, limit 0kB, failcnt 540 [ 1040.202204][ T832] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1040.237039][ T832] Memory cgroup stats for /syz3: [ 1040.237223][ T832] anon 0 [ 1040.237223][ T832] file 221184 [ 1040.237223][ T832] kernel_stack 0 [ 1040.237223][ T832] slab 18448384 [ 1040.237223][ T832] sock 0 [ 1040.237223][ T832] shmem 0 [ 1040.237223][ T832] file_mapped 0 [ 1040.237223][ T832] file_dirty 0 [ 1040.237223][ T832] file_writeback 0 [ 1040.237223][ T832] anon_thp 0 [ 1040.237223][ T832] inactive_anon 0 [ 1040.237223][ T832] active_anon 0 [ 1040.237223][ T832] inactive_file 0 [ 1040.237223][ T832] active_file 135168 [ 1040.237223][ T832] unevictable 0 [ 1040.237223][ T832] slab_reclaimable 17571840 [ 1040.237223][ T832] slab_unreclaimable 876544 [ 1040.237223][ T832] pgfault 67914 [ 1040.237223][ T832] pgmajfault 0 [ 1040.237223][ T832] workingset_refault 0 [ 1040.237223][ T832] workingset_activate 0 [ 1040.237223][ T832] workingset_nodereclaim 0 [ 1040.237223][ T832] pgrefill 66 [ 1040.237223][ T832] pgscan 66 [ 1040.237223][ T832] pgsteal 35 [ 1040.237223][ T832] pgactivate 0 [ 1040.460963][ T832] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=832,uid=0 [ 1040.477528][ T832] Memory cgroup out of memory: Killed process 832 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1040.496478][ T1066] oom_reaper: reaped process 832 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:38:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:30 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r4, 0x40045612, 0x0) close(r4) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, 0x0, &(0x7f0000000040)) 03:38:30 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) 03:38:30 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) 03:38:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1041.604860][ T886] IPVS: ftp: loaded support on port[0] = 21 [ 1041.763032][ T886] chnl_net:caif_netlink_parms(): no params data found [ 1041.807437][ T886] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.815006][ T886] bridge0: port 1(bridge_slave_0) entered disabled state [ 1041.823731][ T886] device bridge_slave_0 entered promiscuous mode [ 1041.945418][ T886] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.954158][ T886] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.963080][ T886] device bridge_slave_1 entered promiscuous mode [ 1041.988455][ T886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1042.107729][ T886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1042.134658][ T886] team0: Port device team_slave_0 added [ 1042.142461][ T886] team0: Port device team_slave_1 added [ 1042.263793][ T886] device hsr_slave_0 entered promiscuous mode [ 1042.380981][ T886] device hsr_slave_1 entered promiscuous mode [ 1042.460132][ T886] debugfs: Directory 'hsr0' with parent '/' already present! [ 1042.692531][ T886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1042.763247][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1042.774974][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1042.784543][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1042.797199][ T886] 8021q: adding VLAN 0 to HW filter on device team0 [ 1042.863081][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1042.872565][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1042.881788][T25324] bridge0: port 1(bridge_slave_0) entered blocking state [ 1042.888851][T25324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1043.007798][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1043.019811][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1043.029504][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1043.038766][T25319] bridge0: port 2(bridge_slave_1) entered blocking state [ 1043.045877][T25319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1043.127658][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1043.137499][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1043.146981][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1043.157376][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1043.167064][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1043.178101][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1043.186679][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1043.195922][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1043.219382][ T886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1043.231697][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1043.302365][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1043.312123][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1043.341542][ T886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1043.511784][ T894] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1043.558559][ T894] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1043.570826][ T894] CPU: 0 PID: 894 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1043.578220][ T894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1043.588275][ T894] Call Trace: [ 1043.591568][ T894] dump_stack+0x1d8/0x2f8 [ 1043.595901][ T894] dump_header+0xd8/0x960 [ 1043.600228][ T894] oom_kill_process+0xcd/0x350 [ 1043.604986][ T894] out_of_memory+0x5fa/0x8b0 [ 1043.609577][ T894] memory_max_write+0x4ba/0x600 [ 1043.614433][ T894] ? memory_max_show+0xa0/0xa0 [ 1043.619187][ T894] cgroup_file_write+0x223/0x5f0 [ 1043.624377][ T894] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1043.629484][ T894] kernfs_fop_write+0x3e4/0x4e0 [ 1043.634331][ T894] ? kernfs_fop_read+0x580/0x580 [ 1043.639259][ T894] __vfs_write+0xb8/0x740 [ 1043.643679][ T894] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1043.649212][ T894] ? __sb_start_write+0x382/0x430 [ 1043.654216][ T894] vfs_write+0x275/0x590 [ 1043.658437][ T894] ksys_write+0x117/0x220 [ 1043.662832][ T894] __x64_sys_write+0x7b/0x90 [ 1043.667448][ T894] do_syscall_64+0xf7/0x1c0 [ 1043.671940][ T894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1043.677818][ T894] RIP: 0033:0x459a29 [ 1043.681715][ T894] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1043.701298][ T894] RSP: 002b:00007fed77d99c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1043.709754][ T894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1043.717717][ T894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1043.725668][ T894] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1043.733626][ T894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fed77d9a6d4 [ 1043.741602][ T894] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1043.755682][ T894] memory: usage 3540kB, limit 0kB, failcnt 523 [ 1043.763718][ T894] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1043.770757][ T894] Memory cgroup stats for /syz2: [ 1043.771480][ T894] anon 2162688 [ 1043.771480][ T894] file 155648 [ 1043.771480][ T894] kernel_stack 65536 [ 1043.771480][ T894] slab 1298432 [ 1043.771480][ T894] sock 0 [ 1043.771480][ T894] shmem 0 [ 1043.771480][ T894] file_mapped 135168 [ 1043.771480][ T894] file_dirty 135168 [ 1043.771480][ T894] file_writeback 0 [ 1043.771480][ T894] anon_thp 2097152 [ 1043.771480][ T894] inactive_anon 135168 [ 1043.771480][ T894] active_anon 2162688 [ 1043.771480][ T894] inactive_file 0 [ 1043.771480][ T894] active_file 0 [ 1043.771480][ T894] unevictable 0 [ 1043.771480][ T894] slab_reclaimable 405504 [ 1043.771480][ T894] slab_unreclaimable 892928 [ 1043.771480][ T894] pgfault 210078 [ 1043.771480][ T894] pgmajfault 0 [ 1043.771480][ T894] workingset_refault 0 [ 1043.771480][ T894] workingset_activate 0 [ 1043.771480][ T894] workingset_nodereclaim 0 [ 1043.771480][ T894] pgrefill 282 [ 1043.771480][ T894] pgscan 276 [ 1043.771480][ T894] pgsteal 37 [ 1043.771480][ T894] pgactivate 231 [ 1043.776504][ T894] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=893,uid=0 [ 1044.076975][ T894] Memory cgroup out of memory: Killed process 893 (syz-executor.2) total-vm:72580kB, anon-rss:2188kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 03:38:33 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x0, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:33 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) 03:38:33 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r3, 0x40045612, 0x0) close(r3) 03:38:33 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) 03:38:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:33 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1044.106863][ T1066] oom_reaper: reaped process 893 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1044.137088][ T886] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1044.180014][ T886] CPU: 1 PID: 886 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1044.187885][ T886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.197954][ T886] Call Trace: [ 1044.201239][ T886] dump_stack+0x1d8/0x2f8 [ 1044.205552][ T886] dump_header+0xd8/0x960 [ 1044.209860][ T886] oom_kill_process+0xcd/0x350 [ 1044.214607][ T886] out_of_memory+0x5fa/0x8b0 [ 1044.219184][ T886] try_charge+0x125a/0x1910 [ 1044.223680][ T886] mem_cgroup_try_charge+0x20c/0x680 [ 1044.228942][ T886] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1044.234565][ T886] wp_page_copy+0x349/0x1890 [ 1044.239143][ T886] ? __kasan_check_read+0x11/0x20 [ 1044.244148][ T886] ? do_raw_spin_unlock+0x49/0x260 [ 1044.249250][ T886] do_wp_page+0x5e5/0x1cc0 [ 1044.253644][ T886] ? __kasan_check_write+0x14/0x20 [ 1044.258736][ T886] handle_mm_fault+0x2ada/0x5ff0 [ 1044.263751][ T886] do_user_addr_fault+0x589/0xaf0 [ 1044.268759][ T886] __do_page_fault+0xd3/0x1f0 [ 1044.273424][ T886] do_page_fault+0x99/0xb0 [ 1044.277823][ T886] page_fault+0x39/0x40 [ 1044.281964][ T886] RIP: 0033:0x4034f2 [ 1044.285837][ T886] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1044.305415][ T886] RSP: 002b:00007ffedcb5bd20 EFLAGS: 00010246 [ 1044.311455][ T886] RAX: 0000000000000000 RBX: 00000000000fec4f RCX: 0000000000413630 [ 1044.319402][ T886] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffedcb5ce50 [ 1044.327381][ T886] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002016940 [ 1044.335338][ T886] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffedcb5ce50 [ 1044.343285][ T886] R13: 00007ffedcb5ce40 R14: 0000000000000000 R15: 00007ffedcb5ce50 [ 1044.420092][ T886] memory: usage 1220kB, limit 0kB, failcnt 531 [ 1044.426296][ T886] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1044.454777][ T886] Memory cgroup stats for /syz2: [ 1044.454852][ T886] anon 0 [ 1044.454852][ T886] file 155648 [ 1044.454852][ T886] kernel_stack 65536 [ 1044.454852][ T886] slab 1298432 [ 1044.454852][ T886] sock 0 [ 1044.454852][ T886] shmem 0 [ 1044.454852][ T886] file_mapped 135168 [ 1044.454852][ T886] file_dirty 135168 [ 1044.454852][ T886] file_writeback 0 [ 1044.454852][ T886] anon_thp 0 [ 1044.454852][ T886] inactive_anon 135168 [ 1044.454852][ T886] active_anon 0 [ 1044.454852][ T886] inactive_file 0 [ 1044.454852][ T886] active_file 0 [ 1044.454852][ T886] unevictable 0 [ 1044.454852][ T886] slab_reclaimable 405504 [ 1044.454852][ T886] slab_unreclaimable 892928 03:38:33 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), 0x0) 03:38:33 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:33 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1044.454852][ T886] pgfault 210078 [ 1044.454852][ T886] pgmajfault 0 [ 1044.454852][ T886] workingset_refault 0 [ 1044.454852][ T886] workingset_activate 0 [ 1044.454852][ T886] workingset_nodereclaim 0 [ 1044.454852][ T886] pgrefill 282 [ 1044.454852][ T886] pgscan 276 [ 1044.454852][ T886] pgsteal 37 [ 1044.454852][ T886] pgactivate 231 03:38:34 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:34 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:34 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) lstat(&(0x7f00000009c0)='./file0\x00', 0x0) [ 1045.050191][ T886] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=886,uid=0 [ 1045.082408][ T886] Memory cgroup out of memory: Killed process 886 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1045.100613][ T1066] oom_reaper: reaped process 886 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:38:34 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x0, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:34 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:34 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) close(r3) 03:38:34 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:34 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900)) [ 1046.167873][ T1041] IPVS: ftp: loaded support on port[0] = 21 [ 1046.374647][ T1041] chnl_net:caif_netlink_parms(): no params data found [ 1046.475011][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.484264][ T1041] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.493533][ T1041] device bridge_slave_0 entered promiscuous mode [ 1046.502575][ T1041] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.509761][ T1041] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.519473][ T1041] device bridge_slave_1 entered promiscuous mode [ 1046.584986][ T1041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1046.597917][ T1041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1046.622711][ T1041] team0: Port device team_slave_0 added [ 1046.630971][ T1041] team0: Port device team_slave_1 added [ 1046.824105][ T1041] device hsr_slave_0 entered promiscuous mode [ 1046.871080][ T1041] device hsr_slave_1 entered promiscuous mode [ 1046.960152][ T1041] debugfs: Directory 'hsr0' with parent '/' already present! [ 1047.160660][ T1041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1047.238599][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1047.249704][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1047.258137][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1047.270704][ T1041] 8021q: adding VLAN 0 to HW filter on device team0 [ 1047.285754][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1047.294951][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1047.304651][T16143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1047.311753][T16143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1047.476112][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1047.486248][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1047.495606][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1047.505833][T25323] bridge0: port 2(bridge_slave_1) entered blocking state [ 1047.512958][T25323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1047.710777][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1047.720473][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1047.743281][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1047.752899][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1047.762092][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1047.773217][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1047.782507][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1047.791502][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1047.804026][ T1041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1047.897548][ T1041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1048.143836][ T1049] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1048.202496][ T1049] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1048.220917][ T1049] CPU: 1 PID: 1049 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1048.228415][ T1049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.239519][ T1049] Call Trace: [ 1048.243255][ T1049] dump_stack+0x1d8/0x2f8 [ 1048.247604][ T1049] dump_header+0xd8/0x960 [ 1048.251953][ T1049] oom_kill_process+0xcd/0x350 [ 1048.256712][ T1049] out_of_memory+0x5fa/0x8b0 [ 1048.261297][ T1049] memory_max_write+0x4ba/0x600 [ 1048.266415][ T1049] ? memory_max_show+0xa0/0xa0 [ 1048.271183][ T1049] cgroup_file_write+0x223/0x5f0 [ 1048.276732][ T1049] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1048.282275][ T1049] kernfs_fop_write+0x3e4/0x4e0 [ 1048.287400][ T1049] ? kernfs_fop_read+0x580/0x580 [ 1048.292419][ T1049] __vfs_write+0xb8/0x740 [ 1048.296748][ T1049] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1048.302287][ T1049] ? __sb_start_write+0x382/0x430 [ 1048.307307][ T1049] vfs_write+0x275/0x590 [ 1048.311549][ T1049] ksys_write+0x117/0x220 [ 1048.315882][ T1049] __x64_sys_write+0x7b/0x90 [ 1048.320468][ T1049] do_syscall_64+0xf7/0x1c0 [ 1048.324973][ T1049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1048.331903][ T1049] RIP: 0033:0x459a29 [ 1048.335794][ T1049] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1048.355394][ T1049] RSP: 002b:00007f0874b31c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1048.363801][ T1049] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1048.371769][ T1049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1048.379734][ T1049] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1048.387704][ T1049] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0874b326d4 [ 1048.395672][ T1049] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1048.419324][ T1049] memory: usage 20188kB, limit 0kB, failcnt 541 [ 1048.426034][ T1049] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1048.434518][ T1049] Memory cgroup stats for /syz3: [ 1048.434963][ T1049] anon 2138112 [ 1048.434963][ T1049] file 221184 [ 1048.434963][ T1049] kernel_stack 0 [ 1048.434963][ T1049] slab 18448384 [ 1048.434963][ T1049] sock 0 [ 1048.434963][ T1049] shmem 0 [ 1048.434963][ T1049] file_mapped 0 [ 1048.434963][ T1049] file_dirty 0 [ 1048.434963][ T1049] file_writeback 0 [ 1048.434963][ T1049] anon_thp 2097152 [ 1048.434963][ T1049] inactive_anon 0 [ 1048.434963][ T1049] active_anon 2138112 [ 1048.434963][ T1049] inactive_file 0 [ 1048.434963][ T1049] active_file 135168 [ 1048.434963][ T1049] unevictable 0 [ 1048.434963][ T1049] slab_reclaimable 17571840 [ 1048.434963][ T1049] slab_unreclaimable 876544 [ 1048.434963][ T1049] pgfault 67980 [ 1048.434963][ T1049] pgmajfault 0 [ 1048.434963][ T1049] workingset_refault 0 [ 1048.434963][ T1049] workingset_activate 0 [ 1048.434963][ T1049] workingset_nodereclaim 0 [ 1048.434963][ T1049] pgrefill 66 [ 1048.434963][ T1049] pgscan 66 [ 1048.434963][ T1049] pgsteal 35 [ 1048.434963][ T1049] pgactivate 0 [ 1048.540956][ T1049] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1048,uid=0 03:38:37 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:37 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:37 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) 03:38:37 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) close(r3) 03:38:37 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x0, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:37 executing program 0: sched_setattr(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1048.557285][ T1049] Memory cgroup out of memory: Killed process 1048 (syz-executor.3) total-vm:72580kB, anon-rss:2180kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1048.581175][ T1066] oom_reaper: reaped process 1048 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1048.663033][ T1041] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:38:38 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1048.731571][ T1041] CPU: 1 PID: 1041 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1048.739069][ T1041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.749144][ T1041] Call Trace: [ 1048.752437][ T1041] dump_stack+0x1d8/0x2f8 [ 1048.756772][ T1041] dump_header+0xd8/0x960 [ 1048.761111][ T1041] oom_kill_process+0xcd/0x350 [ 1048.765895][ T1041] out_of_memory+0x5fa/0x8b0 [ 1048.770490][ T1041] try_charge+0x125a/0x1910 [ 1048.775188][ T1041] mem_cgroup_try_charge+0x20c/0x680 [ 1048.780473][ T1041] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1048.786103][ T1041] handle_mm_fault+0x310e/0x5ff0 [ 1048.791043][ T1041] do_user_addr_fault+0x589/0xaf0 [ 1048.796056][ T1041] __do_page_fault+0xd3/0x1f0 [ 1048.800738][ T1041] do_page_fault+0x99/0xb0 [ 1048.805135][ T1041] page_fault+0x39/0x40 [ 1048.809267][ T1041] RIP: 0033:0x4034f2 03:38:38 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() [ 1048.813140][ T1041] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1048.832727][ T1041] RSP: 002b:00007ffd228ceeb0 EFLAGS: 00010246 [ 1048.838769][ T1041] RAX: 0000000000000000 RBX: 00000000000ffe71 RCX: 0000000000413630 [ 1048.846724][ T1041] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd228cffe0 [ 1048.854673][ T1041] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000011db940 [ 1048.862730][ T1041] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd228cffe0 [ 1048.870679][ T1041] R13: 00007ffd228cffd0 R14: 0000000000000000 R15: 00007ffd228cffe0 03:38:38 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) close(r3) 03:38:38 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1049.040590][ T1041] memory: usage 17860kB, limit 0kB, failcnt 553 [ 1049.046974][ T1041] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1049.110186][ T1041] Memory cgroup stats for /syz3: [ 1049.110261][ T1041] anon 45056 [ 1049.110261][ T1041] file 221184 [ 1049.110261][ T1041] kernel_stack 0 [ 1049.110261][ T1041] slab 18448384 [ 1049.110261][ T1041] sock 0 [ 1049.110261][ T1041] shmem 0 [ 1049.110261][ T1041] file_mapped 0 [ 1049.110261][ T1041] file_dirty 0 [ 1049.110261][ T1041] file_writeback 0 [ 1049.110261][ T1041] anon_thp 0 [ 1049.110261][ T1041] inactive_anon 0 [ 1049.110261][ T1041] active_anon 45056 [ 1049.110261][ T1041] inactive_file 0 [ 1049.110261][ T1041] active_file 135168 [ 1049.110261][ T1041] unevictable 0 [ 1049.110261][ T1041] slab_reclaimable 17571840 [ 1049.110261][ T1041] slab_unreclaimable 876544 [ 1049.110261][ T1041] pgfault 67980 [ 1049.110261][ T1041] pgmajfault 0 [ 1049.110261][ T1041] workingset_refault 0 [ 1049.110261][ T1041] workingset_activate 0 [ 1049.110261][ T1041] workingset_nodereclaim 0 [ 1049.110261][ T1041] pgrefill 66 [ 1049.110261][ T1041] pgscan 66 [ 1049.110261][ T1041] pgsteal 35 [ 1049.110261][ T1041] pgactivate 0 03:38:38 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:38 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) geteuid() [ 1049.449857][ T1041] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1041,uid=0 [ 1049.473249][ T1041] Memory cgroup out of memory: Killed process 1041 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 03:38:39 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, 0xffffffffffffffff, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:39 executing program 0: sched_setattr(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:39 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:39 executing program 4: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1050.563780][ T1208] IPVS: ftp: loaded support on port[0] = 21 [ 1050.799197][ T1208] chnl_net:caif_netlink_parms(): no params data found [ 1050.838915][ T1208] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.847519][ T1208] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.856756][ T1208] device bridge_slave_0 entered promiscuous mode [ 1050.915059][ T1208] bridge0: port 2(bridge_slave_1) entered blocking state [ 1050.923759][ T1208] bridge0: port 2(bridge_slave_1) entered disabled state [ 1050.933390][ T1208] device bridge_slave_1 entered promiscuous mode [ 1050.958431][ T1208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1050.980433][ T1208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1051.056260][ T1208] team0: Port device team_slave_0 added [ 1051.065541][ T1208] team0: Port device team_slave_1 added [ 1051.243756][ T1208] device hsr_slave_0 entered promiscuous mode [ 1051.381005][ T1208] device hsr_slave_1 entered promiscuous mode [ 1051.440288][ T1208] debugfs: Directory 'hsr0' with parent '/' already present! [ 1051.670335][ T1208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1051.736426][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1051.748272][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1051.756788][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1051.769417][ T1208] 8021q: adding VLAN 0 to HW filter on device team0 [ 1051.908249][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1051.919674][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1051.928535][T16143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.935644][T16143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1051.954464][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1051.963299][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1051.972649][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1051.981855][T25323] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.988996][T25323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1052.008423][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1052.018164][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1052.027632][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1052.086889][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1052.096062][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1052.105830][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1052.115606][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1052.125178][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1052.205697][ T1208] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1052.219670][ T1208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1052.230801][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1052.240600][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1052.272176][ T1208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1052.502634][ T1216] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1052.521439][ T1216] CPU: 1 PID: 1216 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1052.529305][ T1216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.539629][ T1216] Call Trace: [ 1052.542937][ T1216] dump_stack+0x1d8/0x2f8 [ 1052.547270][ T1216] dump_header+0xd8/0x960 [ 1052.551606][ T1216] oom_kill_process+0xcd/0x350 [ 1052.556375][ T1216] out_of_memory+0x5fa/0x8b0 [ 1052.560966][ T1216] memory_max_write+0x4ba/0x600 [ 1052.572442][ T1216] ? memory_max_show+0xa0/0xa0 [ 1052.587576][ T1216] cgroup_file_write+0x223/0x5f0 [ 1052.587590][ T1216] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1052.587603][ T1216] kernfs_fop_write+0x3e4/0x4e0 [ 1052.587614][ T1216] ? kernfs_fop_read+0x580/0x580 [ 1052.587631][ T1216] __vfs_write+0xb8/0x740 [ 1052.598638][ T1216] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1052.598649][ T1216] ? __sb_start_write+0x382/0x430 [ 1052.598662][ T1216] vfs_write+0x275/0x590 [ 1052.609968][ T1216] ksys_write+0x117/0x220 [ 1052.609984][ T1216] __x64_sys_write+0x7b/0x90 [ 1052.609996][ T1216] do_syscall_64+0xf7/0x1c0 [ 1052.610011][ T1216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1052.620844][ T1216] RIP: 0033:0x459a29 [ 1052.620855][ T1216] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1052.620860][ T1216] RSP: 002b:00007fac02177c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1052.620869][ T1216] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1052.620875][ T1216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1052.620880][ T1216] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1052.620889][ T1216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac021786d4 [ 1052.650074][ T1216] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1052.662011][ T1216] memory: usage 3528kB, limit 0kB, failcnt 532 [ 1052.760566][ T1216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1052.767688][ T1216] Memory cgroup stats for /syz2: [ 1052.768112][ T1216] anon 2166784 [ 1052.768112][ T1216] file 155648 [ 1052.768112][ T1216] kernel_stack 65536 [ 1052.768112][ T1216] slab 1298432 [ 1052.768112][ T1216] sock 0 [ 1052.768112][ T1216] shmem 0 [ 1052.768112][ T1216] file_mapped 135168 [ 1052.768112][ T1216] file_dirty 135168 [ 1052.768112][ T1216] file_writeback 0 [ 1052.768112][ T1216] anon_thp 2097152 [ 1052.768112][ T1216] inactive_anon 135168 [ 1052.768112][ T1216] active_anon 2166784 [ 1052.768112][ T1216] inactive_file 0 [ 1052.768112][ T1216] active_file 0 [ 1052.768112][ T1216] unevictable 0 [ 1052.768112][ T1216] slab_reclaimable 405504 [ 1052.768112][ T1216] slab_unreclaimable 892928 [ 1052.768112][ T1216] pgfault 210144 [ 1052.768112][ T1216] pgmajfault 0 [ 1052.768112][ T1216] workingset_refault 0 [ 1052.768112][ T1216] workingset_activate 0 [ 1052.768112][ T1216] workingset_nodereclaim 0 [ 1052.768112][ T1216] pgrefill 282 [ 1052.768112][ T1216] pgscan 276 [ 1052.768112][ T1216] pgsteal 37 [ 1052.768112][ T1216] pgactivate 231 [ 1052.881095][ T1216] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1214,uid=0 [ 1052.897459][ T1216] Memory cgroup out of memory: Killed process 1214 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1052.921775][ T1066] oom_reaper: reaped process 1214 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:38:42 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:42 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) 03:38:42 executing program 4: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:42 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:42 executing program 0: sched_setattr(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:42 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, 0xffffffffffffffff, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 1053.009054][ T1208] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:38:42 executing program 4: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:42 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) [ 1053.129941][ T1208] CPU: 0 PID: 1208 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1053.137430][ T1208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.137435][ T1208] Call Trace: [ 1053.137452][ T1208] dump_stack+0x1d8/0x2f8 [ 1053.137468][ T1208] dump_header+0xd8/0x960 [ 1053.159730][ T1208] oom_kill_process+0xcd/0x350 [ 1053.164749][ T1208] out_of_memory+0x5fa/0x8b0 [ 1053.169942][ T1208] try_charge+0x125a/0x1910 [ 1053.174924][ T1208] mem_cgroup_try_charge+0x20c/0x680 [ 1053.180371][ T1208] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1053.186163][ T1208] wp_page_copy+0x349/0x1890 [ 1053.191522][ T1208] ? __kasan_check_read+0x11/0x20 [ 1053.196902][ T1208] ? do_raw_spin_unlock+0x49/0x260 [ 1053.201998][ T1208] do_wp_page+0x5e5/0x1cc0 [ 1053.206396][ T1208] ? __kasan_check_write+0x14/0x20 [ 1053.211577][ T1208] handle_mm_fault+0x2ada/0x5ff0 [ 1053.216686][ T1208] do_user_addr_fault+0x589/0xaf0 [ 1053.221702][ T1208] __do_page_fault+0xd3/0x1f0 [ 1053.226636][ T1208] do_page_fault+0x99/0xb0 [ 1053.231031][ T1208] page_fault+0x39/0x40 [ 1053.235163][ T1208] RIP: 0033:0x430b06 [ 1053.239035][ T1208] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1053.258705][ T1208] RSP: 002b:00007fff0840b550 EFLAGS: 00010206 [ 1053.264747][ T1208] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1053.272921][ T1208] RDX: 000000000159e930 RSI: 00000000015a6970 RDI: 0000000000000003 [ 1053.281045][ T1208] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000159d940 [ 1053.290243][ T1208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1053.298291][ T1208] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:38:42 executing program 4: open(0x0, 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:42 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:42 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), &(0x7f0000000740)=0x10, 0x0) 03:38:42 executing program 4: open(0x0, 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1053.780100][ T1208] memory: usage 1204kB, limit 0kB, failcnt 540 [ 1053.786309][ T1208] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1053.810018][ T1208] Memory cgroup stats for /syz2: [ 1053.810102][ T1208] anon 32768 [ 1053.810102][ T1208] file 155648 [ 1053.810102][ T1208] kernel_stack 65536 [ 1053.810102][ T1208] slab 1298432 [ 1053.810102][ T1208] sock 0 [ 1053.810102][ T1208] shmem 0 [ 1053.810102][ T1208] file_mapped 135168 [ 1053.810102][ T1208] file_dirty 135168 [ 1053.810102][ T1208] file_writeback 0 [ 1053.810102][ T1208] anon_thp 0 [ 1053.810102][ T1208] inactive_anon 135168 [ 1053.810102][ T1208] active_anon 32768 [ 1053.810102][ T1208] inactive_file 0 [ 1053.810102][ T1208] active_file 0 [ 1053.810102][ T1208] unevictable 0 [ 1053.810102][ T1208] slab_reclaimable 405504 [ 1053.810102][ T1208] slab_unreclaimable 892928 [ 1053.810102][ T1208] pgfault 210144 [ 1053.810102][ T1208] pgmajfault 0 [ 1053.810102][ T1208] workingset_refault 0 [ 1053.810102][ T1208] workingset_activate 0 [ 1053.810102][ T1208] workingset_nodereclaim 0 [ 1053.810102][ T1208] pgrefill 282 [ 1053.810102][ T1208] pgscan 276 [ 1053.810102][ T1208] pgsteal 37 [ 1053.810102][ T1208] pgactivate 231 [ 1053.937280][ T1208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1208,uid=0 [ 1053.953168][ T1208] Memory cgroup out of memory: Killed process 1208 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1053.980992][ T1066] oom_reaper: reaped process 1208 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:38:43 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:43 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(0xffffffffffffffff) 03:38:43 executing program 4: open(0x0, 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:43 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) r2 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) fcntl$getflags(r2, 0x401) 03:38:43 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1054.937905][ T1368] IPVS: ftp: loaded support on port[0] = 21 [ 1055.331797][ T1368] chnl_net:caif_netlink_parms(): no params data found [ 1055.367184][ T1368] bridge0: port 1(bridge_slave_0) entered blocking state [ 1055.374829][ T1368] bridge0: port 1(bridge_slave_0) entered disabled state [ 1055.383512][ T1368] device bridge_slave_0 entered promiscuous mode [ 1055.392292][ T1368] bridge0: port 2(bridge_slave_1) entered blocking state [ 1055.399431][ T1368] bridge0: port 2(bridge_slave_1) entered disabled state [ 1055.408350][ T1368] device bridge_slave_1 entered promiscuous mode [ 1055.487318][ T1368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1055.500105][ T1368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1055.563626][ T1368] team0: Port device team_slave_0 added [ 1055.572040][ T1368] team0: Port device team_slave_1 added [ 1055.653517][ T1368] device hsr_slave_0 entered promiscuous mode [ 1055.831199][ T1368] device hsr_slave_1 entered promiscuous mode [ 1055.940105][ T1368] debugfs: Directory 'hsr0' with parent '/' already present! [ 1056.032574][ T1368] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.039688][ T1368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1056.047043][ T1368] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.054154][ T1368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1056.224825][ T1368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1056.243193][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1056.252356][ T3773] bridge0: port 1(bridge_slave_0) entered disabled state [ 1056.260950][ T3773] bridge0: port 2(bridge_slave_1) entered disabled state [ 1056.270880][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1056.286872][ T1368] 8021q: adding VLAN 0 to HW filter on device team0 [ 1056.384306][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1056.393941][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1056.403252][T25324] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.410372][T25324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1056.493789][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1056.506963][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1056.515867][T25319] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.522990][T25319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1056.534580][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1056.553641][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1056.563948][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1056.573717][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1056.648013][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1056.658187][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1056.667961][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1056.677710][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1056.687856][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1056.715160][ T1368] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1056.727414][ T1368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1056.784987][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1056.797922][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1056.875844][ T1368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1057.035192][ T1377] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1057.077798][ T1377] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1057.094012][ T1377] CPU: 1 PID: 1377 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1057.101507][ T1377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.111569][ T1377] Call Trace: [ 1057.114869][ T1377] dump_stack+0x1d8/0x2f8 [ 1057.119200][ T1377] dump_header+0xd8/0x960 [ 1057.123531][ T1377] oom_kill_process+0xcd/0x350 [ 1057.128300][ T1377] out_of_memory+0x5fa/0x8b0 [ 1057.132920][ T1377] memory_max_write+0x4ba/0x600 [ 1057.137770][ T1377] ? memory_max_show+0xa0/0xa0 [ 1057.142631][ T1377] cgroup_file_write+0x223/0x5f0 [ 1057.147661][ T1377] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1057.153302][ T1377] kernfs_fop_write+0x3e4/0x4e0 [ 1057.158321][ T1377] ? kernfs_fop_read+0x580/0x580 [ 1057.163258][ T1377] __vfs_write+0xb8/0x740 [ 1057.167578][ T1377] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1057.173100][ T1377] ? __sb_start_write+0x382/0x430 [ 1057.178100][ T1377] vfs_write+0x275/0x590 [ 1057.182337][ T1377] ksys_write+0x117/0x220 [ 1057.187079][ T1377] __x64_sys_write+0x7b/0x90 [ 1057.191669][ T1377] do_syscall_64+0xf7/0x1c0 [ 1057.196151][ T1377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1057.202038][ T1377] RIP: 0033:0x459a29 [ 1057.205925][ T1377] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1057.226852][ T1377] RSP: 002b:00007f18c75d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1057.235265][ T1377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1057.243219][ T1377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1057.251194][ T1377] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1057.259162][ T1377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18c75d36d4 [ 1057.267125][ T1377] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1057.283112][ T1377] memory: usage 20200kB, limit 0kB, failcnt 554 [ 1057.289647][ T1377] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1057.296939][ T1377] Memory cgroup stats for /syz3: [ 1057.297357][ T1377] anon 2158592 [ 1057.297357][ T1377] file 221184 [ 1057.297357][ T1377] kernel_stack 65536 [ 1057.297357][ T1377] slab 18448384 [ 1057.297357][ T1377] sock 0 [ 1057.297357][ T1377] shmem 0 [ 1057.297357][ T1377] file_mapped 0 [ 1057.297357][ T1377] file_dirty 0 [ 1057.297357][ T1377] file_writeback 0 [ 1057.297357][ T1377] anon_thp 2097152 [ 1057.297357][ T1377] inactive_anon 0 [ 1057.297357][ T1377] active_anon 2158592 [ 1057.297357][ T1377] inactive_file 0 [ 1057.297357][ T1377] active_file 135168 [ 1057.297357][ T1377] unevictable 0 [ 1057.297357][ T1377] slab_reclaimable 17571840 [ 1057.297357][ T1377] slab_unreclaimable 876544 [ 1057.297357][ T1377] pgfault 68079 [ 1057.297357][ T1377] pgmajfault 0 [ 1057.297357][ T1377] workingset_refault 0 [ 1057.297357][ T1377] workingset_activate 0 [ 1057.297357][ T1377] workingset_nodereclaim 0 [ 1057.297357][ T1377] pgrefill 66 [ 1057.297357][ T1377] pgscan 66 [ 1057.297357][ T1377] pgsteal 35 [ 1057.297357][ T1377] pgactivate 0 [ 1057.395435][ T1377] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1376,uid=0 [ 1057.412933][ T1377] Memory cgroup out of memory: Killed process 1376 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 03:38:46 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) 03:38:46 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(0xffffffffffffffff) 03:38:46 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, 0xffffffffffffffff, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:46 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:46 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1057.440960][ T1066] oom_reaper: reaped process 1376 (syz-executor.3), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 1057.508324][ T1368] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 1057.572806][ T1368] CPU: 1 PID: 1368 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1057.580863][ T1368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.591371][ T1368] Call Trace: [ 1057.595331][ T1368] dump_stack+0x1d8/0x2f8 [ 1057.619409][ T1368] dump_header+0xd8/0x960 [ 1057.623825][ T1368] oom_kill_process+0xcd/0x350 [ 1057.628835][ T1368] out_of_memory+0x5fa/0x8b0 [ 1057.633495][ T1368] try_charge+0x125a/0x1910 [ 1057.638014][ T1368] __memcg_kmem_charge_memcg+0x37/0xc0 [ 1057.643451][ T1368] kmem_getpages+0x449/0xa00 [ 1057.648034][ T1368] cache_grow_begin+0x7e/0x2c0 [ 1057.652780][ T1368] ? __cpuset_node_allowed+0x195/0x510 [ 1057.658216][ T1368] fallback_alloc+0x134/0x1c0 [ 1057.662871][ T1368] ____cache_alloc_node+0x22a/0x250 [ 1057.668062][ T1368] kmem_cache_alloc+0x163/0x2e0 [ 1057.672902][ T1368] ? __alloc_file+0x2c/0x390 [ 1057.677471][ T1368] __alloc_file+0x2c/0x390 [ 1057.681866][ T1368] alloc_empty_file+0xac/0x1b0 [ 1057.686625][ T1368] path_openat+0x9e/0x4420 [ 1057.691143][ T1368] ? __kasan_kmalloc+0x178/0x1b0 [ 1057.696068][ T1368] ? __lock_acquire+0xc75/0x1be0 [ 1057.700994][ T1368] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1057.706717][ T1368] do_filp_open+0x192/0x3d0 [ 1057.711209][ T1368] ? _raw_spin_unlock+0x2c/0x50 [ 1057.716049][ T1368] do_sys_open+0x29f/0x560 [ 1057.720977][ T1368] __x64_sys_open+0x87/0x90 [ 1057.725484][ T1368] do_syscall_64+0xf7/0x1c0 [ 1057.729984][ T1368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1057.735876][ T1368] RIP: 0033:0x4579a0 [ 1057.739760][ T1368] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 1057.760588][ T1368] RSP: 002b:00007ffc354e8270 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 1057.769153][ T1368] RAX: ffffffffffffffda RBX: 000000000010211e RCX: 00000000004579a0 [ 1057.777196][ T1368] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffc354e9450 [ 1057.785232][ T1368] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000018ad940 [ 1057.794151][ T1368] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc354e9450 [ 1057.802100][ T1368] R13: 00007ffc354e9440 R14: 0000000000000000 R15: 00007ffc354e9450 [ 1057.822226][ T1368] memory: usage 17872kB, limit 0kB, failcnt 570 [ 1057.828495][ T1368] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1057.828500][ T1368] Memory cgroup stats for /syz3: [ 1057.831143][ T1368] anon 53248 [ 1057.831143][ T1368] file 221184 [ 1057.831143][ T1368] kernel_stack 0 [ 1057.831143][ T1368] slab 18448384 [ 1057.831143][ T1368] sock 0 [ 1057.831143][ T1368] shmem 0 [ 1057.831143][ T1368] file_mapped 0 [ 1057.831143][ T1368] file_dirty 0 [ 1057.831143][ T1368] file_writeback 0 [ 1057.831143][ T1368] anon_thp 0 [ 1057.831143][ T1368] inactive_anon 0 [ 1057.831143][ T1368] active_anon 53248 [ 1057.831143][ T1368] inactive_file 0 [ 1057.831143][ T1368] active_file 135168 [ 1057.831143][ T1368] unevictable 0 [ 1057.831143][ T1368] slab_reclaimable 17571840 [ 1057.831143][ T1368] slab_unreclaimable 876544 [ 1057.831143][ T1368] pgfault 68079 [ 1057.831143][ T1368] pgmajfault 0 [ 1057.831143][ T1368] workingset_refault 0 [ 1057.831143][ T1368] workingset_activate 0 [ 1057.831143][ T1368] workingset_nodereclaim 0 [ 1057.831143][ T1368] pgrefill 66 [ 1057.831143][ T1368] pgscan 66 03:38:47 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:47 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(0xffffffffffffffff) 03:38:47 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$getflags(r1, 0x401) [ 1057.831143][ T1368] pgsteal 35 [ 1057.831143][ T1368] pgactivate 0 03:38:47 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:47 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:47 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(0x0, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:47 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$getflags(r1, 0x401) 03:38:47 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:47 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) [ 1058.417081][ T1368] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1368,uid=0 [ 1058.458041][ T1368] Memory cgroup out of memory: Killed process 1368 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1058.485395][ T1066] oom_reaper: reaped process 1368 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:48 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 1059.607102][ T1422] IPVS: ftp: loaded support on port[0] = 21 [ 1059.754156][ T1422] chnl_net:caif_netlink_parms(): no params data found [ 1059.877008][ T1422] bridge0: port 1(bridge_slave_0) entered blocking state [ 1059.885842][ T1422] bridge0: port 1(bridge_slave_0) entered disabled state [ 1059.894953][ T1422] device bridge_slave_0 entered promiscuous mode [ 1059.944976][ T1422] bridge0: port 2(bridge_slave_1) entered blocking state [ 1059.953625][ T1422] bridge0: port 2(bridge_slave_1) entered disabled state [ 1059.962496][ T1422] device bridge_slave_1 entered promiscuous mode [ 1059.986878][ T1422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1059.999374][ T1422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1060.024916][ T1422] team0: Port device team_slave_0 added [ 1060.122781][ T1422] team0: Port device team_slave_1 added [ 1060.183518][ T1422] device hsr_slave_0 entered promiscuous mode [ 1060.221040][ T1422] device hsr_slave_1 entered promiscuous mode [ 1060.280064][ T1422] debugfs: Directory 'hsr0' with parent '/' already present! [ 1060.433806][ T1422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1060.508417][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1060.520717][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1060.528901][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1060.592034][ T1422] 8021q: adding VLAN 0 to HW filter on device team0 [ 1060.606500][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1060.617354][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1060.627461][T25323] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.634954][T25323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1060.733091][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1060.741922][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1060.751304][T16142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1060.761104][T16142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.768163][T16142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1060.854972][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1060.869039][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1060.895764][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1060.904012][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1060.913033][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1060.926550][ T1422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1061.021902][ T1422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1061.187087][ T1431] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1061.199290][ T1431] CPU: 0 PID: 1431 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1061.206771][ T1431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1061.216839][ T1431] Call Trace: [ 1061.220132][ T1431] dump_stack+0x1d8/0x2f8 [ 1061.224467][ T1431] dump_header+0xd8/0x960 [ 1061.228797][ T1431] oom_kill_process+0xcd/0x350 [ 1061.233562][ T1431] out_of_memory+0x5fa/0x8b0 [ 1061.238169][ T1431] memory_max_write+0x4ba/0x600 [ 1061.243014][ T1431] ? memory_max_show+0xa0/0xa0 [ 1061.247756][ T1431] cgroup_file_write+0x223/0x5f0 [ 1061.253053][ T1431] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1061.258155][ T1431] kernfs_fop_write+0x3e4/0x4e0 [ 1061.263167][ T1431] ? kernfs_fop_read+0x580/0x580 [ 1061.268086][ T1431] __vfs_write+0xb8/0x740 [ 1061.272412][ T1431] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1061.277949][ T1431] ? __sb_start_write+0x382/0x430 [ 1061.282965][ T1431] vfs_write+0x275/0x590 [ 1061.287186][ T1431] ksys_write+0x117/0x220 [ 1061.291498][ T1431] __x64_sys_write+0x7b/0x90 [ 1061.296083][ T1431] do_syscall_64+0xf7/0x1c0 [ 1061.300583][ T1431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1061.306451][ T1431] RIP: 0033:0x459a29 [ 1061.310320][ T1431] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1061.330011][ T1431] RSP: 002b:00007fe5181ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1061.338402][ T1431] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1061.346373][ T1431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1061.354342][ T1431] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1061.362318][ T1431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5181de6d4 [ 1061.370271][ T1431] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1061.390266][ T1431] memory: usage 3528kB, limit 0kB, failcnt 541 [ 1061.397160][ T1431] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1061.405359][ T1431] Memory cgroup stats for /syz2: [ 1061.405793][ T1431] anon 2117632 [ 1061.405793][ T1431] file 155648 [ 1061.405793][ T1431] kernel_stack 65536 [ 1061.405793][ T1431] slab 1298432 [ 1061.405793][ T1431] sock 0 [ 1061.405793][ T1431] shmem 0 [ 1061.405793][ T1431] file_mapped 135168 [ 1061.405793][ T1431] file_dirty 135168 [ 1061.405793][ T1431] file_writeback 0 [ 1061.405793][ T1431] anon_thp 2097152 [ 1061.405793][ T1431] inactive_anon 135168 [ 1061.405793][ T1431] active_anon 2117632 [ 1061.405793][ T1431] inactive_file 0 [ 1061.405793][ T1431] active_file 0 [ 1061.405793][ T1431] unevictable 0 [ 1061.405793][ T1431] slab_reclaimable 405504 [ 1061.405793][ T1431] slab_unreclaimable 892928 [ 1061.405793][ T1431] pgfault 210210 [ 1061.405793][ T1431] pgmajfault 0 [ 1061.405793][ T1431] workingset_refault 0 [ 1061.405793][ T1431] workingset_activate 0 [ 1061.405793][ T1431] workingset_nodereclaim 0 [ 1061.405793][ T1431] pgrefill 282 [ 1061.405793][ T1431] pgscan 276 [ 1061.405793][ T1431] pgsteal 37 [ 1061.405793][ T1431] pgactivate 231 [ 1061.509614][ T1431] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1430,uid=0 [ 1061.526883][ T1431] Memory cgroup out of memory: Killed process 1430 (syz-executor.2) total-vm:72580kB, anon-rss:2184kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1061.556584][ T1066] oom_reaper: reaped process 1430 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:38:50 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:50 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(0x0, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:50 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$getflags(r1, 0x401) 03:38:50 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:50 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:50 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 1061.583288][ T1422] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1061.658542][ T1422] CPU: 0 PID: 1422 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1061.666085][ T1422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1061.676231][ T1422] Call Trace: [ 1061.679795][ T1422] dump_stack+0x1d8/0x2f8 [ 1061.684134][ T1422] dump_header+0xd8/0x960 [ 1061.688460][ T1422] oom_kill_process+0xcd/0x350 [ 1061.693230][ T1422] out_of_memory+0x5fa/0x8b0 [ 1061.697829][ T1422] try_charge+0x125a/0x1910 [ 1061.702349][ T1422] mem_cgroup_try_charge+0x20c/0x680 [ 1061.707637][ T1422] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1061.713262][ T1422] wp_page_copy+0x349/0x1890 [ 1061.717838][ T1422] ? __kasan_check_read+0x11/0x20 [ 1061.722855][ T1422] ? do_raw_spin_unlock+0x49/0x260 [ 1061.728298][ T1422] do_wp_page+0x5e5/0x1cc0 [ 1061.732694][ T1422] ? __kasan_check_write+0x14/0x20 [ 1061.737790][ T1422] handle_mm_fault+0x2ada/0x5ff0 [ 1061.742720][ T1422] do_user_addr_fault+0x589/0xaf0 [ 1061.747741][ T1422] __do_page_fault+0xd3/0x1f0 [ 1061.752399][ T1422] do_page_fault+0x99/0xb0 [ 1061.756811][ T1422] page_fault+0x39/0x40 [ 1061.760965][ T1422] RIP: 0033:0x430b06 [ 1061.764850][ T1422] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1061.784449][ T1422] RSP: 002b:00007ffd0592b1b0 EFLAGS: 00010206 [ 1061.790491][ T1422] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1061.798465][ T1422] RDX: 0000000002a24930 RSI: 0000000002a2c970 RDI: 0000000000000003 03:38:51 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(0x0, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:51 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) [ 1061.806426][ T1422] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002a23940 [ 1061.814382][ T1422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1061.822336][ T1422] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:38:51 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) [ 1061.912563][ T1422] memory: usage 1204kB, limit 0kB, failcnt 549 [ 1061.918770][ T1422] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1061.990475][ T1422] Memory cgroup stats for /syz2: [ 1061.990557][ T1422] anon 12288 [ 1061.990557][ T1422] file 155648 [ 1061.990557][ T1422] kernel_stack 65536 [ 1061.990557][ T1422] slab 1298432 [ 1061.990557][ T1422] sock 0 [ 1061.990557][ T1422] shmem 0 [ 1061.990557][ T1422] file_mapped 135168 [ 1061.990557][ T1422] file_dirty 135168 [ 1061.990557][ T1422] file_writeback 0 [ 1061.990557][ T1422] anon_thp 0 [ 1061.990557][ T1422] inactive_anon 135168 [ 1061.990557][ T1422] active_anon 12288 [ 1061.990557][ T1422] inactive_file 0 03:38:51 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1061.990557][ T1422] active_file 0 [ 1061.990557][ T1422] unevictable 0 [ 1061.990557][ T1422] slab_reclaimable 405504 [ 1061.990557][ T1422] slab_unreclaimable 892928 [ 1061.990557][ T1422] pgfault 210210 [ 1061.990557][ T1422] pgmajfault 0 [ 1061.990557][ T1422] workingset_refault 0 [ 1061.990557][ T1422] workingset_activate 0 [ 1061.990557][ T1422] workingset_nodereclaim 0 [ 1061.990557][ T1422] pgrefill 282 [ 1061.990557][ T1422] pgscan 276 [ 1061.990557][ T1422] pgsteal 37 [ 1061.990557][ T1422] pgactivate 231 03:38:51 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:51 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) [ 1062.454480][ T1422] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1422,uid=0 [ 1062.475496][ T1422] Memory cgroup out of memory: Killed process 1422 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 03:38:52 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:52 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:52 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:38:52 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r3) 03:38:52 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1063.528890][ T1478] IPVS: ftp: loaded support on port[0] = 21 [ 1063.984888][ T1478] chnl_net:caif_netlink_parms(): no params data found [ 1064.025854][ T1478] bridge0: port 1(bridge_slave_0) entered blocking state [ 1064.034063][ T1478] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.043262][ T1478] device bridge_slave_0 entered promiscuous mode [ 1064.135082][ T1478] bridge0: port 2(bridge_slave_1) entered blocking state [ 1064.143874][ T1478] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.152927][ T1478] device bridge_slave_1 entered promiscuous mode [ 1064.178644][ T1478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1064.258116][ T1478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1064.290812][ T1478] team0: Port device team_slave_0 added [ 1064.356964][ T1478] team0: Port device team_slave_1 added [ 1064.443508][ T1478] device hsr_slave_0 entered promiscuous mode [ 1064.541294][ T1478] device hsr_slave_1 entered promiscuous mode [ 1064.660205][ T1478] debugfs: Directory 'hsr0' with parent '/' already present! [ 1064.772252][ T1478] bridge0: port 2(bridge_slave_1) entered blocking state [ 1064.779348][ T1478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1064.789187][ T1478] bridge0: port 1(bridge_slave_0) entered blocking state [ 1064.796280][ T1478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1064.962462][T14644] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.971143][T14644] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.988752][ T1478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1065.106442][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1065.116008][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1065.129040][ T1478] 8021q: adding VLAN 0 to HW filter on device team0 [ 1065.142292][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1065.151512][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1065.160805][ T3773] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.167854][ T3773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1065.186413][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1065.195676][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1065.205409][T25319] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.212522][T25319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1065.221627][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1065.345346][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1065.356435][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1065.365934][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1065.390398][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1065.398611][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1065.409239][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1065.465380][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1065.475083][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1065.491804][ T1478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1065.504181][ T1478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1065.555562][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1065.581051][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1065.699500][ T1478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1065.816161][ T1486] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1065.866302][ T1486] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1065.878374][ T1486] CPU: 1 PID: 1486 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1065.885835][ T1486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1065.885847][ T1486] Call Trace: [ 1065.899195][ T1486] dump_stack+0x1d8/0x2f8 [ 1065.903527][ T1486] dump_header+0xd8/0x960 [ 1065.907849][ T1486] oom_kill_process+0xcd/0x350 [ 1065.912612][ T1486] out_of_memory+0x5fa/0x8b0 [ 1065.917195][ T1486] memory_max_write+0x4ba/0x600 [ 1065.917215][ T1486] ? memory_max_show+0xa0/0xa0 [ 1065.926832][ T1486] cgroup_file_write+0x223/0x5f0 [ 1065.931766][ T1486] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1065.936926][ T1486] kernfs_fop_write+0x3e4/0x4e0 [ 1065.941765][ T1486] ? kernfs_fop_read+0x580/0x580 [ 1065.946694][ T1486] __vfs_write+0xb8/0x740 [ 1065.951012][ T1486] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1065.951022][ T1486] ? __sb_start_write+0x382/0x430 [ 1065.951033][ T1486] vfs_write+0x275/0x590 [ 1065.951048][ T1486] ksys_write+0x117/0x220 [ 1065.951061][ T1486] __x64_sys_write+0x7b/0x90 [ 1065.951073][ T1486] do_syscall_64+0xf7/0x1c0 [ 1065.951088][ T1486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1065.951098][ T1486] RIP: 0033:0x459a29 [ 1065.951108][ T1486] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1065.951114][ T1486] RSP: 002b:00007f5a0d3cac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1065.951124][ T1486] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1065.951129][ T1486] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1065.951134][ T1486] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1065.951140][ T1486] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a0d3cb6d4 [ 1065.951146][ T1486] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1065.955270][ T1486] memory: usage 20200kB, limit 0kB, failcnt 571 [ 1065.986543][ T1486] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1065.992803][ T1486] Memory cgroup stats for /syz3: [ 1065.993386][ T1486] anon 2174976 [ 1065.993386][ T1486] file 221184 [ 1065.993386][ T1486] kernel_stack 0 [ 1065.993386][ T1486] slab 18448384 [ 1065.993386][ T1486] sock 0 [ 1065.993386][ T1486] shmem 0 [ 1065.993386][ T1486] file_mapped 0 [ 1065.993386][ T1486] file_dirty 0 [ 1065.993386][ T1486] file_writeback 0 [ 1065.993386][ T1486] anon_thp 2097152 [ 1065.993386][ T1486] inactive_anon 0 [ 1065.993386][ T1486] active_anon 2174976 [ 1065.993386][ T1486] inactive_file 0 [ 1065.993386][ T1486] active_file 135168 [ 1065.993386][ T1486] unevictable 0 [ 1065.993386][ T1486] slab_reclaimable 17571840 [ 1065.993386][ T1486] slab_unreclaimable 876544 [ 1065.993386][ T1486] pgfault 68145 [ 1065.993386][ T1486] pgmajfault 0 [ 1065.993386][ T1486] workingset_refault 0 [ 1065.993386][ T1486] workingset_activate 0 [ 1065.993386][ T1486] workingset_nodereclaim 0 [ 1065.993386][ T1486] pgrefill 66 [ 1065.993386][ T1486] pgscan 66 [ 1065.993386][ T1486] pgsteal 35 [ 1065.993386][ T1486] pgactivate 0 [ 1066.052096][ T1486] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1485,uid=0 [ 1066.076135][ T1486] Memory cgroup out of memory: Killed process 1485 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1066.177356][ T1066] oom_reaper: reaped process 1485 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 03:38:55 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:55 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:55 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) 03:38:55 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:55 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(0x0, 0x8, 0x605) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) 03:38:55 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1066.343887][ T1478] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1066.365059][ T1478] CPU: 1 PID: 1478 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1066.372550][ T1478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.382601][ T1478] Call Trace: [ 1066.385901][ T1478] dump_stack+0x1d8/0x2f8 [ 1066.390239][ T1478] dump_header+0xd8/0x960 [ 1066.394576][ T1478] oom_kill_process+0xcd/0x350 [ 1066.399345][ T1478] out_of_memory+0x5fa/0x8b0 [ 1066.403935][ T1478] try_charge+0x125a/0x1910 [ 1066.408456][ T1478] mem_cgroup_try_charge+0x20c/0x680 [ 1066.413736][ T1478] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1066.419351][ T1478] wp_page_copy+0x349/0x1890 [ 1066.423932][ T1478] ? __kasan_check_read+0x11/0x20 [ 1066.428951][ T1478] ? do_raw_spin_unlock+0x49/0x260 [ 1066.434046][ T1478] do_wp_page+0x5e5/0x1cc0 [ 1066.438462][ T1478] ? __kasan_check_write+0x14/0x20 [ 1066.443742][ T1478] handle_mm_fault+0x2ada/0x5ff0 [ 1066.448679][ T1478] do_user_addr_fault+0x589/0xaf0 [ 1066.453693][ T1478] __do_page_fault+0xd3/0x1f0 [ 1066.458350][ T1478] do_page_fault+0x99/0xb0 [ 1066.462746][ T1478] page_fault+0x39/0x40 [ 1066.466886][ T1478] RIP: 0033:0x430b06 [ 1066.470769][ T1478] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1066.490369][ T1478] RSP: 002b:00007ffed152a700 EFLAGS: 00010206 [ 1066.496417][ T1478] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1066.504405][ T1478] RDX: 00000000010ee930 RSI: 00000000010f6970 RDI: 0000000000000003 [ 1066.512355][ T1478] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000010ed940 [ 1066.520423][ T1478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1066.528381][ T1478] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:38:55 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:38:55 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) [ 1066.680095][ T1478] memory: usage 17868kB, limit 0kB, failcnt 583 [ 1066.686826][ T1478] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1066.721543][ T1478] Memory cgroup stats for /syz3: [ 1066.721623][ T1478] anon 32768 [ 1066.721623][ T1478] file 221184 [ 1066.721623][ T1478] kernel_stack 0 [ 1066.721623][ T1478] slab 18448384 [ 1066.721623][ T1478] sock 0 [ 1066.721623][ T1478] shmem 0 [ 1066.721623][ T1478] file_mapped 0 [ 1066.721623][ T1478] file_dirty 0 [ 1066.721623][ T1478] file_writeback 0 [ 1066.721623][ T1478] anon_thp 0 [ 1066.721623][ T1478] inactive_anon 0 [ 1066.721623][ T1478] active_anon 32768 [ 1066.721623][ T1478] inactive_file 0 03:38:56 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) 03:38:56 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r1 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r1, 0x401) 03:38:56 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) [ 1066.721623][ T1478] active_file 135168 [ 1066.721623][ T1478] unevictable 0 [ 1066.721623][ T1478] slab_reclaimable 17571840 [ 1066.721623][ T1478] slab_unreclaimable 876544 [ 1066.721623][ T1478] pgfault 68145 [ 1066.721623][ T1478] pgmajfault 0 [ 1066.721623][ T1478] workingset_refault 0 [ 1066.721623][ T1478] workingset_activate 0 [ 1066.721623][ T1478] workingset_nodereclaim 0 [ 1066.721623][ T1478] pgrefill 66 [ 1066.721623][ T1478] pgscan 66 [ 1066.721623][ T1478] pgsteal 35 [ 1066.721623][ T1478] pgactivate 0 03:38:56 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1067.181261][ T1478] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1478,uid=0 [ 1067.197463][ T1478] Memory cgroup out of memory: Killed process 1478 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1067.218356][ T1066] oom_reaper: reaped process 1478 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:38:56 executing program 3: r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r0) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:38:56 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:56 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) [ 1068.285436][ T1527] IPVS: ftp: loaded support on port[0] = 21 [ 1068.509071][ T1527] chnl_net:caif_netlink_parms(): no params data found [ 1068.548955][ T1527] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.557490][ T1527] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.566570][ T1527] device bridge_slave_0 entered promiscuous mode [ 1068.576619][ T1527] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.584151][ T1527] bridge0: port 2(bridge_slave_1) entered disabled state [ 1068.592929][ T1527] device bridge_slave_1 entered promiscuous mode [ 1068.674497][ T1527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1068.687114][ T1527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1068.719018][ T1527] team0: Port device team_slave_0 added [ 1068.727350][ T1527] team0: Port device team_slave_1 added [ 1068.824635][ T1527] device hsr_slave_0 entered promiscuous mode [ 1068.911023][ T1527] device hsr_slave_1 entered promiscuous mode [ 1069.020135][ T1527] debugfs: Directory 'hsr0' with parent '/' already present! [ 1069.197975][ T1527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1069.328836][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1069.340818][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1069.348760][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1069.461458][ T1527] 8021q: adding VLAN 0 to HW filter on device team0 [ 1069.476228][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1069.485697][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1069.494754][T16143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1069.501879][T16143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1069.520953][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1069.529525][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1069.551266][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1069.559720][T16143] bridge0: port 2(bridge_slave_1) entered blocking state [ 1069.566842][T16143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1069.650683][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1069.659317][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1069.683863][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1069.693509][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1069.703764][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1069.713731][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1069.723577][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1069.733264][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1069.746566][ T1527] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1069.818168][ T1527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1070.042822][ T1540] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1070.056345][ T1540] CPU: 1 PID: 1540 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1070.063829][ T1540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.073884][ T1540] Call Trace: [ 1070.077178][ T1540] dump_stack+0x1d8/0x2f8 [ 1070.081515][ T1540] dump_header+0xd8/0x960 [ 1070.085936][ T1540] oom_kill_process+0xcd/0x350 [ 1070.091046][ T1540] out_of_memory+0x5fa/0x8b0 [ 1070.095641][ T1540] memory_max_write+0x4ba/0x600 [ 1070.100510][ T1540] ? memory_max_show+0xa0/0xa0 [ 1070.105268][ T1540] cgroup_file_write+0x223/0x5f0 [ 1070.110218][ T1540] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1070.115397][ T1540] kernfs_fop_write+0x3e4/0x4e0 [ 1070.120319][ T1540] ? kernfs_fop_read+0x580/0x580 [ 1070.125231][ T1540] __vfs_write+0xb8/0x740 [ 1070.129893][ T1540] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1070.135508][ T1540] ? __sb_start_write+0x382/0x430 [ 1070.140670][ T1540] vfs_write+0x275/0x590 [ 1070.144905][ T1540] ksys_write+0x117/0x220 [ 1070.149237][ T1540] __x64_sys_write+0x7b/0x90 [ 1070.153804][ T1540] do_syscall_64+0xf7/0x1c0 [ 1070.158343][ T1540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1070.164302][ T1540] RIP: 0033:0x459a29 [ 1070.168542][ T1540] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1070.188294][ T1540] RSP: 002b:00007f3963229c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1070.196776][ T1540] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1070.204722][ T1540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1070.212690][ T1540] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1070.220652][ T1540] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f396322a6d4 [ 1070.228598][ T1540] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1070.244497][ T1540] memory: usage 3556kB, limit 0kB, failcnt 550 [ 1070.252275][ T1540] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1070.259217][ T1540] Memory cgroup stats for /syz2: [ 1070.259655][ T1540] anon 2117632 [ 1070.259655][ T1540] file 155648 [ 1070.259655][ T1540] kernel_stack 65536 [ 1070.259655][ T1540] slab 1298432 [ 1070.259655][ T1540] sock 0 [ 1070.259655][ T1540] shmem 0 [ 1070.259655][ T1540] file_mapped 135168 [ 1070.259655][ T1540] file_dirty 135168 [ 1070.259655][ T1540] file_writeback 0 [ 1070.259655][ T1540] anon_thp 2097152 [ 1070.259655][ T1540] inactive_anon 135168 [ 1070.259655][ T1540] active_anon 2117632 [ 1070.259655][ T1540] inactive_file 0 [ 1070.259655][ T1540] active_file 0 [ 1070.259655][ T1540] unevictable 0 [ 1070.259655][ T1540] slab_reclaimable 405504 [ 1070.259655][ T1540] slab_unreclaimable 892928 [ 1070.259655][ T1540] pgfault 210276 [ 1070.259655][ T1540] pgmajfault 0 [ 1070.259655][ T1540] workingset_refault 0 [ 1070.259655][ T1540] workingset_activate 0 [ 1070.259655][ T1540] workingset_nodereclaim 0 [ 1070.259655][ T1540] pgrefill 282 [ 1070.259655][ T1540] pgscan 276 [ 1070.259655][ T1540] pgsteal 37 [ 1070.259655][ T1540] pgactivate 231 [ 1070.358681][ T1540] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1539,uid=0 [ 1070.374989][ T1540] Memory cgroup out of memory: Killed process 1539 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1070.396493][ T1066] oom_reaper: reaped process 1539 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:38:59 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:38:59 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) 03:38:59 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:38:59 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x0) 03:38:59 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:38:59 executing program 3: r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r0) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 1070.541891][ T1527] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1070.569263][ T1527] CPU: 0 PID: 1527 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1070.576763][ T1527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.586844][ T1527] Call Trace: [ 1070.590147][ T1527] dump_stack+0x1d8/0x2f8 [ 1070.594481][ T1527] dump_header+0xd8/0x960 [ 1070.598800][ T1527] oom_kill_process+0xcd/0x350 [ 1070.603566][ T1527] out_of_memory+0x5fa/0x8b0 [ 1070.608167][ T1527] try_charge+0x125a/0x1910 [ 1070.612689][ T1527] mem_cgroup_try_charge+0x20c/0x680 [ 1070.617966][ T1527] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1070.623594][ T1527] wp_page_copy+0x349/0x1890 [ 1070.628182][ T1527] ? __kasan_check_read+0x11/0x20 [ 1070.628194][ T1527] ? do_raw_spin_unlock+0x49/0x260 [ 1070.628209][ T1527] do_wp_page+0x5e5/0x1cc0 [ 1070.642903][ T1527] ? __kasan_check_write+0x14/0x20 [ 1070.648063][ T1527] handle_mm_fault+0x2ada/0x5ff0 [ 1070.653114][ T1527] do_user_addr_fault+0x589/0xaf0 [ 1070.658159][ T1527] __do_page_fault+0xd3/0x1f0 [ 1070.662842][ T1527] do_page_fault+0x99/0xb0 [ 1070.667267][ T1527] page_fault+0x39/0x40 [ 1070.671420][ T1527] RIP: 0033:0x430b06 03:39:00 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x0) 03:39:00 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:39:00 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1070.675321][ T1527] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1070.694926][ T1527] RSP: 002b:00007ffcb37c1580 EFLAGS: 00010206 [ 1070.694935][ T1527] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1070.694940][ T1527] RDX: 0000000001417930 RSI: 000000000141f970 RDI: 0000000000000003 [ 1070.694945][ T1527] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001416940 [ 1070.694950][ T1527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 03:39:00 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) [ 1070.694955][ T1527] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1070.729986][ T1527] memory: usage 1228kB, limit 0kB, failcnt 558 [ 1070.768339][ T1527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1070.807183][ T1527] Memory cgroup stats for /syz2: [ 1070.807262][ T1527] anon 0 [ 1070.807262][ T1527] file 155648 [ 1070.807262][ T1527] kernel_stack 0 [ 1070.807262][ T1527] slab 1298432 [ 1070.807262][ T1527] sock 0 [ 1070.807262][ T1527] shmem 0 [ 1070.807262][ T1527] file_mapped 135168 [ 1070.807262][ T1527] file_dirty 135168 [ 1070.807262][ T1527] file_writeback 0 [ 1070.807262][ T1527] anon_thp 0 [ 1070.807262][ T1527] inactive_anon 135168 [ 1070.807262][ T1527] active_anon 0 [ 1070.807262][ T1527] inactive_file 0 03:39:00 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) 03:39:00 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) [ 1070.807262][ T1527] active_file 0 [ 1070.807262][ T1527] unevictable 0 [ 1070.807262][ T1527] slab_reclaimable 405504 [ 1070.807262][ T1527] slab_unreclaimable 892928 [ 1070.807262][ T1527] pgfault 210276 [ 1070.807262][ T1527] pgmajfault 0 [ 1070.807262][ T1527] workingset_refault 0 [ 1070.807262][ T1527] workingset_activate 0 [ 1070.807262][ T1527] workingset_nodereclaim 0 [ 1070.807262][ T1527] pgrefill 282 [ 1070.807262][ T1527] pgscan 276 [ 1070.807262][ T1527] pgsteal 37 [ 1070.807262][ T1527] pgactivate 231 [ 1071.181871][ T1527] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1527,uid=0 [ 1071.219136][ T1527] Memory cgroup out of memory: Killed process 1527 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1071.237172][ T1066] oom_reaper: reaped process 1527 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:39:00 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:00 executing program 4: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x0) 03:39:00 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:00 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) 03:39:00 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) [ 1072.354331][ T1583] IPVS: ftp: loaded support on port[0] = 21 [ 1072.605947][ T1583] chnl_net:caif_netlink_parms(): no params data found [ 1072.746700][ T1583] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.754994][ T1583] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.763974][ T1583] device bridge_slave_0 entered promiscuous mode [ 1072.773081][ T1583] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.782337][ T1583] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.791397][ T1583] device bridge_slave_1 entered promiscuous mode [ 1072.875048][ T1583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1072.887559][ T1583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1072.974938][ T1583] team0: Port device team_slave_0 added [ 1072.983407][ T1583] team0: Port device team_slave_1 added [ 1073.043437][ T1583] device hsr_slave_0 entered promiscuous mode [ 1073.080863][ T1583] device hsr_slave_1 entered promiscuous mode [ 1073.120546][ T1583] debugfs: Directory 'hsr0' with parent '/' already present! [ 1073.188402][ T1583] bridge0: port 2(bridge_slave_1) entered blocking state [ 1073.195532][ T1583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1073.202929][ T1583] bridge0: port 1(bridge_slave_0) entered blocking state [ 1073.210004][ T1583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1073.317318][ T3773] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.326018][ T3773] bridge0: port 2(bridge_slave_1) entered disabled state [ 1073.470371][ T1583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1073.529659][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1073.538397][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1073.551436][ T1583] 8021q: adding VLAN 0 to HW filter on device team0 [ 1073.567034][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1073.576501][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1073.585748][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1073.592852][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1073.660093][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1073.668925][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1073.678174][ T3773] bridge0: port 2(bridge_slave_1) entered blocking state [ 1073.685280][ T3773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1073.694934][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1073.715263][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1073.725176][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1073.735326][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1073.872404][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1073.890935][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1073.902304][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1073.985456][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1073.995217][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1074.004462][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1074.014059][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1074.028310][ T1583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1074.099042][ T1583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1074.313185][ T1591] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1074.356107][ T1591] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1074.378485][ T1591] CPU: 0 PID: 1591 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1074.385967][ T1591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.396019][ T1591] Call Trace: [ 1074.399314][ T1591] dump_stack+0x1d8/0x2f8 [ 1074.403654][ T1591] dump_header+0xd8/0x960 [ 1074.407998][ T1591] oom_kill_process+0xcd/0x350 [ 1074.412757][ T1591] out_of_memory+0x5fa/0x8b0 [ 1074.417345][ T1591] memory_max_write+0x4ba/0x600 [ 1074.422205][ T1591] ? memory_max_show+0xa0/0xa0 [ 1074.426961][ T1591] cgroup_file_write+0x223/0x5f0 [ 1074.431978][ T1591] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1074.437081][ T1591] kernfs_fop_write+0x3e4/0x4e0 [ 1074.441927][ T1591] ? kernfs_fop_read+0x580/0x580 [ 1074.446878][ T1591] __vfs_write+0xb8/0x740 [ 1074.451207][ T1591] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1074.456763][ T1591] ? __sb_start_write+0x382/0x430 [ 1074.461796][ T1591] vfs_write+0x275/0x590 [ 1074.466034][ T1591] ksys_write+0x117/0x220 [ 1074.470359][ T1591] __x64_sys_write+0x7b/0x90 [ 1074.474947][ T1591] do_syscall_64+0xf7/0x1c0 [ 1074.479449][ T1591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1074.485430][ T1591] RIP: 0033:0x459a29 [ 1074.489313][ T1591] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1074.508924][ T1591] RSP: 002b:00007f24d0a45c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1074.517338][ T1591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1074.525317][ T1591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1074.533287][ T1591] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1074.541256][ T1591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f24d0a466d4 [ 1074.549236][ T1591] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1074.729970][ T1591] memory: usage 20196kB, limit 0kB, failcnt 584 [ 1074.736489][ T1591] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1074.745564][ T1591] Memory cgroup stats for /syz3: [ 1074.745949][ T1591] anon 2093056 [ 1074.745949][ T1591] file 221184 [ 1074.745949][ T1591] kernel_stack 0 [ 1074.745949][ T1591] slab 18448384 [ 1074.745949][ T1591] sock 0 [ 1074.745949][ T1591] shmem 0 [ 1074.745949][ T1591] file_mapped 0 [ 1074.745949][ T1591] file_dirty 0 [ 1074.745949][ T1591] file_writeback 0 [ 1074.745949][ T1591] anon_thp 2097152 [ 1074.745949][ T1591] inactive_anon 0 [ 1074.745949][ T1591] active_anon 2093056 [ 1074.745949][ T1591] inactive_file 0 [ 1074.745949][ T1591] active_file 135168 [ 1074.745949][ T1591] unevictable 0 [ 1074.745949][ T1591] slab_reclaimable 17571840 [ 1074.745949][ T1591] slab_unreclaimable 876544 [ 1074.745949][ T1591] pgfault 68211 [ 1074.745949][ T1591] pgmajfault 0 [ 1074.745949][ T1591] workingset_refault 0 [ 1074.745949][ T1591] workingset_activate 0 [ 1074.745949][ T1591] workingset_nodereclaim 0 [ 1074.745949][ T1591] pgrefill 66 [ 1074.745949][ T1591] pgscan 66 [ 1074.745949][ T1591] pgsteal 35 [ 1074.745949][ T1591] pgactivate 0 [ 1074.854086][ T1591] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1590,uid=0 [ 1074.870406][ T1591] Memory cgroup out of memory: Killed process 1590 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1074.893986][ T1066] oom_reaper: reaped process 1590 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:39:04 executing program 3: r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r0) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:39:04 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:04 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) 03:39:04 executing program 4: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r4, 0x40045612, 0x0) close(r4) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, 0x0, &(0x7f0000000040)) 03:39:04 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) 03:39:04 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1075.007441][ T1583] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1075.057309][ T1583] CPU: 1 PID: 1583 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1075.064805][ T1583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.074848][ T1583] Call Trace: [ 1075.074866][ T1583] dump_stack+0x1d8/0x2f8 [ 1075.074882][ T1583] dump_header+0xd8/0x960 [ 1075.074894][ T1583] oom_kill_process+0xcd/0x350 [ 1075.074905][ T1583] out_of_memory+0x5fa/0x8b0 [ 1075.074919][ T1583] try_charge+0x125a/0x1910 [ 1075.074949][ T1583] mem_cgroup_try_charge+0x20c/0x680 [ 1075.105933][ T1583] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1075.111571][ T1583] wp_page_copy+0x349/0x1890 [ 1075.116175][ T1583] ? __kasan_check_read+0x11/0x20 [ 1075.121196][ T1583] ? do_raw_spin_unlock+0x49/0x260 [ 1075.121212][ T1583] do_wp_page+0x5e5/0x1cc0 [ 1075.121224][ T1583] ? __kasan_check_write+0x14/0x20 [ 1075.121244][ T1583] handle_mm_fault+0x2ada/0x5ff0 [ 1075.121276][ T1583] do_user_addr_fault+0x589/0xaf0 [ 1075.145800][ T1583] __do_page_fault+0xd3/0x1f0 [ 1075.145815][ T1583] do_page_fault+0x99/0xb0 [ 1075.154880][ T1583] page_fault+0x39/0x40 [ 1075.159030][ T1583] RIP: 0033:0x4034f2 [ 1075.162926][ T1583] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1075.182524][ T1583] RSP: 002b:00007fff26e09d60 EFLAGS: 00010246 [ 1075.188589][ T1583] RAX: 0000000000000000 RBX: 000000000010649c RCX: 0000000000413630 [ 1075.196573][ T1583] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff26e0ae90 03:39:04 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1075.196580][ T1583] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001bd9940 [ 1075.196586][ T1583] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff26e0ae90 [ 1075.196591][ T1583] R13: 00007fff26e0ae80 R14: 0000000000000000 R15: 00007fff26e0ae90 03:39:04 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) 03:39:04 executing program 4: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={0x0, @time={0x0, 0x989680}}) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(0x0, 0x8, 0x605) connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x24) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000380)}, {&(0x7f0000000680)="2a78e0dcb67bae25b8ea3ee47bfdffd9791ef4592b7aad0c0218520bc85cfb584c814e20d64f69cf4e2102d79a6abafe8dadad396fad8ce9c883d350e88447a6ed9b59f6d71151cfafa845e5d6053bc576247af543822d947227d78c6c36aeef49009f7c66f529711725a282f0c0fb8c75a5ce0117970a1c24a9d88cc65896", 0x7f}], 0x2}, 0x810) getpgrp(0xffffffffffffffff) prlimit64(0x0, 0x0, &(0x7f0000000100)={0x1, 0x3}, &(0x7f0000000040)) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x9, 0x5}) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) ioctl$VIDIOC_S_FMT(r4, 0x40045612, 0x0) close(r4) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, 0x0, &(0x7f0000000040)) 03:39:04 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:04 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:39:04 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r2) [ 1075.500142][ T1583] memory: usage 17872kB, limit 0kB, failcnt 592 [ 1075.506430][ T1583] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1075.506435][ T1583] Memory cgroup stats for /syz3: [ 1075.506510][ T1583] anon 0 [ 1075.506510][ T1583] file 221184 [ 1075.506510][ T1583] kernel_stack 0 [ 1075.506510][ T1583] slab 18448384 [ 1075.506510][ T1583] sock 0 [ 1075.506510][ T1583] shmem 0 [ 1075.506510][ T1583] file_mapped 0 [ 1075.506510][ T1583] file_dirty 0 [ 1075.506510][ T1583] file_writeback 0 [ 1075.506510][ T1583] anon_thp 0 [ 1075.506510][ T1583] inactive_anon 0 [ 1075.506510][ T1583] active_anon 0 [ 1075.506510][ T1583] inactive_file 0 [ 1075.506510][ T1583] active_file 135168 [ 1075.506510][ T1583] unevictable 0 [ 1075.506510][ T1583] slab_reclaimable 17571840 [ 1075.506510][ T1583] slab_unreclaimable 876544 [ 1075.506510][ T1583] pgfault 68211 [ 1075.506510][ T1583] pgmajfault 0 [ 1075.506510][ T1583] workingset_refault 0 [ 1075.506510][ T1583] workingset_activate 0 [ 1075.506510][ T1583] workingset_nodereclaim 0 [ 1075.506510][ T1583] pgrefill 66 [ 1075.506510][ T1583] pgscan 66 [ 1075.506510][ T1583] pgsteal 35 [ 1075.506510][ T1583] pgactivate 0 [ 1075.864061][ T1583] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1583,uid=0 [ 1075.892678][ T1583] Memory cgroup out of memory: Killed process 1583 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1075.927636][ T1066] oom_reaper: reaped process 1583 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:39:05 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:05 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) io_setup(0x5, &(0x7f0000000180)=0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) io_getevents(r1, 0x0, 0x1, &(0x7f0000000140)=[{}], &(0x7f0000000240)) 03:39:05 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:05 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r1) 03:39:05 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1076.957847][ T1739] IPVS: ftp: loaded support on port[0] = 21 [ 1077.126917][ T1739] chnl_net:caif_netlink_parms(): no params data found [ 1077.165205][ T1739] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.173431][ T1739] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.182133][ T1739] device bridge_slave_0 entered promiscuous mode [ 1077.235131][ T1739] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.243865][ T1739] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.253529][ T1739] device bridge_slave_1 entered promiscuous mode [ 1077.371329][ T1739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1077.384712][ T1739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1077.477211][ T1739] team0: Port device team_slave_0 added [ 1077.486456][ T1739] team0: Port device team_slave_1 added [ 1077.562833][ T1739] device hsr_slave_0 entered promiscuous mode [ 1077.601409][ T1739] device hsr_slave_1 entered promiscuous mode [ 1077.680416][ T1739] debugfs: Directory 'hsr0' with parent '/' already present! [ 1077.912650][ T1739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1077.934040][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1077.943917][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1077.956936][ T1739] 8021q: adding VLAN 0 to HW filter on device team0 [ 1077.971659][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1077.981167][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1077.989596][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.996693][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1078.062392][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1078.071167][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1078.081618][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1078.100509][ T3773] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.107682][ T3773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1078.217303][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1078.228141][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1078.238980][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1078.252918][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1078.283032][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1078.300680][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1078.309191][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1078.323477][ T1739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1078.408016][ T1739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1078.618511][ T1747] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1078.629073][ T1747] CPU: 1 PID: 1747 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1078.636533][ T1747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1078.646589][ T1747] Call Trace: [ 1078.649895][ T1747] dump_stack+0x1d8/0x2f8 [ 1078.654235][ T1747] dump_header+0xd8/0x960 [ 1078.658567][ T1747] oom_kill_process+0xcd/0x350 [ 1078.663352][ T1747] out_of_memory+0x5fa/0x8b0 [ 1078.667942][ T1747] memory_max_write+0x4ba/0x600 [ 1078.672800][ T1747] ? memory_max_show+0xa0/0xa0 [ 1078.677559][ T1747] cgroup_file_write+0x223/0x5f0 [ 1078.682501][ T1747] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1078.687723][ T1747] kernfs_fop_write+0x3e4/0x4e0 [ 1078.692653][ T1747] ? kernfs_fop_read+0x580/0x580 [ 1078.697585][ T1747] __vfs_write+0xb8/0x740 [ 1078.701897][ T1747] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1078.707422][ T1747] ? __sb_start_write+0x382/0x430 [ 1078.712489][ T1747] vfs_write+0x275/0x590 [ 1078.716732][ T1747] ksys_write+0x117/0x220 [ 1078.721049][ T1747] __x64_sys_write+0x7b/0x90 [ 1078.725893][ T1747] do_syscall_64+0xf7/0x1c0 [ 1078.730406][ T1747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1078.736280][ T1747] RIP: 0033:0x459a29 [ 1078.740155][ T1747] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1078.760110][ T1747] RSP: 002b:00007f7930894c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1078.768498][ T1747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1078.776464][ T1747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1078.784428][ T1747] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1078.792385][ T1747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79308956d4 [ 1078.800332][ T1747] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1078.817457][ T1747] memory: usage 3584kB, limit 0kB, failcnt 559 [ 1078.824070][ T1747] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1078.831241][ T1747] Memory cgroup stats for /syz2: [ 1078.831636][ T1747] anon 2117632 [ 1078.831636][ T1747] file 155648 [ 1078.831636][ T1747] kernel_stack 0 [ 1078.831636][ T1747] slab 1298432 [ 1078.831636][ T1747] sock 0 [ 1078.831636][ T1747] shmem 0 [ 1078.831636][ T1747] file_mapped 135168 [ 1078.831636][ T1747] file_dirty 135168 [ 1078.831636][ T1747] file_writeback 0 [ 1078.831636][ T1747] anon_thp 2097152 [ 1078.831636][ T1747] inactive_anon 135168 [ 1078.831636][ T1747] active_anon 2117632 [ 1078.831636][ T1747] inactive_file 0 [ 1078.831636][ T1747] active_file 0 [ 1078.831636][ T1747] unevictable 0 [ 1078.831636][ T1747] slab_reclaimable 405504 [ 1078.831636][ T1747] slab_unreclaimable 892928 [ 1078.831636][ T1747] pgfault 210342 [ 1078.831636][ T1747] pgmajfault 0 [ 1078.831636][ T1747] workingset_refault 0 [ 1078.831636][ T1747] workingset_activate 0 [ 1078.831636][ T1747] workingset_nodereclaim 0 [ 1078.831636][ T1747] pgrefill 282 [ 1078.831636][ T1747] pgscan 276 [ 1078.831636][ T1747] pgsteal 37 [ 1078.831636][ T1747] pgactivate 231 [ 1078.935217][ T1747] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1746,uid=0 [ 1078.952704][ T1747] Memory cgroup out of memory: Killed process 1746 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1078.973852][ T1066] oom_reaper: reaped process 1746 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:39:08 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:08 executing program 1: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:08 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r1) 03:39:08 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:39:08 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:08 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x1ff, 0x100) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8924, &(0x7f0000000180)={'bridge0\x00l\x01\x00', 0x1}) getpid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00') mkdirat(r1, &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f0000000280)='./file0/file0\x00') io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0) renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x0) [ 1079.126864][ T1739] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1079.171236][ T1739] CPU: 1 PID: 1739 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1079.178735][ T1739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1079.188790][ T1739] Call Trace: [ 1079.192082][ T1739] dump_stack+0x1d8/0x2f8 [ 1079.196418][ T1739] dump_header+0xd8/0x960 [ 1079.200755][ T1739] oom_kill_process+0xcd/0x350 [ 1079.205526][ T1739] out_of_memory+0x5fa/0x8b0 [ 1079.210117][ T1739] try_charge+0x125a/0x1910 [ 1079.214648][ T1739] mem_cgroup_try_charge+0x20c/0x680 [ 1079.219937][ T1739] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1079.225589][ T1739] wp_page_copy+0x349/0x1890 [ 1079.230197][ T1739] ? __kasan_check_read+0x11/0x20 [ 1079.235222][ T1739] ? do_raw_spin_unlock+0x49/0x260 [ 1079.240426][ T1739] do_wp_page+0x5e5/0x1cc0 [ 1079.244845][ T1739] ? __kasan_check_write+0x14/0x20 [ 1079.249976][ T1739] handle_mm_fault+0x2ada/0x5ff0 [ 1079.254932][ T1739] do_user_addr_fault+0x589/0xaf0 [ 1079.259963][ T1739] __do_page_fault+0xd3/0x1f0 [ 1079.264642][ T1739] do_page_fault+0x99/0xb0 [ 1079.269060][ T1739] page_fault+0x39/0x40 [ 1079.273212][ T1739] RIP: 0033:0x430b06 [ 1079.277101][ T1739] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1079.296700][ T1739] RSP: 002b:00007fff29ca4240 EFLAGS: 00010206 [ 1079.302770][ T1739] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1079.310740][ T1739] RDX: 0000000002947930 RSI: 000000000294f970 RDI: 0000000000000003 03:39:08 executing program 1: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1079.318705][ T1739] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002946940 [ 1079.326671][ T1739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1079.334636][ T1739] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:39:08 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r1) 03:39:08 executing program 1: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:08 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x1ff, 0x100) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8924, &(0x7f0000000180)={'bridge0\x00l\x01\x00', 0x1}) getpid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00') mkdirat(r1, &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f0000000280)='./file0/file0\x00') io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0) renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x0) 03:39:08 executing program 1: open(0x0, 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:08 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1079.830132][ T1739] memory: usage 1252kB, limit 0kB, failcnt 567 [ 1079.836332][ T1739] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1079.900110][ T1739] Memory cgroup stats for /syz2: [ 1079.900193][ T1739] anon 8192 [ 1079.900193][ T1739] file 155648 [ 1079.900193][ T1739] kernel_stack 0 [ 1079.900193][ T1739] slab 1298432 [ 1079.900193][ T1739] sock 0 [ 1079.900193][ T1739] shmem 0 [ 1079.900193][ T1739] file_mapped 135168 [ 1079.900193][ T1739] file_dirty 135168 [ 1079.900193][ T1739] file_writeback 0 [ 1079.900193][ T1739] anon_thp 0 [ 1079.900193][ T1739] inactive_anon 135168 [ 1079.900193][ T1739] active_anon 8192 [ 1079.900193][ T1739] inactive_file 0 [ 1079.900193][ T1739] active_file 0 [ 1079.900193][ T1739] unevictable 0 [ 1079.900193][ T1739] slab_reclaimable 405504 [ 1079.900193][ T1739] slab_unreclaimable 892928 [ 1079.900193][ T1739] pgfault 210342 [ 1079.900193][ T1739] pgmajfault 0 [ 1079.900193][ T1739] workingset_refault 0 [ 1079.900193][ T1739] workingset_activate 0 [ 1079.900193][ T1739] workingset_nodereclaim 0 [ 1079.900193][ T1739] pgrefill 282 [ 1079.900193][ T1739] pgscan 276 [ 1079.900193][ T1739] pgsteal 37 [ 1079.900193][ T1739] pgactivate 231 [ 1079.996866][ T1739] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1739,uid=0 [ 1080.039837][ T1739] Memory cgroup out of memory: Killed process 1739 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1080.059349][ T1066] oom_reaper: reaped process 1739 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:39:09 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:09 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4400ae8f, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r1) 03:39:09 executing program 1: open(0x0, 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) [ 1080.993195][ T1808] IPVS: ftp: loaded support on port[0] = 21 [ 1081.202337][ T1808] chnl_net:caif_netlink_parms(): no params data found [ 1081.283409][ T1808] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.291058][ T1808] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.299549][ T1808] device bridge_slave_0 entered promiscuous mode [ 1081.308537][ T1808] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.316046][ T1808] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.325523][ T1808] device bridge_slave_1 entered promiscuous mode [ 1081.471663][ T1808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1081.484212][ T1808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1081.582350][ T1808] team0: Port device team_slave_0 added [ 1081.590687][ T1808] team0: Port device team_slave_1 added [ 1081.723289][ T1808] device hsr_slave_0 entered promiscuous mode [ 1081.781318][ T1808] device hsr_slave_1 entered promiscuous mode [ 1081.860190][ T1808] debugfs: Directory 'hsr0' with parent '/' already present! [ 1082.042105][ T1808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1082.105439][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1082.117103][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1082.125453][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1082.137809][ T1808] 8021q: adding VLAN 0 to HW filter on device team0 [ 1082.196736][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1082.206099][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1082.215010][ T3773] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.222115][ T3773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1082.244121][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1082.260951][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1082.272084][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1082.281510][T25319] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.288564][T25319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1082.297546][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1082.373964][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1082.395061][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1082.404178][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1082.427976][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1082.436983][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1082.526753][ T1808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1082.571615][ T1808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1082.728270][ T1816] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1082.784922][ T1816] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1082.797471][ T1816] CPU: 1 PID: 1816 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1082.805032][ T1816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1082.815175][ T1816] Call Trace: [ 1082.818482][ T1816] dump_stack+0x1d8/0x2f8 [ 1082.822814][ T1816] dump_header+0xd8/0x960 [ 1082.827157][ T1816] oom_kill_process+0xcd/0x350 [ 1082.832269][ T1816] out_of_memory+0x5fa/0x8b0 [ 1082.836856][ T1816] memory_max_write+0x4ba/0x600 [ 1082.841714][ T1816] ? memory_max_show+0xa0/0xa0 [ 1082.846469][ T1816] cgroup_file_write+0x223/0x5f0 [ 1082.851399][ T1816] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1082.856781][ T1816] kernfs_fop_write+0x3e4/0x4e0 [ 1082.861628][ T1816] ? kernfs_fop_read+0x580/0x580 [ 1082.866563][ T1816] __vfs_write+0xb8/0x740 [ 1082.870894][ T1816] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1082.876437][ T1816] ? __sb_start_write+0x382/0x430 [ 1082.881461][ T1816] vfs_write+0x275/0x590 [ 1082.885725][ T1816] ksys_write+0x117/0x220 [ 1082.890054][ T1816] __x64_sys_write+0x7b/0x90 [ 1082.894639][ T1816] do_syscall_64+0xf7/0x1c0 [ 1082.899135][ T1816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1082.905019][ T1816] RIP: 0033:0x459a29 [ 1082.908902][ T1816] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1082.928685][ T1816] RSP: 002b:00007f5282e26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1082.937091][ T1816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1082.945605][ T1816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1082.953583][ T1816] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1082.961641][ T1816] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5282e276d4 [ 1082.969634][ T1816] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1082.991294][ T1816] memory: usage 20220kB, limit 0kB, failcnt 593 [ 1082.997651][ T1816] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1083.011366][ T1816] Memory cgroup stats for /syz3: [ 1083.011877][ T1816] anon 2162688 [ 1083.011877][ T1816] file 221184 [ 1083.011877][ T1816] kernel_stack 0 [ 1083.011877][ T1816] slab 18448384 [ 1083.011877][ T1816] sock 0 [ 1083.011877][ T1816] shmem 0 [ 1083.011877][ T1816] file_mapped 0 [ 1083.011877][ T1816] file_dirty 0 [ 1083.011877][ T1816] file_writeback 0 [ 1083.011877][ T1816] anon_thp 2097152 [ 1083.011877][ T1816] inactive_anon 0 [ 1083.011877][ T1816] active_anon 2162688 [ 1083.011877][ T1816] inactive_file 0 [ 1083.011877][ T1816] active_file 135168 [ 1083.011877][ T1816] unevictable 0 [ 1083.011877][ T1816] slab_reclaimable 17571840 [ 1083.011877][ T1816] slab_unreclaimable 876544 [ 1083.011877][ T1816] pgfault 68244 [ 1083.011877][ T1816] pgmajfault 0 [ 1083.011877][ T1816] workingset_refault 0 [ 1083.011877][ T1816] workingset_activate 0 [ 1083.011877][ T1816] workingset_nodereclaim 0 [ 1083.011877][ T1816] pgrefill 66 [ 1083.011877][ T1816] pgscan 66 [ 1083.011877][ T1816] pgsteal 35 [ 1083.011877][ T1816] pgactivate 0 [ 1083.108818][ T1816] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1815,uid=0 03:39:12 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:12 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:39:12 executing program 1: open(0x0, 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:12 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 03:39:12 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1083.135403][ T1816] Memory cgroup out of memory: Killed process 1815 (syz-executor.3) total-vm:72580kB, anon-rss:2184kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1083.156200][ T1066] oom_reaper: reaped process 1815 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1083.221220][ T1808] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1083.274373][ T1808] CPU: 0 PID: 1808 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1083.281855][ T1808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1083.291893][ T1808] Call Trace: [ 1083.291910][ T1808] dump_stack+0x1d8/0x2f8 [ 1083.291925][ T1808] dump_header+0xd8/0x960 [ 1083.291938][ T1808] oom_kill_process+0xcd/0x350 [ 1083.291952][ T1808] out_of_memory+0x5fa/0x8b0 [ 1083.313162][ T1808] try_charge+0x125a/0x1910 [ 1083.317686][ T1808] mem_cgroup_try_charge+0x20c/0x680 [ 1083.322973][ T1808] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1083.328604][ T1808] wp_page_copy+0x349/0x1890 [ 1083.333196][ T1808] ? __kasan_check_read+0x11/0x20 [ 1083.338217][ T1808] ? do_raw_spin_unlock+0x49/0x260 [ 1083.343332][ T1808] do_wp_page+0x5e5/0x1cc0 [ 1083.347737][ T1808] ? __kasan_check_write+0x14/0x20 [ 1083.352850][ T1808] handle_mm_fault+0x2ada/0x5ff0 [ 1083.357800][ T1808] do_user_addr_fault+0x589/0xaf0 [ 1083.362823][ T1808] __do_page_fault+0xd3/0x1f0 [ 1083.367483][ T1808] do_page_fault+0x99/0xb0 [ 1083.371895][ T1808] page_fault+0x39/0x40 [ 1083.376044][ T1808] RIP: 0033:0x430b06 [ 1083.379928][ T1808] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1083.399620][ T1808] RSP: 002b:00007ffce8d673f0 EFLAGS: 00010206 [ 1083.405753][ T1808] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1083.413713][ T1808] RDX: 0000000000cab930 RSI: 0000000000cb3970 RDI: 0000000000000003 03:39:12 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1083.421660][ T1808] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000caa940 [ 1083.429614][ T1808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1083.437827][ T1808] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:39:12 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:12 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:12 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:39:13 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:13 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) [ 1083.750128][ T1808] memory: usage 17856kB, limit 0kB, failcnt 601 [ 1083.756419][ T1808] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1083.820034][ T1808] Memory cgroup stats for /syz3: [ 1083.820104][ T1808] anon 53248 [ 1083.820104][ T1808] file 221184 [ 1083.820104][ T1808] kernel_stack 0 [ 1083.820104][ T1808] slab 18313216 [ 1083.820104][ T1808] sock 0 [ 1083.820104][ T1808] shmem 0 [ 1083.820104][ T1808] file_mapped 0 [ 1083.820104][ T1808] file_dirty 0 [ 1083.820104][ T1808] file_writeback 0 [ 1083.820104][ T1808] anon_thp 0 [ 1083.820104][ T1808] inactive_anon 0 [ 1083.820104][ T1808] active_anon 53248 [ 1083.820104][ T1808] inactive_file 0 [ 1083.820104][ T1808] active_file 135168 [ 1083.820104][ T1808] unevictable 0 [ 1083.820104][ T1808] slab_reclaimable 17436672 [ 1083.820104][ T1808] slab_unreclaimable 876544 [ 1083.820104][ T1808] pgfault 68244 [ 1083.820104][ T1808] pgmajfault 0 [ 1083.820104][ T1808] workingset_refault 0 [ 1083.820104][ T1808] workingset_activate 0 [ 1083.820104][ T1808] workingset_nodereclaim 0 [ 1083.820104][ T1808] pgrefill 66 [ 1083.820104][ T1808] pgscan 66 [ 1083.820104][ T1808] pgsteal 35 [ 1083.820104][ T1808] pgactivate 0 [ 1084.113562][ T1808] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1808,uid=0 [ 1084.138528][ T1808] Memory cgroup out of memory: Killed process 1808 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1084.164418][ T1066] oom_reaper: reaped process 1808 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:39:13 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:13 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:39:13 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:13 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(0x0, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) [ 1085.183893][ T1867] IPVS: ftp: loaded support on port[0] = 21 [ 1085.374726][ T1867] chnl_net:caif_netlink_parms(): no params data found [ 1085.478423][ T1867] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.486107][ T1867] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.494703][ T1867] device bridge_slave_0 entered promiscuous mode [ 1085.504214][ T1867] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.511533][ T1867] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.520758][ T1867] device bridge_slave_1 entered promiscuous mode [ 1085.584838][ T1867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1085.601349][ T1867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1085.664883][ T1867] team0: Port device team_slave_0 added [ 1085.673213][ T1867] team0: Port device team_slave_1 added [ 1085.753618][ T1867] device hsr_slave_0 entered promiscuous mode [ 1085.820941][ T1867] device hsr_slave_1 entered promiscuous mode [ 1085.910181][ T1867] debugfs: Directory 'hsr0' with parent '/' already present! [ 1086.024760][ T1867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1086.042933][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1086.054611][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1086.064889][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1086.077519][ T1867] 8021q: adding VLAN 0 to HW filter on device team0 [ 1086.143435][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1086.152715][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1086.161620][T25319] bridge0: port 1(bridge_slave_0) entered blocking state [ 1086.168674][T25319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1086.269249][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1086.278654][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1086.288120][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1086.297371][T14644] bridge0: port 2(bridge_slave_1) entered blocking state [ 1086.304488][T14644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1086.396217][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1086.422373][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1086.451101][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1086.459357][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1086.469138][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1086.541108][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1086.551610][ T1867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1086.637429][ T1867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1086.831094][ T1875] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1086.843612][ T1875] CPU: 0 PID: 1875 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1086.851091][ T1875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1086.861143][ T1875] Call Trace: [ 1086.864433][ T1875] dump_stack+0x1d8/0x2f8 [ 1086.868760][ T1875] dump_header+0xd8/0x960 [ 1086.873088][ T1875] oom_kill_process+0xcd/0x350 [ 1086.877848][ T1875] out_of_memory+0x5fa/0x8b0 [ 1086.882434][ T1875] memory_max_write+0x4ba/0x600 [ 1086.887290][ T1875] ? memory_max_show+0xa0/0xa0 [ 1086.892051][ T1875] cgroup_file_write+0x223/0x5f0 [ 1086.896993][ T1875] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1086.902102][ T1875] kernfs_fop_write+0x3e4/0x4e0 [ 1086.906953][ T1875] ? kernfs_fop_read+0x580/0x580 [ 1086.911877][ T1875] __vfs_write+0xb8/0x740 [ 1086.916188][ T1875] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1086.921757][ T1875] ? __sb_start_write+0x382/0x430 [ 1086.926775][ T1875] vfs_write+0x275/0x590 [ 1086.931005][ T1875] ksys_write+0x117/0x220 [ 1086.935325][ T1875] __x64_sys_write+0x7b/0x90 [ 1086.939904][ T1875] do_syscall_64+0xf7/0x1c0 [ 1086.944389][ T1875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1086.950264][ T1875] RIP: 0033:0x459a29 [ 1086.954135][ T1875] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1086.973727][ T1875] RSP: 002b:00007ffb2faf8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1086.982114][ T1875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1086.990072][ T1875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1086.998025][ T1875] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1087.005971][ T1875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb2faf96d4 [ 1087.013917][ T1875] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1087.032364][ T1875] memory: usage 3604kB, limit 0kB, failcnt 568 [ 1087.038630][ T1875] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1087.045882][ T1875] Memory cgroup stats for /syz2: [ 1087.046329][ T1875] anon 2174976 [ 1087.046329][ T1875] file 155648 [ 1087.046329][ T1875] kernel_stack 65536 [ 1087.046329][ T1875] slab 1163264 [ 1087.046329][ T1875] sock 0 [ 1087.046329][ T1875] shmem 0 [ 1087.046329][ T1875] file_mapped 135168 [ 1087.046329][ T1875] file_dirty 135168 [ 1087.046329][ T1875] file_writeback 0 [ 1087.046329][ T1875] anon_thp 2097152 [ 1087.046329][ T1875] inactive_anon 135168 [ 1087.046329][ T1875] active_anon 2174976 [ 1087.046329][ T1875] inactive_file 0 [ 1087.046329][ T1875] active_file 0 [ 1087.046329][ T1875] unevictable 0 [ 1087.046329][ T1875] slab_reclaimable 270336 [ 1087.046329][ T1875] slab_unreclaimable 892928 [ 1087.046329][ T1875] pgfault 210375 [ 1087.046329][ T1875] pgmajfault 0 [ 1087.046329][ T1875] workingset_refault 0 [ 1087.046329][ T1875] workingset_activate 0 [ 1087.046329][ T1875] workingset_nodereclaim 0 [ 1087.046329][ T1875] pgrefill 282 [ 1087.046329][ T1875] pgscan 276 [ 1087.046329][ T1875] pgsteal 37 [ 1087.046329][ T1875] pgactivate 231 [ 1087.153394][ T1875] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1874,uid=0 [ 1087.177241][ T1875] Memory cgroup out of memory: Killed process 1874 (syz-executor.2) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1087.198523][ T1066] oom_reaper: reaped process 1874 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:39:16 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:16 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:16 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(0x0, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 03:39:16 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:16 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 1087.309299][ T1867] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1087.387542][ T1867] CPU: 0 PID: 1867 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1087.395046][ T1867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1087.405111][ T1867] Call Trace: [ 1087.408388][ T1867] dump_stack+0x1d8/0x2f8 [ 1087.412696][ T1867] dump_header+0xd8/0x960 [ 1087.417017][ T1867] oom_kill_process+0xcd/0x350 [ 1087.421934][ T1867] out_of_memory+0x5fa/0x8b0 [ 1087.426504][ T1867] try_charge+0x125a/0x1910 [ 1087.430999][ T1867] mem_cgroup_try_charge+0x20c/0x680 [ 1087.436263][ T1867] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1087.441871][ T1867] wp_page_copy+0x349/0x1890 [ 1087.446459][ T1867] ? __kasan_check_read+0x11/0x20 [ 1087.451458][ T1867] ? do_raw_spin_unlock+0x49/0x260 [ 1087.456560][ T1867] do_wp_page+0x5e5/0x1cc0 [ 1087.460953][ T1867] ? __kasan_check_write+0x14/0x20 [ 1087.466044][ T1867] handle_mm_fault+0x2ada/0x5ff0 [ 1087.470970][ T1867] do_user_addr_fault+0x589/0xaf0 [ 1087.475984][ T1867] __do_page_fault+0xd3/0x1f0 [ 1087.480641][ T1867] do_page_fault+0x99/0xb0 [ 1087.485043][ T1867] page_fault+0x39/0x40 [ 1087.489173][ T1867] RIP: 0033:0x430b06 [ 1087.493041][ T1867] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1087.513331][ T1867] RSP: 002b:00007fff167c0960 EFLAGS: 00010206 [ 1087.519379][ T1867] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1087.527344][ T1867] RDX: 0000000001e8c930 RSI: 0000000001e94970 RDI: 0000000000000003 [ 1087.535326][ T1867] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001e8b940 [ 1087.543280][ T1867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1087.551227][ T1867] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:39:16 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(0x0, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:17 executing program 5: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:17 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) [ 1087.706980][ T1867] memory: usage 1276kB, limit 0kB, failcnt 576 [ 1087.752699][ T1867] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1087.791455][ T1867] Memory cgroup stats for /syz2: [ 1087.791543][ T1867] anon 0 [ 1087.791543][ T1867] file 155648 [ 1087.791543][ T1867] kernel_stack 0 [ 1087.791543][ T1867] slab 1163264 [ 1087.791543][ T1867] sock 0 [ 1087.791543][ T1867] shmem 0 [ 1087.791543][ T1867] file_mapped 135168 [ 1087.791543][ T1867] file_dirty 135168 [ 1087.791543][ T1867] file_writeback 0 [ 1087.791543][ T1867] anon_thp 0 [ 1087.791543][ T1867] inactive_anon 135168 [ 1087.791543][ T1867] active_anon 0 [ 1087.791543][ T1867] inactive_file 0 [ 1087.791543][ T1867] active_file 0 [ 1087.791543][ T1867] unevictable 0 [ 1087.791543][ T1867] slab_reclaimable 270336 03:39:17 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:17 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:17 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) [ 1087.791543][ T1867] slab_unreclaimable 892928 [ 1087.791543][ T1867] pgfault 210408 [ 1087.791543][ T1867] pgmajfault 0 [ 1087.791543][ T1867] workingset_refault 0 [ 1087.791543][ T1867] workingset_activate 0 [ 1087.791543][ T1867] workingset_nodereclaim 0 [ 1087.791543][ T1867] pgrefill 282 [ 1087.791543][ T1867] pgscan 276 [ 1087.791543][ T1867] pgsteal 37 [ 1087.791543][ T1867] pgactivate 231 [ 1088.060217][ T1867] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1867,uid=0 [ 1088.159874][ T1867] Memory cgroup out of memory: Killed process 1867 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1088.187564][ T1066] oom_reaper: reaped process 1867 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:39:17 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x81a0ae8c, 0x0) 03:39:17 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:17 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) [ 1089.304645][ T1919] IPVS: ftp: loaded support on port[0] = 21 [ 1089.525797][ T1919] chnl_net:caif_netlink_parms(): no params data found [ 1089.668307][ T1919] bridge0: port 1(bridge_slave_0) entered blocking state [ 1089.676701][ T1919] bridge0: port 1(bridge_slave_0) entered disabled state [ 1089.687181][ T1919] device bridge_slave_0 entered promiscuous mode [ 1089.696908][ T1919] bridge0: port 2(bridge_slave_1) entered blocking state [ 1089.704454][ T1919] bridge0: port 2(bridge_slave_1) entered disabled state [ 1089.714300][ T1919] device bridge_slave_1 entered promiscuous mode [ 1089.798174][ T1919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1089.812141][ T1919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1089.833174][ T1919] team0: Port device team_slave_0 added [ 1089.893035][ T1919] team0: Port device team_slave_1 added [ 1090.032664][ T1919] device hsr_slave_0 entered promiscuous mode [ 1090.071363][ T1919] device hsr_slave_1 entered promiscuous mode [ 1090.110212][ T1919] debugfs: Directory 'hsr0' with parent '/' already present! [ 1090.186740][ T1919] bridge0: port 2(bridge_slave_1) entered blocking state [ 1090.193880][ T1919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1090.201259][ T1919] bridge0: port 1(bridge_slave_0) entered blocking state [ 1090.208308][ T1919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1090.352743][ T1919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1090.370728][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1090.379616][T25323] bridge0: port 1(bridge_slave_0) entered disabled state [ 1090.387885][T25323] bridge0: port 2(bridge_slave_1) entered disabled state [ 1090.411482][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1090.427916][ T1919] 8021q: adding VLAN 0 to HW filter on device team0 [ 1090.483671][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1090.492533][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1090.499591][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1090.584976][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1090.593852][ T3773] bridge0: port 2(bridge_slave_1) entered blocking state [ 1090.600970][ T3773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1090.723813][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1090.734960][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1090.744177][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1090.760936][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1090.822724][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1090.831828][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1090.841030][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1090.849724][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1090.858827][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1090.869446][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1090.955220][ T1919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1091.140663][ T1927] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1091.194181][ T1927] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1091.213105][ T1927] CPU: 1 PID: 1927 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1091.220582][ T1927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1091.230718][ T1927] Call Trace: [ 1091.234020][ T1927] dump_stack+0x1d8/0x2f8 [ 1091.238345][ T1927] dump_header+0xd8/0x960 [ 1091.242673][ T1927] oom_kill_process+0xcd/0x350 [ 1091.247429][ T1927] out_of_memory+0x5fa/0x8b0 [ 1091.252020][ T1927] memory_max_write+0x4ba/0x600 [ 1091.256878][ T1927] ? memory_max_show+0xa0/0xa0 [ 1091.261635][ T1927] cgroup_file_write+0x223/0x5f0 [ 1091.267446][ T1927] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1091.272552][ T1927] kernfs_fop_write+0x3e4/0x4e0 [ 1091.277396][ T1927] ? kernfs_fop_read+0x580/0x580 [ 1091.282339][ T1927] __vfs_write+0xb8/0x740 [ 1091.286667][ T1927] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1091.292203][ T1927] ? __sb_start_write+0x382/0x430 [ 1091.297229][ T1927] vfs_write+0x275/0x590 [ 1091.301467][ T1927] ksys_write+0x117/0x220 [ 1091.305792][ T1927] __x64_sys_write+0x7b/0x90 [ 1091.310378][ T1927] do_syscall_64+0xf7/0x1c0 [ 1091.314873][ T1927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1091.320753][ T1927] RIP: 0033:0x459a29 [ 1091.324634][ T1927] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1091.344226][ T1927] RSP: 002b:00007f7036457c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1091.352715][ T1927] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1091.360678][ T1927] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1091.368638][ T1927] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1091.376597][ T1927] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70364586d4 [ 1091.384556][ T1927] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1091.407585][ T1927] memory: usage 17820kB, limit 0kB, failcnt 602 [ 1091.414222][ T1927] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1091.421327][ T1927] Memory cgroup stats for /syz3: [ 1091.421791][ T1927] anon 2150400 [ 1091.421791][ T1927] file 221184 [ 1091.421791][ T1927] kernel_stack 65536 [ 1091.421791][ T1927] slab 16015360 [ 1091.421791][ T1927] sock 0 [ 1091.421791][ T1927] shmem 0 [ 1091.421791][ T1927] file_mapped 0 [ 1091.421791][ T1927] file_dirty 0 [ 1091.421791][ T1927] file_writeback 0 [ 1091.421791][ T1927] anon_thp 2097152 [ 1091.421791][ T1927] inactive_anon 0 [ 1091.421791][ T1927] active_anon 2150400 [ 1091.421791][ T1927] inactive_file 0 [ 1091.421791][ T1927] active_file 135168 [ 1091.421791][ T1927] unevictable 0 [ 1091.421791][ T1927] slab_reclaimable 15138816 [ 1091.421791][ T1927] slab_unreclaimable 876544 [ 1091.421791][ T1927] pgfault 68310 [ 1091.421791][ T1927] pgmajfault 0 [ 1091.421791][ T1927] workingset_refault 0 [ 1091.421791][ T1927] workingset_activate 0 [ 1091.421791][ T1927] workingset_nodereclaim 0 [ 1091.421791][ T1927] pgrefill 66 [ 1091.421791][ T1927] pgscan 66 [ 1091.421791][ T1927] pgsteal 35 [ 1091.421791][ T1927] pgactivate 0 [ 1091.520412][ T1927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1926,uid=0 [ 1091.543774][ T1927] Memory cgroup out of memory: Killed process 1926 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1091.565743][ T1066] oom_reaper: reaped process 1926 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:39:21 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:21 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:21 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$getflags(r0, 0x401) 03:39:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x81a0ae8c, 0x0) 03:39:21 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:21 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1091.683529][ T1919] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1091.726802][ T1919] CPU: 0 PID: 1919 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1091.734288][ T1919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1091.734293][ T1919] Call Trace: [ 1091.734314][ T1919] dump_stack+0x1d8/0x2f8 [ 1091.734329][ T1919] dump_header+0xd8/0x960 [ 1091.734343][ T1919] oom_kill_process+0xcd/0x350 [ 1091.734354][ T1919] out_of_memory+0x5fa/0x8b0 [ 1091.734368][ T1919] try_charge+0x125a/0x1910 [ 1091.734401][ T1919] mem_cgroup_try_charge+0x20c/0x680 [ 1091.734417][ T1919] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1091.734430][ T1919] wp_page_copy+0x349/0x1890 [ 1091.734448][ T1919] ? __kasan_check_read+0x11/0x20 [ 1091.734459][ T1919] ? do_raw_spin_unlock+0x49/0x260 [ 1091.734472][ T1919] do_wp_page+0x5e5/0x1cc0 [ 1091.748144][ T1919] ? __kasan_check_write+0x14/0x20 [ 1091.748165][ T1919] handle_mm_fault+0x2ada/0x5ff0 [ 1091.748193][ T1919] do_user_addr_fault+0x589/0xaf0 [ 1091.776457][ T1919] __do_page_fault+0xd3/0x1f0 [ 1091.776469][ T1919] do_page_fault+0x99/0xb0 [ 1091.776483][ T1919] page_fault+0x39/0x40 [ 1091.791952][ T1919] RIP: 0033:0x430b06 [ 1091.821299][ T1919] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1091.821306][ T1919] RSP: 002b:00007ffe2ca3a600 EFLAGS: 00010206 [ 1091.821314][ T1919] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 03:39:21 executing program 0: ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:21 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:39:21 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1091.821321][ T1919] RDX: 0000000000f54930 RSI: 0000000000f5c970 RDI: 0000000000000003 [ 1091.821327][ T1919] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000f53940 [ 1091.821332][ T1919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1091.821341][ T1919] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:39:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x81a0ae8c, 0x0) 03:39:21 executing program 0: ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:21 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0x81a0ae8c, 0x0) [ 1092.359982][ T1919] memory: usage 14948kB, limit 0kB, failcnt 610 [ 1092.366280][ T1919] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1092.376278][ T1919] Memory cgroup stats for /syz3: [ 1092.376355][ T1919] anon 0 [ 1092.376355][ T1919] file 221184 [ 1092.376355][ T1919] kernel_stack 65536 [ 1092.376355][ T1919] slab 15339520 [ 1092.376355][ T1919] sock 0 [ 1092.376355][ T1919] shmem 0 [ 1092.376355][ T1919] file_mapped 0 [ 1092.376355][ T1919] file_dirty 0 [ 1092.376355][ T1919] file_writeback 0 [ 1092.376355][ T1919] anon_thp 0 [ 1092.376355][ T1919] inactive_anon 0 [ 1092.376355][ T1919] active_anon 0 [ 1092.376355][ T1919] inactive_file 0 [ 1092.376355][ T1919] active_file 135168 [ 1092.376355][ T1919] unevictable 0 [ 1092.376355][ T1919] slab_reclaimable 14462976 [ 1092.376355][ T1919] slab_unreclaimable 876544 [ 1092.376355][ T1919] pgfault 68310 [ 1092.376355][ T1919] pgmajfault 0 [ 1092.376355][ T1919] workingset_refault 0 [ 1092.376355][ T1919] workingset_activate 0 [ 1092.376355][ T1919] workingset_nodereclaim 0 [ 1092.376355][ T1919] pgrefill 66 [ 1092.376355][ T1919] pgscan 66 [ 1092.376355][ T1919] pgsteal 35 [ 1092.376355][ T1919] pgactivate 0 [ 1092.494610][ T1919] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=1919,uid=0 [ 1092.510787][ T1919] Memory cgroup out of memory: Killed process 1919 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1092.529846][ T1066] oom_reaper: reaped process 1919 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:39:22 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:22 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:39:22 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:22 executing program 0: ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:22 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0x81a0ae8c, 0x0) [ 1093.581952][ T2071] IPVS: ftp: loaded support on port[0] = 21 [ 1093.787863][ T2071] chnl_net:caif_netlink_parms(): no params data found [ 1093.936247][ T2071] bridge0: port 1(bridge_slave_0) entered blocking state [ 1093.944336][ T2071] bridge0: port 1(bridge_slave_0) entered disabled state [ 1093.953235][ T2071] device bridge_slave_0 entered promiscuous mode [ 1093.962128][ T2071] bridge0: port 2(bridge_slave_1) entered blocking state [ 1093.969239][ T2071] bridge0: port 2(bridge_slave_1) entered disabled state [ 1093.978198][ T2071] device bridge_slave_1 entered promiscuous mode [ 1094.004997][ T2071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1094.055319][ T2071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1094.079577][ T2071] team0: Port device team_slave_0 added [ 1094.088695][ T2071] team0: Port device team_slave_1 added [ 1094.245276][ T2071] device hsr_slave_0 entered promiscuous mode [ 1094.301005][ T2071] device hsr_slave_1 entered promiscuous mode [ 1094.420270][ T2071] debugfs: Directory 'hsr0' with parent '/' already present! [ 1094.508030][ T2071] bridge0: port 2(bridge_slave_1) entered blocking state [ 1094.515151][ T2071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1094.522563][ T2071] bridge0: port 1(bridge_slave_0) entered blocking state [ 1094.529643][ T2071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1094.642778][ T2071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1094.660714][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1094.669542][T25323] bridge0: port 1(bridge_slave_0) entered disabled state [ 1094.677668][T25323] bridge0: port 2(bridge_slave_1) entered disabled state [ 1094.687246][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1094.766363][ T2071] 8021q: adding VLAN 0 to HW filter on device team0 [ 1094.784146][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1094.800243][ T3773] bridge0: port 1(bridge_slave_0) entered blocking state [ 1094.807321][ T3773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1094.878953][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1094.889140][T14644] bridge0: port 2(bridge_slave_1) entered blocking state [ 1094.896258][T14644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1094.920753][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1094.931097][T25324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1095.003010][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1095.015196][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1095.024856][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1095.034782][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1095.052929][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1095.068425][ T2071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1095.086156][ T2071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1095.166504][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1095.177184][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1095.320949][ T2071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1095.534238][ T2079] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1095.581514][ T2079] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1095.592008][ T2079] CPU: 0 PID: 2079 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1095.599457][ T2079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1095.609516][ T2079] Call Trace: [ 1095.612810][ T2079] dump_stack+0x1d8/0x2f8 [ 1095.617139][ T2079] dump_header+0xd8/0x960 [ 1095.621468][ T2079] oom_kill_process+0xcd/0x350 [ 1095.626237][ T2079] out_of_memory+0x5fa/0x8b0 [ 1095.630829][ T2079] memory_max_write+0x4ba/0x600 [ 1095.635699][ T2079] ? memory_max_show+0xa0/0xa0 [ 1095.640467][ T2079] cgroup_file_write+0x223/0x5f0 [ 1095.645402][ T2079] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1095.650511][ T2079] kernfs_fop_write+0x3e4/0x4e0 [ 1095.655359][ T2079] ? kernfs_fop_read+0x580/0x580 [ 1095.660286][ T2079] __vfs_write+0xb8/0x740 [ 1095.664802][ T2079] ? preempt_count_sub+0x31/0x190 [ 1095.669825][ T2079] ? __sb_start_write+0x382/0x430 [ 1095.674831][ T2079] vfs_write+0x275/0x590 [ 1095.679056][ T2079] ksys_write+0x117/0x220 [ 1095.683367][ T2079] __x64_sys_write+0x7b/0x90 [ 1095.687941][ T2079] do_syscall_64+0xf7/0x1c0 [ 1095.692464][ T2079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1095.698332][ T2079] RIP: 0033:0x459a29 [ 1095.702201][ T2079] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1095.722323][ T2079] RSP: 002b:00007f7149385c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1095.730731][ T2079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1095.738684][ T2079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1095.746634][ T2079] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1095.754580][ T2079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71493866d4 [ 1095.762527][ T2079] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1095.794034][ T2079] memory: usage 3636kB, limit 0kB, failcnt 577 [ 1095.801470][ T2079] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1095.808455][ T2079] Memory cgroup stats for /syz2: [ 1095.808827][ T2079] anon 2154496 [ 1095.808827][ T2079] file 155648 [ 1095.808827][ T2079] kernel_stack 0 [ 1095.808827][ T2079] slab 1163264 [ 1095.808827][ T2079] sock 0 [ 1095.808827][ T2079] shmem 0 [ 1095.808827][ T2079] file_mapped 135168 [ 1095.808827][ T2079] file_dirty 135168 [ 1095.808827][ T2079] file_writeback 0 [ 1095.808827][ T2079] anon_thp 2097152 [ 1095.808827][ T2079] inactive_anon 135168 [ 1095.808827][ T2079] active_anon 2154496 [ 1095.808827][ T2079] inactive_file 0 [ 1095.808827][ T2079] active_file 0 [ 1095.808827][ T2079] unevictable 0 [ 1095.808827][ T2079] slab_reclaimable 270336 [ 1095.808827][ T2079] slab_unreclaimable 892928 [ 1095.808827][ T2079] pgfault 210474 [ 1095.808827][ T2079] pgmajfault 0 [ 1095.808827][ T2079] workingset_refault 0 [ 1095.808827][ T2079] workingset_activate 0 [ 1095.808827][ T2079] workingset_nodereclaim 0 [ 1095.808827][ T2079] pgrefill 282 [ 1095.808827][ T2079] pgscan 276 [ 1095.808827][ T2079] pgsteal 37 [ 1095.808827][ T2079] pgactivate 231 [ 1095.906559][ T2079] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2078,uid=0 [ 1095.924261][ T2079] Memory cgroup out of memory: Killed process 2078 (syz-executor.2) total-vm:72580kB, anon-rss:2180kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 03:39:25 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0x81a0ae8c, 0x0) 03:39:25 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:25 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:25 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:25 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) 03:39:25 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1095.944113][ T1066] oom_reaper: reaped process 2078 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1096.007907][ T2071] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1096.059308][ T2071] CPU: 0 PID: 2071 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1096.066889][ T2071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1096.076934][ T2071] Call Trace: [ 1096.076951][ T2071] dump_stack+0x1d8/0x2f8 [ 1096.076969][ T2071] dump_header+0xd8/0x960 [ 1096.084559][ T2071] oom_kill_process+0xcd/0x350 [ 1096.084573][ T2071] out_of_memory+0x5fa/0x8b0 [ 1096.098214][ T2071] try_charge+0x125a/0x1910 [ 1096.102742][ T2071] mem_cgroup_try_charge+0x20c/0x680 [ 1096.108021][ T2071] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1096.113650][ T2071] handle_mm_fault+0x310e/0x5ff0 [ 1096.118604][ T2071] do_user_addr_fault+0x589/0xaf0 [ 1096.123640][ T2071] __do_page_fault+0xd3/0x1f0 [ 1096.128326][ T2071] do_page_fault+0x99/0xb0 [ 1096.132753][ T2071] page_fault+0x39/0x40 [ 1096.136897][ T2071] RIP: 0033:0x42ff57 03:39:25 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:25 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:25 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) 03:39:25 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:25 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x0) [ 1096.140784][ T2071] Code: 00 be 48 3a 4e 00 bf f0 41 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 41 56 48 83 c0 17 41 55 <41> 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 [ 1096.161163][ T2071] RSP: 002b:00007ffca045b000 EFLAGS: 00010206 [ 1096.167224][ T2071] RAX: 0000000000008047 RBX: 0000000000715640 RCX: 0000000000458d94 [ 1096.175191][ T2071] RDX: 00007ffca045b040 RSI: 0000000000008030 RDI: 0000000000715640 [ 1096.183155][ T2071] RBP: 0000000000008030 R08: 0000000000000001 R09: 0000000002080940 [ 1096.191121][ T2071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca045c220 [ 1096.199085][ T2071] R13: 00007ffca045c210 R14: 0000000000000000 R15: 00007ffca045c220 03:39:25 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x0) 03:39:25 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) [ 1096.390159][ T2071] memory: usage 1304kB, limit 0kB, failcnt 589 [ 1096.403824][ T2071] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:39:25 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) [ 1096.445385][ T2071] Memory cgroup stats for /syz2: [ 1096.445459][ T2071] anon 45056 [ 1096.445459][ T2071] file 155648 [ 1096.445459][ T2071] kernel_stack 0 [ 1096.445459][ T2071] slab 1163264 [ 1096.445459][ T2071] sock 0 [ 1096.445459][ T2071] shmem 0 [ 1096.445459][ T2071] file_mapped 135168 [ 1096.445459][ T2071] file_dirty 135168 [ 1096.445459][ T2071] file_writeback 0 [ 1096.445459][ T2071] anon_thp 0 [ 1096.445459][ T2071] inactive_anon 135168 [ 1096.445459][ T2071] active_anon 45056 [ 1096.445459][ T2071] inactive_file 0 [ 1096.445459][ T2071] active_file 0 [ 1096.445459][ T2071] unevictable 0 [ 1096.445459][ T2071] slab_reclaimable 270336 [ 1096.445459][ T2071] slab_unreclaimable 892928 [ 1096.445459][ T2071] pgfault 210474 [ 1096.445459][ T2071] pgmajfault 0 [ 1096.445459][ T2071] workingset_refault 0 [ 1096.445459][ T2071] workingset_activate 0 [ 1096.445459][ T2071] workingset_nodereclaim 0 [ 1096.445459][ T2071] pgrefill 282 [ 1096.445459][ T2071] pgscan 276 [ 1096.445459][ T2071] pgsteal 37 [ 1096.445459][ T2071] pgactivate 231 [ 1096.779956][ T2071] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2071,uid=0 [ 1096.810746][ T2071] Memory cgroup out of memory: Killed process 2071 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1096.840413][ T1066] oom_reaper: reaped process 2071 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:39:26 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:26 executing program 1: open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$getflags(r0, 0x0) 03:39:26 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1097.993788][ T2123] IPVS: ftp: loaded support on port[0] = 21 [ 1098.208015][ T2123] chnl_net:caif_netlink_parms(): no params data found [ 1098.248207][ T2123] bridge0: port 1(bridge_slave_0) entered blocking state [ 1098.256350][ T2123] bridge0: port 1(bridge_slave_0) entered disabled state [ 1098.265312][ T2123] device bridge_slave_0 entered promiscuous mode [ 1098.274359][ T2123] bridge0: port 2(bridge_slave_1) entered blocking state [ 1098.281855][ T2123] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.290654][ T2123] device bridge_slave_1 entered promiscuous mode [ 1098.361503][ T2123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1098.373824][ T2123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1098.399050][ T2123] team0: Port device team_slave_0 added [ 1098.408267][ T2123] team0: Port device team_slave_1 added [ 1098.533455][ T2123] device hsr_slave_0 entered promiscuous mode [ 1098.621084][ T2123] device hsr_slave_1 entered promiscuous mode [ 1098.660034][ T2123] debugfs: Directory 'hsr0' with parent '/' already present! [ 1098.854258][ T2123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1098.933115][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1098.944987][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1098.952978][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1099.003776][ T2123] 8021q: adding VLAN 0 to HW filter on device team0 [ 1099.017927][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1099.027433][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1099.036666][T14644] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.043757][T14644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1099.145734][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1099.154985][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1099.164261][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1099.173548][ T3773] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.180651][ T3773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1099.203377][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1099.273259][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1099.283055][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1099.301874][ T2123] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1099.313638][ T2123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1099.327157][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1099.336503][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1099.345787][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1099.354867][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1099.416084][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1099.441682][ T2123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1099.599452][ T2131] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1099.651372][ T2131] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1099.661950][ T2131] CPU: 1 PID: 2131 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1099.669408][ T2131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1099.679469][ T2131] Call Trace: [ 1099.682767][ T2131] dump_stack+0x1d8/0x2f8 [ 1099.687095][ T2131] dump_header+0xd8/0x960 [ 1099.692209][ T2131] oom_kill_process+0xcd/0x350 [ 1099.696968][ T2131] out_of_memory+0x5fa/0x8b0 [ 1099.701645][ T2131] memory_max_write+0x4ba/0x600 [ 1099.706500][ T2131] ? memory_max_show+0xa0/0xa0 [ 1099.711261][ T2131] cgroup_file_write+0x223/0x5f0 [ 1099.716191][ T2131] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1099.721295][ T2131] kernfs_fop_write+0x3e4/0x4e0 [ 1099.726132][ T2131] ? kernfs_fop_read+0x580/0x580 [ 1099.731045][ T2131] __vfs_write+0xb8/0x740 [ 1099.735362][ T2131] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1099.740887][ T2131] ? __sb_start_write+0x382/0x430 [ 1099.745893][ T2131] vfs_write+0x275/0x590 [ 1099.750122][ T2131] ksys_write+0x117/0x220 [ 1099.754424][ T2131] __x64_sys_write+0x7b/0x90 [ 1099.759017][ T2131] do_syscall_64+0xf7/0x1c0 [ 1099.763511][ T2131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1099.769386][ T2131] RIP: 0033:0x459a29 [ 1099.773434][ T2131] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1099.793014][ T2131] RSP: 002b:00007f2c421d8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1099.801399][ T2131] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1099.809355][ T2131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1099.817305][ T2131] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1099.825265][ T2131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c421d96d4 [ 1099.833263][ T2131] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1099.855186][ T2131] memory: usage 15736kB, limit 0kB, failcnt 611 [ 1099.870305][ T2131] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1099.877254][ T2131] Memory cgroup stats for /syz3: [ 1099.877661][ T2131] anon 2199552 [ 1099.877661][ T2131] file 221184 [ 1099.877661][ T2131] kernel_stack 65536 [ 1099.877661][ T2131] slab 13852672 [ 1099.877661][ T2131] sock 0 [ 1099.877661][ T2131] shmem 0 [ 1099.877661][ T2131] file_mapped 0 [ 1099.877661][ T2131] file_dirty 0 [ 1099.877661][ T2131] file_writeback 0 [ 1099.877661][ T2131] anon_thp 2097152 [ 1099.877661][ T2131] inactive_anon 0 [ 1099.877661][ T2131] active_anon 2199552 [ 1099.877661][ T2131] inactive_file 0 [ 1099.877661][ T2131] active_file 135168 [ 1099.877661][ T2131] unevictable 0 [ 1099.877661][ T2131] slab_reclaimable 12976128 [ 1099.877661][ T2131] slab_unreclaimable 876544 [ 1099.877661][ T2131] pgfault 68409 [ 1099.877661][ T2131] pgmajfault 0 [ 1099.877661][ T2131] workingset_refault 0 [ 1099.877661][ T2131] workingset_activate 0 [ 1099.877661][ T2131] workingset_nodereclaim 0 [ 1099.877661][ T2131] pgrefill 66 [ 1099.877661][ T2131] pgscan 66 [ 1099.877661][ T2131] pgsteal 35 [ 1099.877661][ T2131] pgactivate 0 [ 1099.981682][ T2131] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2130,uid=0 03:39:29 executing program 0: openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:29 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) 03:39:29 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:29 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:29 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:29 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1099.997909][ T2131] Memory cgroup out of memory: Killed process 2130 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1100.022841][ T1066] oom_reaper: reaped process 2130 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1100.076427][ T2123] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1100.128669][ T2123] CPU: 0 PID: 2123 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1100.136170][ T2123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1100.146237][ T2123] Call Trace: [ 1100.149520][ T2123] dump_stack+0x1d8/0x2f8 [ 1100.149534][ T2123] dump_header+0xd8/0x960 [ 1100.149548][ T2123] oom_kill_process+0xcd/0x350 [ 1100.162953][ T2123] out_of_memory+0x5fa/0x8b0 [ 1100.167638][ T2123] try_charge+0x125a/0x1910 [ 1100.176609][ T2123] mem_cgroup_try_charge+0x20c/0x680 [ 1100.181900][ T2123] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1100.187536][ T2123] handle_mm_fault+0x310e/0x5ff0 [ 1100.192494][ T2123] do_user_addr_fault+0x589/0xaf0 [ 1100.197527][ T2123] __do_page_fault+0xd3/0x1f0 [ 1100.202195][ T2123] do_page_fault+0x99/0xb0 [ 1100.206616][ T2123] page_fault+0x39/0x40 [ 1100.210766][ T2123] RIP: 0033:0x4034f2 [ 1100.214658][ T2123] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1100.234265][ T2123] RSP: 002b:00007fffa71e0e90 EFLAGS: 00010246 [ 1100.240329][ T2123] RAX: 0000000000000000 RBX: 000000000010c769 RCX: 0000000000413630 [ 1100.248298][ T2123] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffa71e1fc0 [ 1100.256268][ T2123] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000254c940 [ 1100.264232][ T2123] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa71e1fc0 03:39:29 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1100.272203][ T2123] R13: 00007fffa71e1fb0 R14: 0000000000000000 R15: 00007fffa71e1fc0 03:39:29 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 03:39:29 executing program 0: openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) [ 1100.322501][ T2123] memory: usage 13256kB, limit 0kB, failcnt 623 [ 1100.357750][ T2123] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1100.423619][ T2123] Memory cgroup stats for /syz3: [ 1100.423695][ T2123] anon 0 [ 1100.423695][ T2123] file 221184 [ 1100.423695][ T2123] kernel_stack 0 [ 1100.423695][ T2123] slab 13582336 [ 1100.423695][ T2123] sock 0 [ 1100.423695][ T2123] shmem 0 [ 1100.423695][ T2123] file_mapped 0 [ 1100.423695][ T2123] file_dirty 0 [ 1100.423695][ T2123] file_writeback 0 [ 1100.423695][ T2123] anon_thp 0 [ 1100.423695][ T2123] inactive_anon 0 [ 1100.423695][ T2123] active_anon 0 [ 1100.423695][ T2123] inactive_file 0 [ 1100.423695][ T2123] active_file 135168 03:39:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 03:39:29 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) [ 1100.423695][ T2123] unevictable 0 [ 1100.423695][ T2123] slab_reclaimable 12705792 [ 1100.423695][ T2123] slab_unreclaimable 876544 [ 1100.423695][ T2123] pgfault 68409 [ 1100.423695][ T2123] pgmajfault 0 [ 1100.423695][ T2123] workingset_refault 0 [ 1100.423695][ T2123] workingset_activate 0 [ 1100.423695][ T2123] workingset_nodereclaim 0 [ 1100.423695][ T2123] pgrefill 66 [ 1100.423695][ T2123] pgscan 66 [ 1100.423695][ T2123] pgsteal 35 [ 1100.423695][ T2123] pgactivate 0 03:39:29 executing program 0: openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b311d35"}, 0x0, 0x0, @planes=0x0, 0x4}) 03:39:29 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:29 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) [ 1100.913412][ T2123] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2123,uid=0 [ 1100.956101][ T2123] Memory cgroup out of memory: Killed process 2123 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 03:39:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1102.084157][ T2373] IPVS: ftp: loaded support on port[0] = 21 [ 1102.227360][ T2373] chnl_net:caif_netlink_parms(): no params data found [ 1102.316486][ T2373] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.327321][ T2373] bridge0: port 1(bridge_slave_0) entered disabled state [ 1102.336622][ T2373] device bridge_slave_0 entered promiscuous mode [ 1102.346918][ T2373] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.354763][ T2373] bridge0: port 2(bridge_slave_1) entered disabled state [ 1102.363552][ T2373] device bridge_slave_1 entered promiscuous mode [ 1102.388119][ T2373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1102.401668][ T2373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1102.426261][ T2373] team0: Port device team_slave_0 added [ 1102.434942][ T2373] team0: Port device team_slave_1 added [ 1102.595066][ T2373] device hsr_slave_0 entered promiscuous mode [ 1102.660869][ T2373] device hsr_slave_1 entered promiscuous mode [ 1102.740040][ T2373] debugfs: Directory 'hsr0' with parent '/' already present! [ 1102.975887][ T2373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1103.119326][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1103.133429][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1103.141453][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1103.153818][ T2373] 8021q: adding VLAN 0 to HW filter on device team0 [ 1103.167914][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1103.177861][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1103.186658][T25323] bridge0: port 1(bridge_slave_0) entered blocking state [ 1103.193758][T25323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1103.277964][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1103.287066][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1103.296284][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1103.305438][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state [ 1103.312547][ T7967] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1103.387480][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1103.412202][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1103.420730][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1103.429662][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1103.449414][ T2373] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1103.460534][ T2373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1103.473887][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1103.490568][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1103.500651][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1103.509272][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1103.582196][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1103.604930][ T2373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1103.773149][ T2381] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1103.827127][ T2381] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1103.838317][ T2381] CPU: 0 PID: 2381 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1103.845781][ T2381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1103.855830][ T2381] Call Trace: [ 1103.859117][ T2381] dump_stack+0x1d8/0x2f8 [ 1103.863458][ T2381] dump_header+0xd8/0x960 [ 1103.867819][ T2381] oom_kill_process+0xcd/0x350 [ 1103.872574][ T2381] out_of_memory+0x5fa/0x8b0 [ 1103.877160][ T2381] memory_max_write+0x4ba/0x600 [ 1103.882014][ T2381] ? memory_max_show+0xa0/0xa0 [ 1103.886771][ T2381] cgroup_file_write+0x223/0x5f0 [ 1103.891697][ T2381] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1103.896792][ T2381] kernfs_fop_write+0x3e4/0x4e0 [ 1103.901617][ T2381] ? kernfs_fop_read+0x580/0x580 [ 1103.906527][ T2381] __vfs_write+0xb8/0x740 [ 1103.910834][ T2381] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1103.916364][ T2381] ? __sb_start_write+0x382/0x430 [ 1103.921892][ T2381] vfs_write+0x275/0x590 [ 1103.926110][ T2381] ksys_write+0x117/0x220 [ 1103.931628][ T2381] __x64_sys_write+0x7b/0x90 [ 1103.936191][ T2381] do_syscall_64+0xf7/0x1c0 [ 1103.940670][ T2381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1103.946534][ T2381] RIP: 0033:0x459a29 [ 1103.950399][ T2381] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1103.969983][ T2381] RSP: 002b:00007f7c79397c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1103.978370][ T2381] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1103.986317][ T2381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1103.994271][ T2381] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1104.002216][ T2381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c793986d4 [ 1104.010158][ T2381] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1104.038801][ T2381] memory: usage 3636kB, limit 0kB, failcnt 590 [ 1104.046789][ T2381] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1104.053801][ T2381] Memory cgroup stats for /syz2: [ 1104.054203][ T2381] anon 2150400 [ 1104.054203][ T2381] file 155648 [ 1104.054203][ T2381] kernel_stack 65536 [ 1104.054203][ T2381] slab 1298432 [ 1104.054203][ T2381] sock 0 [ 1104.054203][ T2381] shmem 0 [ 1104.054203][ T2381] file_mapped 135168 [ 1104.054203][ T2381] file_dirty 135168 [ 1104.054203][ T2381] file_writeback 0 [ 1104.054203][ T2381] anon_thp 2097152 [ 1104.054203][ T2381] inactive_anon 135168 [ 1104.054203][ T2381] active_anon 2150400 [ 1104.054203][ T2381] inactive_file 0 [ 1104.054203][ T2381] active_file 0 [ 1104.054203][ T2381] unevictable 0 [ 1104.054203][ T2381] slab_reclaimable 270336 [ 1104.054203][ T2381] slab_unreclaimable 1028096 [ 1104.054203][ T2381] pgfault 210540 [ 1104.054203][ T2381] pgmajfault 0 [ 1104.054203][ T2381] workingset_refault 0 [ 1104.054203][ T2381] workingset_activate 0 [ 1104.054203][ T2381] workingset_nodereclaim 0 [ 1104.054203][ T2381] pgrefill 282 [ 1104.054203][ T2381] pgscan 276 [ 1104.054203][ T2381] pgsteal 37 [ 1104.054203][ T2381] pgactivate 231 [ 1104.153737][ T2381] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2380,uid=0 03:39:33 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:33 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, 0x0) 03:39:33 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:33 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) 03:39:33 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:33 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1104.177045][ T2381] Memory cgroup out of memory: Killed process 2380 (syz-executor.2) total-vm:72580kB, anon-rss:2184kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1104.197353][ T1066] oom_reaper: reaped process 2380 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1104.256665][ T2373] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1104.300187][ T2373] CPU: 0 PID: 2373 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1104.307676][ T2373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1104.317726][ T2373] Call Trace: [ 1104.321017][ T2373] dump_stack+0x1d8/0x2f8 [ 1104.325346][ T2373] dump_header+0xd8/0x960 [ 1104.329671][ T2373] oom_kill_process+0xcd/0x350 [ 1104.334426][ T2373] out_of_memory+0x5fa/0x8b0 [ 1104.339020][ T2373] try_charge+0x125a/0x1910 [ 1104.343542][ T2373] mem_cgroup_try_charge+0x20c/0x680 03:39:33 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, 0x0) [ 1104.348823][ T2373] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1104.354447][ T2373] wp_page_copy+0x349/0x1890 [ 1104.359037][ T2373] ? __kasan_check_read+0x11/0x20 [ 1104.364050][ T2373] ? do_raw_spin_unlock+0x49/0x260 [ 1104.369149][ T2373] do_wp_page+0x5e5/0x1cc0 [ 1104.373556][ T2373] ? __kasan_check_write+0x14/0x20 [ 1104.378672][ T2373] handle_mm_fault+0x2ada/0x5ff0 [ 1104.383627][ T2373] do_user_addr_fault+0x589/0xaf0 [ 1104.388655][ T2373] __do_page_fault+0xd3/0x1f0 [ 1104.393350][ T2373] do_page_fault+0x99/0xb0 [ 1104.397849][ T2373] page_fault+0x39/0x40 [ 1104.402004][ T2373] RIP: 0033:0x4034f2 [ 1104.405890][ T2373] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1104.425485][ T2373] RSP: 002b:00007ffce9fddc00 EFLAGS: 00010246 [ 1104.431548][ T2373] RAX: 0000000000000000 RBX: 000000000010d7ba RCX: 0000000000413630 [ 1104.439513][ T2373] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffce9fded30 03:39:33 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, 0x0) 03:39:33 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) [ 1104.447480][ T2373] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000015e1940 [ 1104.455450][ T2373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce9fded30 [ 1104.463420][ T2373] R13: 00007ffce9fded20 R14: 0000000000000000 R15: 00007ffce9fded30 03:39:33 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:33 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:33 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) [ 1104.750223][ T2373] memory: usage 1304kB, limit 0kB, failcnt 602 [ 1104.769938][ T2373] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1104.789964][ T2373] Memory cgroup stats for /syz2: [ 1104.790115][ T2373] anon 0 [ 1104.790115][ T2373] file 155648 [ 1104.790115][ T2373] kernel_stack 0 [ 1104.790115][ T2373] slab 1298432 [ 1104.790115][ T2373] sock 0 [ 1104.790115][ T2373] shmem 0 [ 1104.790115][ T2373] file_mapped 135168 [ 1104.790115][ T2373] file_dirty 135168 [ 1104.790115][ T2373] file_writeback 0 [ 1104.790115][ T2373] anon_thp 0 [ 1104.790115][ T2373] inactive_anon 135168 [ 1104.790115][ T2373] active_anon 0 [ 1104.790115][ T2373] inactive_file 0 [ 1104.790115][ T2373] active_file 0 [ 1104.790115][ T2373] unevictable 0 [ 1104.790115][ T2373] slab_reclaimable 270336 [ 1104.790115][ T2373] slab_unreclaimable 1028096 [ 1104.790115][ T2373] pgfault 210540 [ 1104.790115][ T2373] pgmajfault 0 [ 1104.790115][ T2373] workingset_refault 0 [ 1104.790115][ T2373] workingset_activate 0 [ 1104.790115][ T2373] workingset_nodereclaim 0 [ 1104.790115][ T2373] pgrefill 282 [ 1104.790115][ T2373] pgscan 276 [ 1104.790115][ T2373] pgsteal 37 [ 1104.790115][ T2373] pgactivate 231 [ 1104.887317][ T2373] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2373,uid=0 [ 1104.903239][ T2373] Memory cgroup out of memory: Killed process 2373 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1104.921765][ T1066] oom_reaper: reaped process 2373 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:39:34 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:34 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) 03:39:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff50, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x40, 0x24, 0x507, 0x0, 0x0, {0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14, 0x1, 'pfifo_head_drop\x00'}, {0x8}}]}, 0x40}}, 0x0) 03:39:34 executing program 1: unshare(0x400) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:34 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1106.054664][ T2425] IPVS: ftp: loaded support on port[0] = 21 [ 1106.296554][ T2425] chnl_net:caif_netlink_parms(): no params data found [ 1106.335513][ T2425] bridge0: port 1(bridge_slave_0) entered blocking state [ 1106.343418][ T2425] bridge0: port 1(bridge_slave_0) entered disabled state [ 1106.352460][ T2425] device bridge_slave_0 entered promiscuous mode [ 1106.361477][ T2425] bridge0: port 2(bridge_slave_1) entered blocking state [ 1106.368617][ T2425] bridge0: port 2(bridge_slave_1) entered disabled state [ 1106.378548][ T2425] device bridge_slave_1 entered promiscuous mode [ 1106.406369][ T2425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1106.419230][ T2425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1106.506800][ T2425] team0: Port device team_slave_0 added [ 1106.514731][ T2425] team0: Port device team_slave_1 added [ 1106.583352][ T2425] device hsr_slave_0 entered promiscuous mode [ 1106.641052][ T2425] device hsr_slave_1 entered promiscuous mode [ 1106.680102][ T2425] debugfs: Directory 'hsr0' with parent '/' already present! [ 1106.875592][ T2425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1106.896218][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1106.904668][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1106.989751][ T2425] 8021q: adding VLAN 0 to HW filter on device team0 [ 1107.003046][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1107.012412][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1107.022035][T16143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1107.029086][T16143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1107.102716][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1107.111307][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1107.121023][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1107.129571][T25323] bridge0: port 2(bridge_slave_1) entered blocking state [ 1107.136671][T25323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1107.146611][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1107.156176][T25323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1107.237952][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1107.262107][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1107.271062][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1107.281353][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1107.402040][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1107.402931][T16143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1107.438423][ T2425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1107.451110][ T2425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1107.459527][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1107.558274][ T2425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1107.719527][ T2433] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1107.754933][ T2433] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1107.765571][ T2433] CPU: 0 PID: 2433 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1107.773028][ T2433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.773033][ T2433] Call Trace: [ 1107.773051][ T2433] dump_stack+0x1d8/0x2f8 [ 1107.773067][ T2433] dump_header+0xd8/0x960 [ 1107.773082][ T2433] oom_kill_process+0xcd/0x350 [ 1107.773094][ T2433] out_of_memory+0x5fa/0x8b0 [ 1107.773110][ T2433] memory_max_write+0x4ba/0x600 [ 1107.773134][ T2433] ? memory_max_show+0xa0/0xa0 [ 1107.773146][ T2433] cgroup_file_write+0x223/0x5f0 [ 1107.773157][ T2433] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1107.773170][ T2433] kernfs_fop_write+0x3e4/0x4e0 [ 1107.773182][ T2433] ? kernfs_fop_read+0x580/0x580 [ 1107.773194][ T2433] __vfs_write+0xb8/0x740 [ 1107.773210][ T2433] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1107.773220][ T2433] ? __sb_start_write+0x382/0x430 [ 1107.773233][ T2433] vfs_write+0x275/0x590 [ 1107.773249][ T2433] ksys_write+0x117/0x220 [ 1107.773264][ T2433] __x64_sys_write+0x7b/0x90 [ 1107.773277][ T2433] do_syscall_64+0xf7/0x1c0 [ 1107.773290][ T2433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1107.773300][ T2433] RIP: 0033:0x459a29 [ 1107.773311][ T2433] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1107.773317][ T2433] RSP: 002b:00007f9a0cfc0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1107.773328][ T2433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1107.773333][ T2433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1107.773340][ T2433] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1107.773346][ T2433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9a0cfc16d4 [ 1107.773352][ T2433] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1107.774621][ T2433] memory: usage 13392kB, limit 0kB, failcnt 624 [ 1107.797609][ T2433] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1107.805395][ T2433] Memory cgroup stats for /syz3: [ 1107.805480][ T2433] anon 2056192 [ 1107.805480][ T2433] file 221184 [ 1107.805480][ T2433] kernel_stack 65536 [ 1107.805480][ T2433] slab 11419648 [ 1107.805480][ T2433] sock 0 [ 1107.805480][ T2433] shmem 0 [ 1107.805480][ T2433] file_mapped 0 [ 1107.805480][ T2433] file_dirty 0 [ 1107.805480][ T2433] file_writeback 0 [ 1107.805480][ T2433] anon_thp 2097152 [ 1107.805480][ T2433] inactive_anon 0 [ 1107.805480][ T2433] active_anon 2056192 [ 1107.805480][ T2433] inactive_file 0 [ 1107.805480][ T2433] active_file 135168 [ 1107.805480][ T2433] unevictable 0 [ 1107.805480][ T2433] slab_reclaimable 10543104 [ 1107.805480][ T2433] slab_unreclaimable 876544 [ 1107.805480][ T2433] pgfault 68442 [ 1107.805480][ T2433] pgmajfault 0 [ 1107.805480][ T2433] workingset_refault 0 [ 1107.805480][ T2433] workingset_activate 0 [ 1107.805480][ T2433] workingset_nodereclaim 0 [ 1107.805480][ T2433] pgrefill 66 [ 1107.805480][ T2433] pgscan 66 [ 1107.805480][ T2433] pgsteal 35 [ 1107.805480][ T2433] pgactivate 0 03:39:37 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:37 executing program 1: unshare(0x400) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) 03:39:37 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:37 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x14) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 1107.842437][ T2433] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2432,uid=0 [ 1107.860026][ T2433] Memory cgroup out of memory: Killed process 2432 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1108.093510][ T1066] oom_reaper: reaped process 2432 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1108.165729][ T2425] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1108.229825][ T2425] CPU: 0 PID: 2425 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1108.237326][ T2425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1108.247364][ T2425] Call Trace: [ 1108.250636][ T2425] dump_stack+0x1d8/0x2f8 [ 1108.254955][ T2425] dump_header+0xd8/0x960 [ 1108.259263][ T2425] oom_kill_process+0xcd/0x350 [ 1108.264004][ T2425] out_of_memory+0x5fa/0x8b0 [ 1108.268583][ T2425] try_charge+0x125a/0x1910 [ 1108.273080][ T2425] mem_cgroup_try_charge+0x20c/0x680 [ 1108.278341][ T2425] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1108.283951][ T2425] wp_page_copy+0x349/0x1890 [ 1108.288520][ T2425] ? __kasan_check_read+0x11/0x20 [ 1108.293532][ T2425] ? do_raw_spin_unlock+0x49/0x260 [ 1108.298642][ T2425] do_wp_page+0x5e5/0x1cc0 [ 1108.303034][ T2425] ? __kasan_check_write+0x14/0x20 [ 1108.308126][ T2425] handle_mm_fault+0x2ada/0x5ff0 [ 1108.313053][ T2425] do_user_addr_fault+0x589/0xaf0 [ 1108.318067][ T2425] __do_page_fault+0xd3/0x1f0 [ 1108.322726][ T2425] do_page_fault+0x99/0xb0 [ 1108.327145][ T2425] page_fault+0x39/0x40 [ 1108.331277][ T2425] RIP: 0033:0x4034f2 [ 1108.335147][ T2425] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1108.354822][ T2425] RSP: 002b:00007ffc9dec8ca0 EFLAGS: 00010246 [ 1108.360864][ T2425] RAX: 0000000000000000 RBX: 000000000010e71c RCX: 0000000000413630 [ 1108.368821][ T2425] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc9dec9dd0 03:39:37 executing program 1: unshare(0x400) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:37 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:37 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) umount2(&(0x7f0000000180)='./file0\x00', 0xb) [ 1108.376770][ T2425] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000024c5940 [ 1108.384733][ T2425] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9dec9dd0 [ 1108.392690][ T2425] R13: 00007ffc9dec9dc0 R14: 0000000000000000 R15: 00007ffc9dec9dd0 [ 1108.474147][ T2425] memory: usage 10992kB, limit 0kB, failcnt 632 [ 1108.511317][ T2425] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1108.526044][ T2425] Memory cgroup stats for /syz3: [ 1108.526128][ T2425] anon 0 [ 1108.526128][ T2425] file 221184 [ 1108.526128][ T2425] kernel_stack 0 [ 1108.526128][ T2425] slab 11284480 [ 1108.526128][ T2425] sock 0 [ 1108.526128][ T2425] shmem 0 [ 1108.526128][ T2425] file_mapped 0 [ 1108.526128][ T2425] file_dirty 0 [ 1108.526128][ T2425] file_writeback 0 [ 1108.526128][ T2425] anon_thp 0 [ 1108.526128][ T2425] inactive_anon 0 [ 1108.526128][ T2425] active_anon 0 [ 1108.526128][ T2425] inactive_file 0 [ 1108.526128][ T2425] active_file 135168 03:39:37 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) [ 1108.526128][ T2425] unevictable 0 [ 1108.526128][ T2425] slab_reclaimable 10407936 [ 1108.526128][ T2425] slab_unreclaimable 876544 [ 1108.526128][ T2425] pgfault 68442 [ 1108.526128][ T2425] pgmajfault 0 [ 1108.526128][ T2425] workingset_refault 0 [ 1108.526128][ T2425] workingset_activate 0 [ 1108.526128][ T2425] workingset_nodereclaim 0 [ 1108.526128][ T2425] pgrefill 66 [ 1108.526128][ T2425] pgscan 66 [ 1108.526128][ T2425] pgsteal 35 [ 1108.526128][ T2425] pgactivate 0 03:39:38 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1108.890520][ T2425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2425,uid=0 [ 1108.935683][ T2425] Memory cgroup out of memory: Killed process 2425 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1108.954370][ T1066] oom_reaper: reaped process 2425 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:39:38 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:39:38 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:39:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:39:38 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1109.516036][ T2877] device bridge_slave_1 left promiscuous mode [ 1109.537349][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.621593][ T2877] device bridge_slave_0 left promiscuous mode [ 1109.627823][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.682503][ T2877] device bridge_slave_1 left promiscuous mode [ 1109.688839][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.811287][ T2877] device bridge_slave_0 left promiscuous mode [ 1109.817490][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.882271][ T2877] device bridge_slave_1 left promiscuous mode [ 1109.888635][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.981323][ T2877] device bridge_slave_0 left promiscuous mode [ 1109.987517][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.072325][ T2877] device bridge_slave_1 left promiscuous mode [ 1110.078544][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.162995][ T2877] device bridge_slave_0 left promiscuous mode [ 1110.169221][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.232303][ T2877] device bridge_slave_1 left promiscuous mode [ 1110.238508][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.441010][ T2877] device bridge_slave_0 left promiscuous mode [ 1110.447196][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.492293][ T2877] device bridge_slave_1 left promiscuous mode [ 1110.498513][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.561413][ T2877] device bridge_slave_0 left promiscuous mode [ 1110.567610][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.622353][ T2877] device bridge_slave_1 left promiscuous mode [ 1110.628542][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.691015][ T2877] device bridge_slave_0 left promiscuous mode [ 1110.697238][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.772312][ T2877] device bridge_slave_1 left promiscuous mode [ 1110.778512][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.831875][ T2877] device bridge_slave_0 left promiscuous mode [ 1110.838076][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.902274][ T2877] device bridge_slave_1 left promiscuous mode [ 1110.908480][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.971159][ T2877] device bridge_slave_0 left promiscuous mode [ 1110.977355][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.093074][ T2877] device bridge_slave_1 left promiscuous mode [ 1111.099299][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.211325][ T2877] device bridge_slave_0 left promiscuous mode [ 1111.217536][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.342176][ T2877] device bridge_slave_1 left promiscuous mode [ 1111.349017][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.391198][ T2877] device bridge_slave_0 left promiscuous mode [ 1111.397392][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.462129][ T2877] device bridge_slave_1 left promiscuous mode [ 1111.468327][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.541269][ T2877] device bridge_slave_0 left promiscuous mode [ 1111.547475][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.702258][ T2877] device bridge_slave_1 left promiscuous mode [ 1111.708477][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.751183][ T2877] device bridge_slave_0 left promiscuous mode [ 1111.757391][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.812223][ T2877] device bridge_slave_1 left promiscuous mode [ 1111.818416][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.911200][ T2877] device bridge_slave_0 left promiscuous mode [ 1111.917398][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.982186][ T2877] device bridge_slave_1 left promiscuous mode [ 1111.988392][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.081307][ T2877] device bridge_slave_0 left promiscuous mode [ 1112.087521][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1112.142312][ T2877] device bridge_slave_1 left promiscuous mode [ 1112.148526][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.351068][ T2877] device bridge_slave_0 left promiscuous mode [ 1112.357280][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1112.492499][ T2877] device bridge_slave_1 left promiscuous mode [ 1112.498823][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.551292][ T2877] device bridge_slave_0 left promiscuous mode [ 1112.557504][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1112.642551][ T2877] device bridge_slave_1 left promiscuous mode [ 1112.648756][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.741243][ T2877] device bridge_slave_0 left promiscuous mode [ 1112.747452][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1112.842273][ T2877] device bridge_slave_1 left promiscuous mode [ 1112.848468][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.901151][ T2877] device bridge_slave_0 left promiscuous mode [ 1112.907346][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1112.982177][ T2877] device bridge_slave_1 left promiscuous mode [ 1112.988380][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1113.051035][ T2877] device bridge_slave_0 left promiscuous mode [ 1113.057320][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1113.182097][ T2877] device bridge_slave_1 left promiscuous mode [ 1113.188291][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1113.311087][ T2877] device bridge_slave_0 left promiscuous mode [ 1113.317299][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1113.392248][ T2877] device bridge_slave_1 left promiscuous mode [ 1113.398452][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1113.521457][ T2877] device bridge_slave_0 left promiscuous mode [ 1113.527667][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1113.592093][ T2877] device bridge_slave_1 left promiscuous mode [ 1113.598306][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1113.651149][ T2877] device bridge_slave_0 left promiscuous mode [ 1113.657387][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1113.782250][ T2877] device bridge_slave_1 left promiscuous mode [ 1113.788625][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1113.871014][ T2877] device bridge_slave_0 left promiscuous mode [ 1113.877240][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1113.992234][ T2877] device bridge_slave_1 left promiscuous mode [ 1113.998594][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1114.041104][ T2877] device bridge_slave_0 left promiscuous mode [ 1114.047441][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1114.112138][ T2877] device bridge_slave_1 left promiscuous mode [ 1114.118366][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1114.231203][ T2877] device bridge_slave_0 left promiscuous mode [ 1114.237420][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1172.482384][ T2877] device hsr_slave_0 left promiscuous mode [ 1172.610174][ T2877] device hsr_slave_1 left promiscuous mode [ 1172.688528][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1172.706909][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1172.731123][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1172.812080][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1172.950574][ T2877] bond0 (unregistering): Released all slaves [ 1173.250689][ T2877] device hsr_slave_0 left promiscuous mode [ 1173.410121][ T2877] device hsr_slave_1 left promiscuous mode [ 1173.487109][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1173.504184][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1173.519047][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1173.649553][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1173.804844][ T2877] bond0 (unregistering): Released all slaves [ 1174.120689][ T2877] device hsr_slave_0 left promiscuous mode [ 1174.180295][ T2877] device hsr_slave_1 left promiscuous mode [ 1174.243452][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1174.258539][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1174.275139][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1174.339804][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1174.459101][ T2877] bond0 (unregistering): Released all slaves [ 1174.792212][ T2877] device hsr_slave_0 left promiscuous mode [ 1174.870194][ T2877] device hsr_slave_1 left promiscuous mode [ 1174.927907][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1174.946152][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1174.963024][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1175.068837][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1175.199835][ T2877] bond0 (unregistering): Released all slaves [ 1175.501093][ T2877] device hsr_slave_0 left promiscuous mode [ 1175.620220][ T2877] device hsr_slave_1 left promiscuous mode [ 1175.717616][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1175.733960][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1175.754558][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1175.838326][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1175.964207][ T2877] bond0 (unregistering): Released all slaves [ 1176.230872][ T2877] device hsr_slave_0 left promiscuous mode [ 1176.280688][ T2877] device hsr_slave_1 left promiscuous mode [ 1176.377128][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1176.396108][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1176.412031][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1176.478361][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1176.687232][ T2877] bond0 (unregistering): Released all slaves [ 1177.002637][ T2877] device hsr_slave_0 left promiscuous mode [ 1177.200466][ T2877] device hsr_slave_1 left promiscuous mode [ 1177.327068][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1177.351479][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1177.365914][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1177.428126][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1177.556417][ T2877] bond0 (unregistering): Released all slaves [ 1177.830781][ T2877] device hsr_slave_0 left promiscuous mode [ 1177.980205][ T2877] device hsr_slave_1 left promiscuous mode [ 1178.097472][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1178.115351][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1178.132591][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1178.228651][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1178.359348][ T2877] bond0 (unregistering): Released all slaves [ 1178.580959][ T2877] device hsr_slave_0 left promiscuous mode [ 1178.710195][ T2877] device hsr_slave_1 left promiscuous mode [ 1178.867003][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1178.884711][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1178.899088][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1179.098324][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1179.198835][ T2877] bond0 (unregistering): Released all slaves [ 1179.410715][ T2877] device hsr_slave_0 left promiscuous mode [ 1179.480137][ T2877] device hsr_slave_1 left promiscuous mode [ 1179.587336][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1179.605914][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1179.622469][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1179.738220][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1179.886507][ T2877] bond0 (unregistering): Released all slaves [ 1180.130625][ T2877] device hsr_slave_0 left promiscuous mode [ 1180.270228][ T2877] device hsr_slave_1 left promiscuous mode [ 1180.337334][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1180.354052][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1180.374037][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1180.438811][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1180.565905][ T2877] bond0 (unregistering): Released all slaves [ 1180.900757][ T2877] device hsr_slave_0 left promiscuous mode [ 1180.990219][ T2877] device hsr_slave_1 left promiscuous mode [ 1181.087055][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1181.104393][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1181.118140][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1181.186564][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1181.303969][ T2877] bond0 (unregistering): Released all slaves [ 1181.530745][ T2877] device hsr_slave_0 left promiscuous mode [ 1181.590254][ T2877] device hsr_slave_1 left promiscuous mode [ 1181.678466][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1181.695903][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1181.712672][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1181.818816][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1181.948740][ T2877] bond0 (unregistering): Released all slaves [ 1182.141346][ T2877] device hsr_slave_0 left promiscuous mode [ 1182.180045][ T2877] device hsr_slave_1 left promiscuous mode [ 1182.248148][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1182.265509][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1182.282381][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1182.451701][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1182.572799][ T2877] bond0 (unregistering): Released all slaves [ 1182.770733][ T2877] device hsr_slave_0 left promiscuous mode [ 1182.810763][ T2877] device hsr_slave_1 left promiscuous mode [ 1182.886792][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1182.903487][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1182.916751][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1182.988557][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1183.093405][ T2877] bond0 (unregistering): Released all slaves [ 1183.310717][ T2877] device hsr_slave_0 left promiscuous mode [ 1183.390556][ T2877] device hsr_slave_1 left promiscuous mode [ 1183.447688][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1183.464180][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1183.479088][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1183.558385][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1183.688913][ T2877] bond0 (unregistering): Released all slaves [ 1183.920719][ T2877] device hsr_slave_0 left promiscuous mode [ 1184.000262][ T2877] device hsr_slave_1 left promiscuous mode [ 1184.067193][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1184.083216][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1184.097545][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1184.196664][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1184.328765][ T2877] bond0 (unregistering): Released all slaves [ 1184.590699][ T2877] device hsr_slave_0 left promiscuous mode [ 1184.660555][ T2877] device hsr_slave_1 left promiscuous mode [ 1184.823325][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1184.837518][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1184.853243][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1184.898124][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1185.079620][ T2877] bond0 (unregistering): Released all slaves [ 1185.261036][ T2877] device hsr_slave_0 left promiscuous mode [ 1185.300168][ T2877] device hsr_slave_1 left promiscuous mode [ 1185.366823][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1185.383276][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1185.398307][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1185.469163][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1185.604197][ T2877] bond0 (unregistering): Released all slaves [ 1185.770769][ T2877] device hsr_slave_0 left promiscuous mode [ 1185.851201][ T2877] device hsr_slave_1 left promiscuous mode [ 1185.907210][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1185.923847][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1185.941556][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1185.998049][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1186.134844][ T2877] bond0 (unregistering): Released all slaves [ 1186.290751][ T2877] device hsr_slave_0 left promiscuous mode [ 1186.370567][ T2877] device hsr_slave_1 left promiscuous mode [ 1186.437111][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1186.460262][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1186.475757][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1186.561499][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1186.667859][ T2877] bond0 (unregistering): Released all slaves [ 1186.920787][ T2877] device hsr_slave_0 left promiscuous mode [ 1186.980538][ T2877] device hsr_slave_1 left promiscuous mode [ 1187.055955][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1187.072171][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1187.085654][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1187.168149][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1187.302626][ T2877] bond0 (unregistering): Released all slaves [ 1187.460739][ T2877] device hsr_slave_0 left promiscuous mode [ 1187.540624][ T2877] device hsr_slave_1 left promiscuous mode [ 1187.637567][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1187.667015][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1187.685778][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1187.778283][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1187.888079][ T2877] bond0 (unregistering): Released all slaves [ 1188.180756][ T2877] device hsr_slave_0 left promiscuous mode [ 1188.310585][ T2877] device hsr_slave_1 left promiscuous mode [ 1188.387489][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1188.402464][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1188.416157][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1188.479105][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1188.668093][ T2877] bond0 (unregistering): Released all slaves [ 1188.900710][ T2877] device hsr_slave_0 left promiscuous mode [ 1188.960656][ T2877] device hsr_slave_1 left promiscuous mode [ 1189.017221][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1189.033188][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1189.047768][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1189.128684][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1189.245882][ T2877] bond0 (unregistering): Released all slaves [ 1189.500786][ T2877] device hsr_slave_0 left promiscuous mode [ 1189.640168][ T2877] device hsr_slave_1 left promiscuous mode [ 1189.707404][ T2877] team0 (unregistering): Port device team_slave_1 removed [ 1189.724701][ T2877] team0 (unregistering): Port device team_slave_0 removed [ 1189.744818][ T2877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1189.798701][ T2877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1189.907168][ T2877] bond0 (unregistering): Released all slaves [ 1191.685586][ T2477] IPVS: ftp: loaded support on port[0] = 21 [ 1191.819402][ T2477] chnl_net:caif_netlink_parms(): no params data found [ 1192.180139][ T2477] bridge0: port 1(bridge_slave_0) entered blocking state [ 1192.188506][ T2477] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.211528][ T2477] device bridge_slave_0 entered promiscuous mode [ 1192.381996][ T2477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1192.389249][ T2477] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.400584][ T2477] device bridge_slave_1 entered promiscuous mode [ 1192.763368][ T2477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1192.912945][ T2477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1193.321985][ T2477] team0: Port device team_slave_0 added [ 1193.541973][ T2477] team0: Port device team_slave_1 added [ 1193.773138][ T2477] device hsr_slave_0 entered promiscuous mode [ 1193.810795][ T2477] device hsr_slave_1 entered promiscuous mode [ 1193.966868][ T2477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1193.998887][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1194.021126][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1194.033928][ T2477] 8021q: adding VLAN 0 to HW filter on device team0 [ 1194.065008][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1194.074759][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1194.090907][T25319] bridge0: port 1(bridge_slave_0) entered blocking state [ 1194.097990][T25319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1194.141307][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1194.149422][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1194.171661][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1194.190239][T14644] bridge0: port 2(bridge_slave_1) entered blocking state [ 1194.197369][T14644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1194.220627][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1194.265211][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1194.275384][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1194.284954][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1194.295941][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1194.305600][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1194.314931][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1194.323823][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1194.336409][ T2477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1194.347082][T25319] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1194.377012][ T2477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1194.544565][ T2498] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1194.635004][ T2498] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1194.660408][ T2498] CPU: 0 PID: 2498 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1194.668174][ T2498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1194.678410][ T2498] Call Trace: [ 1194.681737][ T2498] dump_stack+0x1d8/0x2f8 [ 1194.686089][ T2498] dump_header+0xd8/0x960 [ 1194.690432][ T2498] oom_kill_process+0xcd/0x350 [ 1194.695207][ T2498] out_of_memory+0x5fa/0x8b0 [ 1194.699806][ T2498] memory_max_write+0x4ba/0x600 [ 1194.704677][ T2498] ? memory_max_show+0xa0/0xa0 [ 1194.709446][ T2498] cgroup_file_write+0x223/0x5f0 [ 1194.714387][ T2498] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1194.719502][ T2498] kernfs_fop_write+0x3e4/0x4e0 [ 1194.724352][ T2498] ? kernfs_fop_read+0x580/0x580 [ 1194.729294][ T2498] __vfs_write+0xb8/0x740 [ 1194.733631][ T2498] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1194.739182][ T2498] ? __sb_start_write+0x382/0x430 [ 1194.744301][ T2498] vfs_write+0x275/0x590 [ 1194.748565][ T2498] ksys_write+0x117/0x220 [ 1194.753052][ T2498] __x64_sys_write+0x7b/0x90 [ 1194.757654][ T2498] do_syscall_64+0xf7/0x1c0 [ 1194.762374][ T2498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1194.768424][ T2498] RIP: 0033:0x459a29 [ 1194.772312][ T2498] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1194.792089][ T2498] RSP: 002b:00007f4ba0148c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1194.800504][ T2498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1194.809082][ T2498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1194.817403][ T2498] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1194.825560][ T2498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ba01496d4 [ 1194.833533][ T2498] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1194.850749][ T2498] memory: usage 3648kB, limit 0kB, failcnt 603 [ 1194.857899][ T2498] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1194.865667][ T2498] Memory cgroup stats for /syz2: [ 1194.866069][ T2498] anon 2207744 [ 1194.866069][ T2498] file 155648 [ 1194.866069][ T2498] kernel_stack 65536 [ 1194.866069][ T2498] slab 1298432 [ 1194.866069][ T2498] sock 0 [ 1194.866069][ T2498] shmem 0 [ 1194.866069][ T2498] file_mapped 135168 [ 1194.866069][ T2498] file_dirty 135168 [ 1194.866069][ T2498] file_writeback 0 [ 1194.866069][ T2498] anon_thp 2097152 [ 1194.866069][ T2498] inactive_anon 135168 [ 1194.866069][ T2498] active_anon 2207744 [ 1194.866069][ T2498] inactive_file 0 [ 1194.866069][ T2498] active_file 0 [ 1194.866069][ T2498] unevictable 0 [ 1194.866069][ T2498] slab_reclaimable 270336 [ 1194.866069][ T2498] slab_unreclaimable 1028096 [ 1194.866069][ T2498] pgfault 210606 [ 1194.866069][ T2498] pgmajfault 0 [ 1194.866069][ T2498] workingset_refault 0 [ 1194.866069][ T2498] workingset_activate 0 [ 1194.866069][ T2498] workingset_nodereclaim 0 [ 1194.866069][ T2498] pgrefill 282 [ 1194.866069][ T2498] pgscan 276 [ 1194.866069][ T2498] pgsteal 37 [ 1194.866069][ T2498] pgactivate 231 [ 1195.089848][ T2498] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2495,uid=0 [ 1195.106505][ T2498] Memory cgroup out of memory: Killed process 2495 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1195.152259][ T1066] oom_reaper: reaped process 2495 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 03:41:04 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:41:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) 03:41:04 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:41:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:04 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:41:04 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1195.205513][ T2477] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1195.260114][ T2477] CPU: 1 PID: 2477 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1195.267761][ T2477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1195.277908][ T2477] Call Trace: [ 1195.281221][ T2477] dump_stack+0x1d8/0x2f8 [ 1195.285627][ T2477] dump_header+0xd8/0x960 [ 1195.289967][ T2477] oom_kill_process+0xcd/0x350 [ 1195.295087][ T2477] out_of_memory+0x5fa/0x8b0 [ 1195.299684][ T2477] try_charge+0x125a/0x1910 [ 1195.304193][ T2477] mem_cgroup_try_charge+0x20c/0x680 [ 1195.309471][ T2477] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1195.315102][ T2477] handle_mm_fault+0x310e/0x5ff0 [ 1195.320168][ T2477] do_user_addr_fault+0x589/0xaf0 [ 1195.325194][ T2477] __do_page_fault+0xd3/0x1f0 [ 1195.329862][ T2477] do_page_fault+0x99/0xb0 [ 1195.334271][ T2477] page_fault+0x39/0x40 [ 1195.338412][ T2477] RIP: 0033:0x4034f2 03:41:04 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1195.342289][ T2477] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1195.362002][ T2477] RSP: 002b:00007ffd9d2fbf40 EFLAGS: 00010246 [ 1195.368351][ T2477] RAX: 0000000000000000 RBX: 0000000000123a70 RCX: 0000000000413630 [ 1195.376311][ T2477] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd9d2fd070 [ 1195.384272][ T2477] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000011b8940 [ 1195.392249][ T2477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd9d2fd070 [ 1195.400559][ T2477] R13: 00007ffd9d2fd060 R14: 0000000000000000 R15: 00007ffd9d2fd070 03:41:04 executing program 1: unshare(0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:04 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1195.500176][ T2477] memory: usage 1208kB, limit 0kB, failcnt 615 [ 1195.506713][ T2477] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1195.543994][ T2477] Memory cgroup stats for /syz2: [ 1195.544060][ T2477] anon 32768 [ 1195.544060][ T2477] file 155648 [ 1195.544060][ T2477] kernel_stack 65536 [ 1195.544060][ T2477] slab 1298432 [ 1195.544060][ T2477] sock 0 [ 1195.544060][ T2477] shmem 0 [ 1195.544060][ T2477] file_mapped 135168 [ 1195.544060][ T2477] file_dirty 135168 [ 1195.544060][ T2477] file_writeback 0 [ 1195.544060][ T2477] anon_thp 0 [ 1195.544060][ T2477] inactive_anon 135168 [ 1195.544060][ T2477] active_anon 32768 [ 1195.544060][ T2477] inactive_file 0 [ 1195.544060][ T2477] active_file 0 [ 1195.544060][ T2477] unevictable 0 [ 1195.544060][ T2477] slab_reclaimable 270336 [ 1195.544060][ T2477] slab_unreclaimable 1028096 [ 1195.544060][ T2477] pgfault 210606 [ 1195.544060][ T2477] pgmajfault 0 [ 1195.544060][ T2477] workingset_refault 0 [ 1195.544060][ T2477] workingset_activate 0 [ 1195.544060][ T2477] workingset_nodereclaim 0 [ 1195.544060][ T2477] pgrefill 282 [ 1195.544060][ T2477] pgscan 276 [ 1195.544060][ T2477] pgsteal 37 [ 1195.544060][ T2477] pgactivate 231 03:41:04 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1195.549315][ T2477] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2477,uid=0 03:41:05 executing program 1: unshare(0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:05 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1196.017479][ T2477] Memory cgroup out of memory: Killed process 2477 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 03:41:05 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:41:05 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:41:05 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:41:05 executing program 1: unshare(0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0x81a0ae8c, 0x0) [ 1197.117717][ T2579] IPVS: ftp: loaded support on port[0] = 21 [ 1197.286821][ T2579] chnl_net:caif_netlink_parms(): no params data found [ 1197.384237][ T2579] bridge0: port 1(bridge_slave_0) entered blocking state [ 1197.399987][ T2579] bridge0: port 1(bridge_slave_0) entered disabled state [ 1197.408419][ T2579] device bridge_slave_0 entered promiscuous mode [ 1197.459655][ T2579] bridge0: port 2(bridge_slave_1) entered blocking state [ 1197.481774][ T2579] bridge0: port 2(bridge_slave_1) entered disabled state [ 1197.510303][ T2579] device bridge_slave_1 entered promiscuous mode [ 1197.553656][ T2579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1197.573292][ T2579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1197.624437][ T2579] team0: Port device team_slave_0 added [ 1197.642719][ T2579] team0: Port device team_slave_1 added [ 1197.773226][ T2579] device hsr_slave_0 entered promiscuous mode [ 1197.810727][ T2579] device hsr_slave_1 entered promiscuous mode [ 1197.849969][ T2579] debugfs: Directory 'hsr0' with parent '/' already present! [ 1197.982798][ T2579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1198.003002][ T2525] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1198.014409][ T2525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1198.022931][ T2525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1198.035425][ T2579] 8021q: adding VLAN 0 to HW filter on device team0 [ 1198.067050][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1198.081397][ T2523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1198.101474][ T2523] bridge0: port 1(bridge_slave_0) entered blocking state [ 1198.108577][ T2523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1198.152418][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1198.161628][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1198.182056][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1198.200353][ T2522] bridge0: port 2(bridge_slave_1) entered blocking state [ 1198.207449][ T2522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1198.264673][ T2520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1198.274485][ T2520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1198.300958][ T2520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1198.316697][ T2579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1198.362181][ T2579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1198.374828][ T2520] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1198.391074][ T2520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1198.429642][ T2579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1198.621954][ T2587] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1198.648905][ T2587] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1198.680051][ T2587] CPU: 0 PID: 2587 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1198.687557][ T2587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1198.697710][ T2587] Call Trace: [ 1198.701024][ T2587] dump_stack+0x1d8/0x2f8 [ 1198.705513][ T2587] dump_header+0xd8/0x960 [ 1198.709854][ T2587] oom_kill_process+0xcd/0x350 [ 1198.714629][ T2587] out_of_memory+0x5fa/0x8b0 [ 1198.719228][ T2587] memory_max_write+0x4ba/0x600 [ 1198.724226][ T2587] ? memory_max_show+0xa0/0xa0 [ 1198.728993][ T2587] cgroup_file_write+0x223/0x5f0 [ 1198.733994][ T2587] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1198.739111][ T2587] kernfs_fop_write+0x3e4/0x4e0 [ 1198.743967][ T2587] ? kernfs_fop_read+0x580/0x580 [ 1198.748909][ T2587] __vfs_write+0xb8/0x740 [ 1198.753249][ T2587] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1198.758793][ T2587] ? __sb_start_write+0x382/0x430 [ 1198.763818][ T2587] vfs_write+0x275/0x590 [ 1198.768066][ T2587] ksys_write+0x117/0x220 [ 1198.772404][ T2587] __x64_sys_write+0x7b/0x90 [ 1198.776995][ T2587] do_syscall_64+0xf7/0x1c0 [ 1198.781499][ T2587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1198.787392][ T2587] RIP: 0033:0x459a29 [ 1198.791419][ T2587] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1198.811296][ T2587] RSP: 002b:00007f177a6edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1198.819991][ T2587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1198.828414][ T2587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1198.836493][ T2587] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1198.844530][ T2587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f177a6ee6d4 [ 1198.852490][ T2587] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1198.862148][ T2587] memory: usage 7524kB, limit 0kB, failcnt 633 [ 1198.868931][ T2587] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1198.875880][ T2587] Memory cgroup stats for /syz3: [ 1198.875968][ T2587] anon 2158592 [ 1198.875968][ T2587] file 221184 [ 1198.875968][ T2587] kernel_stack 65536 [ 1198.875968][ T2587] slab 5472256 [ 1198.875968][ T2587] sock 0 [ 1198.875968][ T2587] shmem 0 [ 1198.875968][ T2587] file_mapped 0 [ 1198.875968][ T2587] file_dirty 0 [ 1198.875968][ T2587] file_writeback 0 [ 1198.875968][ T2587] anon_thp 2097152 [ 1198.875968][ T2587] inactive_anon 0 [ 1198.875968][ T2587] active_anon 2158592 [ 1198.875968][ T2587] inactive_file 0 [ 1198.875968][ T2587] active_file 135168 [ 1198.875968][ T2587] unevictable 0 [ 1198.875968][ T2587] slab_reclaimable 4595712 [ 1198.875968][ T2587] slab_unreclaimable 876544 [ 1198.875968][ T2587] pgfault 68508 [ 1198.875968][ T2587] pgmajfault 0 [ 1198.875968][ T2587] workingset_refault 0 [ 1198.875968][ T2587] workingset_activate 0 [ 1198.875968][ T2587] workingset_nodereclaim 0 [ 1198.875968][ T2587] pgrefill 66 [ 1198.875968][ T2587] pgscan 66 [ 1198.875968][ T2587] pgsteal 35 [ 1198.875968][ T2587] pgactivate 0 [ 1198.973904][ T2587] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2586,uid=0 [ 1199.000879][ T2587] Memory cgroup out of memory: Killed process 2586 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1199.041538][ T1066] oom_reaper: reaped process 2586 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:41:08 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:41:08 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0) 03:41:08 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x81a0ae8c, 0x0) 03:41:08 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:41:08 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1199.084643][ T2579] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:41:08 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1199.179638][ T2579] CPU: 0 PID: 2579 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1199.187325][ T2579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.197649][ T2579] Call Trace: [ 1199.200955][ T2579] dump_stack+0x1d8/0x2f8 [ 1199.205299][ T2579] dump_header+0xd8/0x960 [ 1199.209641][ T2579] oom_kill_process+0xcd/0x350 [ 1199.214676][ T2579] out_of_memory+0x5fa/0x8b0 [ 1199.219278][ T2579] try_charge+0x125a/0x1910 [ 1199.223985][ T2579] mem_cgroup_try_charge+0x20c/0x680 [ 1199.230028][ T2579] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1199.235668][ T2579] wp_page_copy+0x349/0x1890 [ 1199.240295][ T2579] ? __kasan_check_read+0x11/0x20 [ 1199.245333][ T2579] ? do_raw_spin_unlock+0x49/0x260 [ 1199.250458][ T2579] do_wp_page+0x5e5/0x1cc0 [ 1199.254878][ T2579] ? __kasan_check_write+0x14/0x20 [ 1199.260171][ T2579] handle_mm_fault+0x2ada/0x5ff0 [ 1199.267147][ T2579] do_user_addr_fault+0x589/0xaf0 [ 1199.273009][ T2579] __do_page_fault+0xd3/0x1f0 [ 1199.278716][ T2579] do_page_fault+0x99/0xb0 [ 1199.284322][ T2579] page_fault+0x39/0x40 [ 1199.288657][ T2579] RIP: 0033:0x430b06 [ 1199.293467][ T2579] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1199.313255][ T2579] RSP: 002b:00007fff3f10d5e0 EFLAGS: 00010206 [ 1199.319343][ T2579] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 03:41:08 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:41:08 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) [ 1199.327429][ T2579] RDX: 00000000022ad930 RSI: 00000000022b5970 RDI: 0000000000000003 [ 1199.335547][ T2579] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000022ac940 [ 1199.343949][ T2579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1199.352156][ T2579] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 03:41:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x81a0ae8c, 0x0) 03:41:08 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:08 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1199.540061][ T2579] memory: usage 4884kB, limit 0kB, failcnt 641 [ 1199.553628][ T2579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1199.592820][ T2579] Memory cgroup stats for /syz3: [ 1199.592899][ T2579] anon 53248 [ 1199.592899][ T2579] file 221184 [ 1199.592899][ T2579] kernel_stack 65536 [ 1199.592899][ T2579] slab 5066752 [ 1199.592899][ T2579] sock 0 [ 1199.592899][ T2579] shmem 0 [ 1199.592899][ T2579] file_mapped 0 [ 1199.592899][ T2579] file_dirty 0 [ 1199.592899][ T2579] file_writeback 0 [ 1199.592899][ T2579] anon_thp 0 [ 1199.592899][ T2579] inactive_anon 0 [ 1199.592899][ T2579] active_anon 53248 [ 1199.592899][ T2579] inactive_file 0 [ 1199.592899][ T2579] active_file 135168 [ 1199.592899][ T2579] unevictable 0 [ 1199.592899][ T2579] slab_reclaimable 4190208 [ 1199.592899][ T2579] slab_unreclaimable 876544 [ 1199.592899][ T2579] pgfault 68508 [ 1199.592899][ T2579] pgmajfault 0 [ 1199.592899][ T2579] workingset_refault 0 [ 1199.592899][ T2579] workingset_activate 0 [ 1199.592899][ T2579] workingset_nodereclaim 0 [ 1199.592899][ T2579] pgrefill 66 [ 1199.592899][ T2579] pgscan 66 [ 1199.592899][ T2579] pgsteal 35 [ 1199.592899][ T2579] pgactivate 0 [ 1199.847945][ T2579] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2579,uid=0 [ 1199.872569][ T2579] Memory cgroup out of memory: Killed process 2579 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1199.891372][ T1066] oom_reaper: reaped process 2579 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:41:09 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:41:09 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:41:09 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0) 03:41:09 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0x81a0ae8c, 0x0) [ 1200.968885][ T2632] IPVS: ftp: loaded support on port[0] = 21 [ 1201.133591][ T2632] chnl_net:caif_netlink_parms(): no params data found [ 1201.197209][ T2632] bridge0: port 1(bridge_slave_0) entered blocking state [ 1201.205790][ T2632] bridge0: port 1(bridge_slave_0) entered disabled state [ 1201.222086][ T2632] device bridge_slave_0 entered promiscuous mode [ 1201.241316][ T2632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1201.248450][ T2632] bridge0: port 2(bridge_slave_1) entered disabled state [ 1201.271368][ T2632] device bridge_slave_1 entered promiscuous mode [ 1201.310651][ T2632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1201.332994][ T2632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1201.357664][ T2632] team0: Port device team_slave_0 added [ 1201.366527][ T2632] team0: Port device team_slave_1 added [ 1201.443948][ T2632] device hsr_slave_0 entered promiscuous mode [ 1201.510849][ T2632] device hsr_slave_1 entered promiscuous mode [ 1201.570204][ T2632] debugfs: Directory 'hsr0' with parent '/' already present! [ 1201.699235][ T2632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1201.718245][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1201.740782][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1201.753030][ T2632] 8021q: adding VLAN 0 to HW filter on device team0 [ 1201.768149][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1201.777348][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1201.786195][ T2516] bridge0: port 1(bridge_slave_0) entered blocking state [ 1201.793289][ T2516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1201.831444][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1201.839469][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1201.861458][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1201.869844][ T2512] bridge0: port 2(bridge_slave_1) entered blocking state [ 1201.877224][ T2512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1201.910524][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1201.963578][ T2510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1201.973588][ T2510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1201.983124][ T2510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1202.010943][ T2510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1202.019527][ T2510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1202.044158][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1202.061808][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1202.117321][ T2632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1202.302640][ T2641] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1202.379667][ T2641] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1202.397816][ T2641] CPU: 0 PID: 2641 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1202.405322][ T2641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1202.415402][ T2641] Call Trace: [ 1202.418696][ T2641] dump_stack+0x1d8/0x2f8 [ 1202.423023][ T2641] dump_header+0xd8/0x960 [ 1202.427437][ T2641] oom_kill_process+0xcd/0x350 [ 1202.432199][ T2641] out_of_memory+0x5fa/0x8b0 [ 1202.436784][ T2641] memory_max_write+0x4ba/0x600 [ 1202.441638][ T2641] ? memory_max_show+0xa0/0xa0 [ 1202.446397][ T2641] cgroup_file_write+0x223/0x5f0 [ 1202.451328][ T2641] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1202.456426][ T2641] kernfs_fop_write+0x3e4/0x4e0 [ 1202.461270][ T2641] ? kernfs_fop_read+0x580/0x580 [ 1202.466197][ T2641] __vfs_write+0xb8/0x740 [ 1202.470525][ T2641] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1202.476060][ T2641] ? __sb_start_write+0x382/0x430 [ 1202.481085][ T2641] vfs_write+0x275/0x590 [ 1202.485321][ T2641] ksys_write+0x117/0x220 [ 1202.489643][ T2641] __x64_sys_write+0x7b/0x90 [ 1202.494238][ T2641] do_syscall_64+0xf7/0x1c0 [ 1202.498731][ T2641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1202.504629][ T2641] RIP: 0033:0x459a29 [ 1202.508522][ T2641] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1202.528131][ T2641] RSP: 002b:00007f241292cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1202.536713][ T2641] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1202.544669][ T2641] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1202.552628][ T2641] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1202.560584][ T2641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f241292d6d4 [ 1202.568543][ T2641] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1202.724360][ T2641] memory: usage 3528kB, limit 0kB, failcnt 616 [ 1202.733760][ T2641] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1202.741755][ T2641] Memory cgroup stats for /syz2: [ 1202.742171][ T2641] anon 2166784 [ 1202.742171][ T2641] file 155648 [ 1202.742171][ T2641] kernel_stack 65536 [ 1202.742171][ T2641] slab 1298432 [ 1202.742171][ T2641] sock 0 [ 1202.742171][ T2641] shmem 0 [ 1202.742171][ T2641] file_mapped 135168 [ 1202.742171][ T2641] file_dirty 135168 [ 1202.742171][ T2641] file_writeback 0 [ 1202.742171][ T2641] anon_thp 2097152 [ 1202.742171][ T2641] inactive_anon 135168 [ 1202.742171][ T2641] active_anon 2166784 [ 1202.742171][ T2641] inactive_file 0 [ 1202.742171][ T2641] active_file 0 [ 1202.742171][ T2641] unevictable 0 [ 1202.742171][ T2641] slab_reclaimable 270336 [ 1202.742171][ T2641] slab_unreclaimable 1028096 [ 1202.742171][ T2641] pgfault 210672 [ 1202.742171][ T2641] pgmajfault 0 [ 1202.742171][ T2641] workingset_refault 0 [ 1202.742171][ T2641] workingset_activate 0 [ 1202.742171][ T2641] workingset_nodereclaim 0 [ 1202.742171][ T2641] pgrefill 282 [ 1202.742171][ T2641] pgscan 276 [ 1202.742171][ T2641] pgsteal 37 [ 1202.742171][ T2641] pgactivate 231 [ 1202.839029][ T2641] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2640,uid=0 [ 1202.855153][ T2641] Memory cgroup out of memory: Killed process 2640 (syz-executor.2) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1202.875368][ T1066] oom_reaper: reaped process 2640 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 03:41:12 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:41:12 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:41:12 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:12 executing program 0: r0 = socket$inet(0x2, 0x0, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:41:12 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000300)={r0, &(0x7f0000000280), 0x0}, 0x20) 03:41:12 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 1202.984907][ T2632] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1203.013579][ T2632] CPU: 0 PID: 2632 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 1203.021097][ T2632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1203.031175][ T2632] Call Trace: [ 1203.034474][ T2632] dump_stack+0x1d8/0x2f8 [ 1203.038895][ T2632] dump_header+0xd8/0x960 [ 1203.043226][ T2632] oom_kill_process+0xcd/0x350 [ 1203.047995][ T2632] out_of_memory+0x5fa/0x8b0 [ 1203.052586][ T2632] try_charge+0x125a/0x1910 [ 1203.057111][ T2632] mem_cgroup_try_charge+0x20c/0x680 [ 1203.062401][ T2632] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1203.068035][ T2632] handle_mm_fault+0x310e/0x5ff0 [ 1203.072992][ T2632] do_user_addr_fault+0x589/0xaf0 [ 1203.078028][ T2632] __do_page_fault+0xd3/0x1f0 [ 1203.082708][ T2632] do_page_fault+0x99/0xb0 [ 1203.087125][ T2632] page_fault+0x39/0x40 [ 1203.091276][ T2632] RIP: 0033:0x4034f2 [ 1203.095168][ T2632] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 1203.114772][ T2632] RSP: 002b:00007ffd103d8ee0 EFLAGS: 00010246 [ 1203.120842][ T2632] RAX: 0000000000000000 RBX: 00000000001258a3 RCX: 0000000000413630 03:41:12 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:12 executing program 4: r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) recvmsg(r2, &(0x7f0000001480)={0x0, 0x0, 0x0}, 0x0) [ 1203.128838][ T2632] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd103da010 [ 1203.136817][ T2632] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001c59940 [ 1203.144814][ T2632] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd103da010 [ 1203.152782][ T2632] R13: 00007ffd103da000 R14: 0000000000000000 R15: 00007ffd103da010 03:41:12 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) close(r0) 03:41:12 executing program 0: r0 = socket$inet(0x2, 0x0, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:41:12 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:12 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000240)=@sg0='/dev/sg0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='devpts\x00', 0x0, 0x0) [ 1203.588661][ T2632] memory: usage 1204kB, limit 0kB, failcnt 624 [ 1203.609973][ T2632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1203.616850][ T2632] Memory cgroup stats for /syz2: [ 1203.621415][ T2632] anon 36864 [ 1203.621415][ T2632] file 155648 [ 1203.621415][ T2632] kernel_stack 65536 [ 1203.621415][ T2632] slab 1298432 [ 1203.621415][ T2632] sock 0 [ 1203.621415][ T2632] shmem 0 [ 1203.621415][ T2632] file_mapped 135168 [ 1203.621415][ T2632] file_dirty 135168 [ 1203.621415][ T2632] file_writeback 0 [ 1203.621415][ T2632] anon_thp 0 [ 1203.621415][ T2632] inactive_anon 135168 [ 1203.621415][ T2632] active_anon 36864 [ 1203.621415][ T2632] inactive_file 0 [ 1203.621415][ T2632] active_file 0 [ 1203.621415][ T2632] unevictable 0 [ 1203.621415][ T2632] slab_reclaimable 270336 [ 1203.621415][ T2632] slab_unreclaimable 1028096 [ 1203.621415][ T2632] pgfault 210672 [ 1203.621415][ T2632] pgmajfault 0 [ 1203.621415][ T2632] workingset_refault 0 [ 1203.621415][ T2632] workingset_activate 0 [ 1203.621415][ T2632] workingset_nodereclaim 0 [ 1203.621415][ T2632] pgrefill 282 [ 1203.621415][ T2632] pgscan 276 [ 1203.621415][ T2632] pgsteal 37 [ 1203.621415][ T2632] pgactivate 231 [ 1203.721268][ T2632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2632,uid=0 [ 1203.737183][ T2632] Memory cgroup out of memory: Killed process 2632 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 1203.755185][ T1066] oom_reaper: reaped process 2632 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 03:41:13 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 03:41:13 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) close(r0) 03:41:13 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:41:13 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000280), 0x0}, 0x20) 03:41:13 executing program 0: r0 = socket$inet(0x2, 0x0, 0x2200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1204.803575][ T2697] IPVS: ftp: loaded support on port[0] = 21 [ 1204.925371][ T2697] chnl_net:caif_netlink_parms(): no params data found [ 1204.988149][ T2697] bridge0: port 1(bridge_slave_0) entered blocking state [ 1205.010037][ T2697] bridge0: port 1(bridge_slave_0) entered disabled state [ 1205.018405][ T2697] device bridge_slave_0 entered promiscuous mode [ 1205.042529][ T2697] bridge0: port 2(bridge_slave_1) entered blocking state [ 1205.049675][ T2697] bridge0: port 2(bridge_slave_1) entered disabled state [ 1205.058160][ T2697] device bridge_slave_1 entered promiscuous mode [ 1205.080372][ T2697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1205.091952][ T2697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1205.114422][ T2697] team0: Port device team_slave_0 added [ 1205.122277][ T2697] team0: Port device team_slave_1 added [ 1205.202835][ T2697] device hsr_slave_0 entered promiscuous mode [ 1205.257105][ T2697] device hsr_slave_1 entered promiscuous mode [ 1205.320296][ T2697] debugfs: Directory 'hsr0' with parent '/' already present! [ 1222.776968][ T2697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1222.803544][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1222.812106][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1228.696462][ T2697] 8021q: adding VLAN 0 to HW filter on device team0 [ 1228.711380][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1228.721895][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1228.730537][ T2698] bridge0: port 1(bridge_slave_0) entered blocking state [ 1228.737591][ T2698] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1234.536305][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1234.546508][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1234.555570][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1234.566078][ T2512] bridge0: port 2(bridge_slave_1) entered blocking state [ 1234.573175][ T2512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1234.582217][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1234.616543][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1234.643732][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1234.653264][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1234.674001][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1234.683090][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1240.442171][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1240.452623][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1240.462669][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1240.472732][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1240.481911][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1240.491832][ T2697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1246.340210][ T2697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1252.221906][ T2711] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1252.281877][ T2712] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1252.300860][ T2712] CPU: 1 PID: 2712 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1252.308349][ T2712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1252.318410][ T2712] Call Trace: [ 1252.321713][ T2712] dump_stack+0x1d8/0x2f8 [ 1252.326044][ T2712] dump_header+0xd8/0x960 [ 1252.330467][ T2712] oom_kill_process+0xcd/0x350 [ 1252.335232][ T2712] out_of_memory+0x5fa/0x8b0 [ 1252.339820][ T2712] memory_max_write+0x4ba/0x600 [ 1252.344679][ T2712] ? memory_max_show+0xa0/0xa0 [ 1252.349522][ T2712] cgroup_file_write+0x223/0x5f0 [ 1252.354455][ T2712] ? cgroup_seqfile_stop+0xc0/0xc0 [ 1252.359563][ T2712] kernfs_fop_write+0x3e4/0x4e0 [ 1252.364432][ T2712] ? kernfs_fop_read+0x580/0x580 [ 1252.369371][ T2712] __vfs_write+0xb8/0x740 [ 1252.373700][ T2712] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 1252.379239][ T2712] ? __sb_start_write+0x382/0x430 [ 1252.384269][ T2712] vfs_write+0x275/0x590 [ 1252.388511][ T2712] ksys_write+0x117/0x220 [ 1252.392847][ T2712] __x64_sys_write+0x7b/0x90 [ 1252.397431][ T2712] do_syscall_64+0xf7/0x1c0 [ 1252.401955][ T2712] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1252.407854][ T2712] RIP: 0033:0x459a29 [ 1252.411747][ T2712] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1252.431348][ T2712] RSP: 002b:00007fd25451bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1252.439764][ T2712] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 1252.447733][ T2712] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1252.455727][ T2712] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1252.463869][ T2712] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd25451c6d4 [ 1252.471840][ T2712] R13: 00000000004c9bcb R14: 00000000004e1460 R15: 00000000ffffffff [ 1252.484228][ T2712] memory: usage 3340kB, limit 0kB, failcnt 642 [ 1252.490512][ T2712] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1252.497432][ T2712] Memory cgroup stats for /syz3: [ 1252.497513][ T2712] anon 2174976 [ 1252.497513][ T2712] file 221184 [ 1252.497513][ T2712] kernel_stack 65536 [ 1252.497513][ T2712] slab 1011712 [ 1252.497513][ T2712] sock 0 [ 1252.497513][ T2712] shmem 0 [ 1252.497513][ T2712] file_mapped 0 [ 1252.497513][ T2712] file_dirty 0 [ 1252.497513][ T2712] file_writeback 0 [ 1252.497513][ T2712] anon_thp 2097152 [ 1252.497513][ T2712] inactive_anon 0 [ 1252.497513][ T2712] active_anon 2174976 [ 1252.497513][ T2712] inactive_file 0 [ 1252.497513][ T2712] active_file 135168 [ 1252.497513][ T2712] unevictable 0 [ 1252.497513][ T2712] slab_reclaimable 270336 [ 1252.497513][ T2712] slab_unreclaimable 741376 [ 1252.497513][ T2712] pgfault 68607 [ 1252.497513][ T2712] pgmajfault 0 [ 1252.497513][ T2712] workingset_refault 0 [ 1252.497513][ T2712] workingset_activate 0 [ 1252.497513][ T2712] workingset_nodereclaim 0 [ 1252.497513][ T2712] pgrefill 66 [ 1252.497513][ T2712] pgscan 66 [ 1252.497513][ T2712] pgsteal 35 [ 1252.497513][ T2712] pgactivate 0 [ 1252.594816][ T2712] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2710,uid=0 [ 1252.611816][ T2712] Memory cgroup out of memory: Killed process 2710 (syz-executor.3) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 03:42:02 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:42:02 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000280), 0x0}, 0x20) 03:42:02 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:42:02 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) close(r0) 03:42:02 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:42:02 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) recvmsg(r2, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb01001800007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811c2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1c3a0d790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260991baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 1252.631957][ T1066] oom_reaper: reaped process 2710 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1252.692166][ T2697] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1252.740669][ T2697] CPU: 1 PID: 2697 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 1252.748256][ T2697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1252.758324][ T2697] Call Trace: [ 1252.761620][ T2697] dump_stack+0x1d8/0x2f8 [ 1252.765976][ T2697] dump_header+0xd8/0x960 [ 1252.770313][ T2697] oom_kill_process+0xcd/0x350 [ 1252.775083][ T2697] out_of_memory+0x5fa/0x8b0 [ 1252.779785][ T2697] try_charge+0x125a/0x1910 [ 1252.784313][ T2697] mem_cgroup_try_charge+0x20c/0x680 [ 1252.789607][ T2697] mem_cgroup_try_charge_delay+0x25/0xa0 [ 1252.795242][ T2697] wp_page_copy+0x349/0x1890 [ 1252.799837][ T2697] ? __kasan_check_read+0x11/0x20 [ 1252.804871][ T2697] ? do_raw_spin_unlock+0x49/0x260 [ 1252.811739][ T2697] do_wp_page+0x5e5/0x1cc0 [ 1252.816155][ T2697] ? __kasan_check_write+0x14/0x20 [ 1252.821284][ T2697] handle_mm_fault+0x2ada/0x5ff0 [ 1252.826236][ T2697] do_user_addr_fault+0x589/0xaf0 [ 1252.831269][ T2697] __do_page_fault+0xd3/0x1f0 [ 1252.835946][ T2697] do_page_fault+0x99/0xb0 [ 1252.840376][ T2697] page_fault+0x39/0x40 [ 1252.844522][ T2697] RIP: 0033:0x430b06 [ 1252.848413][ T2697] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 1252.868213][ T2697] RSP: 002b:00007ffd0ca72760 EFLAGS: 00010206 [ 1252.874284][ T2697] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1252.882268][ T2697] RDX: 0000000001159930 RSI: 0000000001161970 RDI: 0000000000000003 03:42:02 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) 03:42:02 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0x0, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1252.890243][ T2697] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001158940 [ 1252.898222][ T2697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1252.906197][ T2697] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 1252.930056][ T2697] memory: usage 968kB, limit 0kB, failcnt 654 03:42:02 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) [ 1252.944254][ T2697] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1252.977052][ T2697] Memory cgroup stats for /syz3: [ 1252.977134][ T2697] anon 0 [ 1252.977134][ T2697] file 221184 [ 1252.977134][ T2697] kernel_stack 0 [ 1252.977134][ T2697] slab 1011712 [ 1252.977134][ T2697] sock 0 [ 1252.977134][ T2697] shmem 0 [ 1252.977134][ T2697] file_mapped 0 [ 1252.977134][ T2697] file_dirty 0 [ 1252.977134][ T2697] file_writeback 0 [ 1252.977134][ T2697] anon_thp 0 [ 1252.977134][ T2697] inactive_anon 0 [ 1252.977134][ T2697] active_anon 0 [ 1252.977134][ T2697] inactive_file 0 [ 1252.977134][ T2697] active_file 135168 [ 1252.977134][ T2697] unevictable 0 [ 1252.977134][ T2697] slab_reclaimable 270336 [ 1252.977134][ T2697] slab_unreclaimable 741376 [ 1252.977134][ T2697] pgfault 68607 [ 1252.977134][ T2697] pgmajfault 0 [ 1252.977134][ T2697] workingset_refault 0 [ 1252.977134][ T2697] workingset_activate 0 [ 1252.977134][ T2697] workingset_nodereclaim 0 [ 1252.977134][ T2697] pgrefill 66 [ 1252.977134][ T2697] pgscan 66 [ 1252.977134][ T2697] pgsteal 35 [ 1252.977134][ T2697] pgactivate 0 [ 1252.997099][ T2697] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=2697,uid=0 03:42:02 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0x0, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:42:02 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:42:02 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0x0, 0x2, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) [ 1253.420051][ T2697] Memory cgroup out of memory: Killed process 2697 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 1253.532217][ T1066] oom_reaper: reaped process 2697 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 1259.076073][ T2845] IPVS: ftp: loaded support on port[0] = 21 03:42:14 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) close(r1) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x11, 0x6, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r5, r2, 0x0, 0x3}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40000003) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140)=r6, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 03:42:14 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2200000088) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8084, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x2, 0x0, 0x0, 0x0) 03:42:14 executing program 5: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0xffffffff, 0x0, {0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x68b31885}}}) close(r0) 03:42:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) 03:42:14 executing program 1: unshare(0x400) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1e, &(0x7f00000035c0), &(0x7f0000003600)=0x4) [ 1265.125123][ T2845] chnl_net:caif_netlink_parms(): no params data found [ 1265.157607][ T2845] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.164917][ T2845] bridge0: port 1(bridge_slave_0) entered disabled state [ 1265.173097][ T2845] device bridge_slave_0 entered promiscuous mode [ 1265.181565][ T2845] bridge0: port 2(bridge_slave_1) entered blocking state [ 1265.188692][ T2845] bridge0: port 2(bridge_slave_1) entered disabled state [ 1265.197630][ T2845] device bridge_slave_1 entered promiscuous mode [ 1265.279568][ T2845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1265.300921][ T2845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1265.379263][ T2845] team0: Port device team_slave_0 added [ 1265.387772][ T2845] team0: Port device team_slave_1 added [ 1265.483585][ T2845] device hsr_slave_0 entered promiscuous mode [ 1265.541058][ T2845] device hsr_slave_1 entered promiscuous mode [ 1265.680155][ T2845] debugfs: Directory 'hsr0' with parent '/' already present! [ 1265.762118][ T2845] bridge0: port 2(bridge_slave_1) entered blocking state [ 1265.769203][ T2845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1265.776697][ T2845] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.783790][ T2845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1265.859061][ T2845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1265.878535][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1265.888395][ T2512] bridge0: port 1(bridge_slave_0) entered disabled state [ 1265.898181][ T2512] bridge0: port 2(bridge_slave_1) entered disabled state [ 1265.907224][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1265.923124][ T2845] 8021q: adding VLAN 0 to HW filter on device team0 [ 1265.978619][ T2512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1265.988435][ T2512] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.995743][ T2512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1266.159488][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1266.169830][ T2698] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.176964][ T2698] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1266.194887][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1266.203984][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1266.213913][ T2505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1266.264707][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1266.273639][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1266.283285][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1266.292395][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1266.301120][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1266.309475][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1266.318060][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1266.329754][ T2877] device bridge_slave_1 left promiscuous mode [ 1266.336468][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.391461][ T2877] device bridge_slave_0 left promiscuous mode [ 1266.397681][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.452269][ T2877] device bridge_slave_1 left promiscuous mode [ 1266.458454][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.501583][ T2877] device bridge_slave_0 left promiscuous mode [ 1266.507784][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.582313][ T2877] device bridge_slave_1 left promiscuous mode [ 1266.588686][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.651389][ T2877] device bridge_slave_0 left promiscuous mode [ 1266.657588][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.712837][ T2877] device bridge_slave_1 left promiscuous mode [ 1266.719037][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.791391][ T2877] device bridge_slave_0 left promiscuous mode [ 1266.797617][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.871644][ T2877] device bridge_slave_1 left promiscuous mode [ 1266.877836][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.931381][ T2877] device bridge_slave_0 left promiscuous mode [ 1266.938272][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.992195][ T2877] device bridge_slave_1 left promiscuous mode [ 1266.998383][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.051804][ T2877] device bridge_slave_0 left promiscuous mode [ 1267.057994][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.112041][ T2877] device bridge_slave_1 left promiscuous mode [ 1267.118245][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.181263][ T2877] device bridge_slave_0 left promiscuous mode [ 1267.187467][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.232244][ T2877] device bridge_slave_1 left promiscuous mode [ 1267.238446][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.301166][ T2877] device bridge_slave_0 left promiscuous mode [ 1267.307366][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.402380][ T2877] device bridge_slave_1 left promiscuous mode [ 1267.408605][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.501385][ T2877] device bridge_slave_0 left promiscuous mode [ 1267.507620][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.572084][ T2877] device bridge_slave_1 left promiscuous mode [ 1267.578302][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.661217][ T2877] device bridge_slave_0 left promiscuous mode [ 1267.667549][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.742233][ T2877] device bridge_slave_1 left promiscuous mode [ 1267.748427][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.841738][ T2877] device bridge_slave_0 left promiscuous mode [ 1267.847932][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.952202][ T2877] device bridge_slave_1 left promiscuous mode [ 1267.958411][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.101185][ T2877] device bridge_slave_0 left promiscuous mode [ 1268.107397][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1268.171149][ T2877] device bridge_slave_1 left promiscuous mode [ 1268.177489][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.261407][ T2877] device bridge_slave_0 left promiscuous mode [ 1268.267651][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1268.382198][ T2877] device bridge_slave_1 left promiscuous mode [ 1268.389376][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.431292][ T2877] device bridge_slave_0 left promiscuous mode [ 1268.437606][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1268.522222][ T2877] device bridge_slave_1 left promiscuous mode [ 1268.528433][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.601317][ T2877] device bridge_slave_0 left promiscuous mode [ 1268.607626][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1268.671458][ T2877] device bridge_slave_1 left promiscuous mode [ 1268.677689][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.721834][ T2877] device bridge_slave_0 left promiscuous mode [ 1268.728202][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1268.852059][ T2877] device bridge_slave_1 left promiscuous mode [ 1268.858266][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.911294][ T2877] device bridge_slave_0 left promiscuous mode [ 1268.917500][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.002200][ T2877] device bridge_slave_1 left promiscuous mode [ 1269.008527][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.101397][ T2877] device bridge_slave_0 left promiscuous mode [ 1269.107990][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.192642][ T2877] device bridge_slave_1 left promiscuous mode [ 1269.198852][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.311233][ T2877] device bridge_slave_0 left promiscuous mode [ 1269.317727][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.372081][ T2877] device bridge_slave_1 left promiscuous mode [ 1269.378864][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.461341][ T2877] device bridge_slave_0 left promiscuous mode [ 1269.467566][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.522792][ T2877] device bridge_slave_1 left promiscuous mode [ 1269.528989][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.601380][ T2877] device bridge_slave_0 left promiscuous mode [ 1269.607605][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.682067][ T2877] device bridge_slave_1 left promiscuous mode [ 1269.689116][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.761253][ T2877] device bridge_slave_0 left promiscuous mode [ 1269.767463][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.872039][ T2877] device bridge_slave_1 left promiscuous mode [ 1269.878785][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.961183][ T2877] device bridge_slave_0 left promiscuous mode [ 1269.967509][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.062217][ T2877] device bridge_slave_1 left promiscuous mode [ 1270.068634][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.151365][ T2877] device bridge_slave_0 left promiscuous mode [ 1270.157582][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.232106][ T2877] device bridge_slave_1 left promiscuous mode [ 1270.238312][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.281220][ T2877] device bridge_slave_0 left promiscuous mode [ 1270.287462][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.412053][ T2877] device bridge_slave_1 left promiscuous mode [ 1270.418268][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.541182][ T2877] device bridge_slave_0 left promiscuous mode [ 1270.547393][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.652088][ T2877] device bridge_slave_1 left promiscuous mode [ 1270.658310][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.801453][ T2877] device bridge_slave_0 left promiscuous mode [ 1270.807653][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.911910][ T2877] device bridge_slave_1 left promiscuous mode [ 1270.918100][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.021144][ T2877] device bridge_slave_0 left promiscuous mode [ 1271.027357][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.102137][ T2877] device bridge_slave_1 left promiscuous mode [ 1271.108354][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.231151][ T2877] device bridge_slave_0 left promiscuous mode [ 1271.237351][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.322073][ T2877] device bridge_slave_1 left promiscuous mode [ 1271.328443][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.391162][ T2877] device bridge_slave_0 left promiscuous mode [ 1271.397366][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.461462][ T2877] device bridge_slave_1 left promiscuous mode [ 1271.467671][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.521530][ T2877] device bridge_slave_0 left promiscuous mode [ 1271.527745][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.662334][ T2877] device bridge_slave_1 left promiscuous mode [ 1271.668573][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.721210][ T2877] device bridge_slave_0 left promiscuous mode [ 1271.727426][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.772037][ T2877] device bridge_slave_1 left promiscuous mode [ 1271.778243][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.900984][ T2877] device bridge_slave_0 left promiscuous mode [ 1271.907193][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.971980][ T2877] device bridge_slave_1 left promiscuous mode [ 1271.978221][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.091176][ T2877] device bridge_slave_0 left promiscuous mode [ 1272.097381][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.162245][ T2877] device bridge_slave_1 left promiscuous mode [ 1272.168444][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.310953][ T2877] device bridge_slave_0 left promiscuous mode [ 1272.317161][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.373523][ T2877] device bridge_slave_1 left promiscuous mode [ 1272.379714][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.451071][ T2877] device bridge_slave_0 left promiscuous mode [ 1272.457272][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.552071][ T2877] device bridge_slave_1 left promiscuous mode [ 1272.558279][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.621054][ T2877] device bridge_slave_0 left promiscuous mode [ 1272.627346][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.701374][ T2877] device bridge_slave_1 left promiscuous mode [ 1272.707790][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.771026][ T2877] device bridge_slave_0 left promiscuous mode [ 1272.777235][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.882486][ T2877] device bridge_slave_1 left promiscuous mode [ 1272.888688][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1272.941053][ T2877] device bridge_slave_0 left promiscuous mode [ 1272.947257][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.061997][ T2877] device bridge_slave_1 left promiscuous mode [ 1273.068205][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1273.141096][ T2877] device bridge_slave_0 left promiscuous mode [ 1273.147292][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.242092][ T2877] device bridge_slave_1 left promiscuous mode [ 1273.248299][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1273.301089][ T2877] device bridge_slave_0 left promiscuous mode [ 1273.307291][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.422085][ T2877] device bridge_slave_1 left promiscuous mode [ 1273.428304][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1273.490953][ T2877] device bridge_slave_0 left promiscuous mode [ 1273.497176][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.552071][ T2877] device bridge_slave_1 left promiscuous mode [ 1273.558279][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1273.661109][ T2877] device bridge_slave_0 left promiscuous mode [ 1273.667758][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.742046][ T2877] device bridge_slave_1 left promiscuous mode [ 1273.748260][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1273.821043][ T2877] device bridge_slave_0 left promiscuous mode [ 1273.827598][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.911841][ T2877] device bridge_slave_1 left promiscuous mode [ 1273.918073][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.031625][ T2877] device bridge_slave_0 left promiscuous mode [ 1274.037930][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.112008][ T2877] device bridge_slave_1 left promiscuous mode [ 1274.118211][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.211207][ T2877] device bridge_slave_0 left promiscuous mode [ 1274.217435][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.272538][ T2877] device bridge_slave_1 left promiscuous mode [ 1274.278739][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.451163][ T2877] device bridge_slave_0 left promiscuous mode [ 1274.457374][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.593384][ T2877] device bridge_slave_1 left promiscuous mode [ 1274.599608][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.661029][ T2877] device bridge_slave_0 left promiscuous mode [ 1274.667220][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.722313][ T2877] device bridge_slave_1 left promiscuous mode [ 1274.728526][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.830940][ T2877] device bridge_slave_0 left promiscuous mode [ 1274.837141][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.901649][ T2877] device bridge_slave_1 left promiscuous mode [ 1274.907852][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.951027][ T2877] device bridge_slave_0 left promiscuous mode [ 1274.957220][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.071908][ T2877] device bridge_slave_1 left promiscuous mode [ 1275.078112][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.121456][ T2877] device bridge_slave_0 left promiscuous mode [ 1275.127651][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.191973][ T2877] device bridge_slave_1 left promiscuous mode [ 1275.198178][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.291111][ T2877] device bridge_slave_0 left promiscuous mode [ 1275.297348][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.432053][ T2877] device bridge_slave_1 left promiscuous mode [ 1275.438272][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.531460][ T2877] device bridge_slave_0 left promiscuous mode [ 1275.537706][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.594260][ T2877] device bridge_slave_1 left promiscuous mode [ 1275.601224][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.671143][ T2877] device bridge_slave_0 left promiscuous mode [ 1275.677375][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.732030][ T2877] device bridge_slave_1 left promiscuous mode [ 1275.738233][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.861035][ T2877] device bridge_slave_0 left promiscuous mode [ 1275.867235][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.971915][ T2877] device bridge_slave_1 left promiscuous mode [ 1275.978106][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.031074][ T2877] device bridge_slave_0 left promiscuous mode [ 1276.037283][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.111286][ T2877] device bridge_slave_1 left promiscuous mode [ 1276.117486][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.161301][ T2877] device bridge_slave_0 left promiscuous mode [ 1276.167505][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.251882][ T2877] device bridge_slave_1 left promiscuous mode [ 1276.258079][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.390963][ T2877] device bridge_slave_0 left promiscuous mode [ 1276.397177][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.451986][ T2877] device bridge_slave_1 left promiscuous mode [ 1276.458189][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.521003][ T2877] device bridge_slave_0 left promiscuous mode [ 1276.527214][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.651932][ T2877] device bridge_slave_1 left promiscuous mode [ 1276.658230][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.721157][ T2877] device bridge_slave_0 left promiscuous mode [ 1276.727370][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.802156][ T2877] device bridge_slave_1 left promiscuous mode [ 1276.808377][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.861062][ T2877] device bridge_slave_0 left promiscuous mode [ 1276.867269][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.991994][ T2877] device bridge_slave_1 left promiscuous mode [ 1276.998215][ T2877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1277.050952][ T2877] device bridge_slave_0 left promiscuous mode [ 1277.057180][ T2877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1429.760210][ T1065] INFO: task kworker/1:18:2505 blocked for more than 143 seconds. [ 1429.768078][ T1065] Not tainted 5.3.0+ #0 [ 1429.778528][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1429.787625][ T1065] kworker/1:18 D27720 2505 2 0x80004000 [ 1429.794458][ T1065] Workqueue: events linkwatch_event [ 1429.799675][ T1065] Call Trace: [ 1429.803340][ T1065] __schedule+0x74b/0xb80 [ 1429.807680][ T1065] schedule+0x131/0x1e0 [ 1429.812237][ T1065] schedule_preempt_disabled+0x13/0x20 [ 1429.817698][ T1065] __mutex_lock_common+0x1411/0x2e20 [ 1429.823378][ T1065] ? rtnl_lock+0x17/0x20 [ 1429.827641][ T1065] mutex_lock_nested+0x1b/0x30 [ 1429.832782][ T1065] rtnl_lock+0x17/0x20 [ 1429.836853][ T1065] linkwatch_event+0xe/0x60 [ 1429.841907][ T1065] process_one_work+0x7ef/0x10e0 [ 1429.846867][ T1065] worker_thread+0xc01/0x1630 [ 1429.851971][ T1065] kthread+0x332/0x350 [ 1429.856042][ T1065] ? rcu_lock_release+0x30/0x30 [ 1429.861362][ T1065] ? kthread_blkcg+0xe0/0xe0 [ 1429.865998][ T1065] ret_from_fork+0x24/0x30 [ 1429.880024][ T1065] INFO: task kworker/0:16:2522 blocked for more than 143 seconds. [ 1429.887869][ T1065] Not tainted 5.3.0+ #0 [ 1429.909950][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1429.918665][ T1065] kworker/0:16 D27768 2522 2 0x80004000 [ 1429.940026][ T1065] Workqueue: ipv6_addrconf addrconf_dad_work [ 1429.946479][ T1065] Call Trace: [ 1429.949779][ T1065] __schedule+0x74b/0xb80 [ 1429.969986][ T1065] schedule+0x131/0x1e0 [ 1429.974199][ T1065] schedule_preempt_disabled+0x13/0x20 [ 1429.979652][ T1065] __mutex_lock_common+0x1411/0x2e20 [ 1429.999939][ T1065] ? rtnl_lock+0x17/0x20 [ 1430.004242][ T1065] mutex_lock_nested+0x1b/0x30 [ 1430.009001][ T1065] rtnl_lock+0x17/0x20 [ 1430.029992][ T1065] addrconf_dad_work+0x68/0x1c20 [ 1430.035088][ T1065] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1430.049933][ T1065] process_one_work+0x7ef/0x10e0 [ 1430.054934][ T1065] worker_thread+0xc01/0x1630 [ 1430.059625][ T1065] kthread+0x332/0x350 [ 1430.080038][ T1065] ? rcu_lock_release+0x30/0x30 [ 1430.084924][ T1065] ? kthread_blkcg+0xe0/0xe0 [ 1430.089506][ T1065] ret_from_fork+0x24/0x30 [ 1430.099999][ T1065] INFO: task kworker/0:18:2525 blocked for more than 143 seconds. [ 1430.107824][ T1065] Not tainted 5.3.0+ #0 [ 1430.119971][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1430.128694][ T1065] kworker/0:18 D27760 2525 2 0x80004000 [ 1430.150014][ T1065] Workqueue: events switchdev_deferred_process_work [ 1430.156638][ T1065] Call Trace: [ 1430.169936][ T1065] __schedule+0x74b/0xb80 [ 1430.174315][ T1065] schedule+0x131/0x1e0 [ 1430.178464][ T1065] schedule_preempt_disabled+0x13/0x20 [ 1430.199923][ T1065] __mutex_lock_common+0x1411/0x2e20 [ 1430.205246][ T1065] ? rtnl_lock+0x17/0x20 [ 1430.209500][ T1065] mutex_lock_nested+0x1b/0x30 [ 1430.229923][ T1065] rtnl_lock+0x17/0x20 [ 1430.234032][ T1065] switchdev_deferred_process_work+0xe/0x20 [ 1430.240395][ T1065] process_one_work+0x7ef/0x10e0 [ 1430.245356][ T1065] worker_thread+0xc01/0x1630 [ 1430.250384][ T1065] kthread+0x332/0x350 [ 1430.254447][ T1065] ? rcu_lock_release+0x30/0x30 [ 1430.259374][ T1065] ? kthread_blkcg+0xe0/0xe0 [ 1430.279968][ T1065] ret_from_fork+0x24/0x30 [ 1430.284462][ T1065] INFO: task kworker/1:28:2698 blocked for more than 143 seconds. [ 1430.299924][ T1065] Not tainted 5.3.0+ #0 [ 1430.304627][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1430.323733][ T1065] kworker/1:28 D27392 2698 2 0x80004000 [ 1430.339933][ T1065] Workqueue: ipv6_addrconf addrconf_dad_work [ 1430.345998][ T1065] Call Trace: [ 1430.349289][ T1065] __schedule+0x74b/0xb80 [ 1430.359999][ T1065] schedule+0x131/0x1e0 [ 1430.364222][ T1065] schedule_preempt_disabled+0x13/0x20 [ 1430.369675][ T1065] __mutex_lock_common+0x1411/0x2e20 [ 1430.375343][ T1065] ? rtnl_lock+0x17/0x20 [ 1430.379607][ T1065] mutex_lock_nested+0x1b/0x30 [ 1430.384717][ T1065] rtnl_lock+0x17/0x20 [ 1430.388782][ T1065] addrconf_dad_work+0x68/0x1c20 [ 1430.394010][ T1065] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1430.400555][ T1065] process_one_work+0x7ef/0x10e0 [ 1430.406121][ T1065] worker_thread+0xc01/0x1630 [ 1430.412498][ T1065] kthread+0x332/0x350 [ 1430.416832][ T1065] ? rcu_lock_release+0x30/0x30 [ 1430.422059][ T1065] ? kthread_blkcg+0xe0/0xe0 [ 1430.426650][ T1065] ret_from_fork+0x24/0x30 [ 1430.440071][ T1065] INFO: task syz-executor.2:2845 blocked for more than 144 seconds. [ 1430.448082][ T1065] Not tainted 5.3.0+ #0 [ 1430.470003][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1430.478752][ T1065] syz-executor.2 D25016 2845 1 0x00004004 [ 1430.499997][ T1065] Call Trace: [ 1430.503362][ T1065] __schedule+0x74b/0xb80 [ 1430.507718][ T1065] schedule+0x131/0x1e0 [ 1430.512310][ T1065] schedule_preempt_disabled+0x13/0x20 [ 1430.517802][ T1065] __mutex_lock_common+0x1411/0x2e20 [ 1430.523482][ T1065] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 1430.528635][ T1065] mutex_lock_nested+0x1b/0x30 [ 1430.533775][ T1065] rtnetlink_rcv_msg+0x83c/0xd40 [ 1430.538853][ T1065] ? rcu_lock_release+0x9/0x30 [ 1430.543986][ T1065] ? rcu_lock_release+0x9/0x30 [ 1430.548758][ T1065] ? rcu_lock_release+0x9/0x30 [ 1430.553871][ T1065] netlink_rcv_skb+0x19e/0x3d0 [ 1430.558639][ T1065] ? rtnetlink_bind+0x80/0x80 [ 1430.564537][ T1065] rtnetlink_rcv+0x1c/0x20 [ 1430.568963][ T1065] netlink_unicast+0x787/0x8f0 [ 1430.580030][ T1065] netlink_sendmsg+0x993/0xc50 [ 1430.584855][ T1065] ? netlink_getsockopt+0x9f0/0x9f0 [ 1430.610016][ T1065] __sys_sendto+0x442/0x5e0 [ 1430.614580][ T1065] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 1430.629942][ T1065] ? prepare_exit_to_usermode+0x1f7/0x580 [ 1430.635705][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1430.649950][ T1065] __x64_sys_sendto+0xe5/0x100 [ 1430.654756][ T1065] do_syscall_64+0xf7/0x1c0 [ 1430.659254][ T1065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1430.680793][ T1065] RIP: 0033:0x413873 [ 1430.684731][ T1065] Code: Bad RIP value. [ 1430.688961][ T1065] RSP: 002b:00007ffd1f1d2398 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1430.720058][ T1065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413873 [ 1430.728077][ T1065] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 1430.760026][ T1065] RBP: 00007ffd1f1d2400 R08: 00007ffd1f1d23a0 R09: 000000000000000c [ 1430.768211][ T1065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1430.789956][ T1065] R13: 00000000004bed34 R14: 0000000000000000 R15: 0000000000000000 [ 1430.798126][ T1065] [ 1430.798126][ T1065] Showing all locks held in the system: [ 1430.830135][ T1065] 1 lock held by khungtaskd/1065: [ 1430.835194][ T1065] #0: ffffffff888d3cc0 (rcu_read_lock){....}, at: rcu_lock_acquire+0x4/0x30 [ 1430.860030][ T1065] 8 locks held by kworker/u4:5/2793: [ 1430.866146][ T1065] 1 lock held by rsyslogd/7798: [ 1430.880046][ T1065] #0: ffff8880986463a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x243/0x2e0 [ 1430.889569][ T1065] 2 locks held by getty/7889: [ 1430.894967][ T1065] #0: ffff888091a86cd0 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1430.904643][ T1065] #1: ffffc90005f452e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1430.914677][ T1065] 2 locks held by getty/7890: [ 1430.919352][ T1065] #0: ffff8880a07a4d50 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1430.928965][ T1065] #1: ffffc90005f492e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1430.950024][ T1065] 2 locks held by getty/7891: [ 1430.954722][ T1065] #0: ffff8880a7b8f750 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1430.964382][ T1065] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1430.974349][ T1065] 2 locks held by getty/7892: [ 1430.979024][ T1065] #0: ffff8880a9379510 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1430.988629][ T1065] #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1430.998625][ T1065] 2 locks held by getty/7893: [ 1431.020095][ T1065] #0: ffff8880a9378c90 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1431.029458][ T1065] #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1431.038070][ T2877] kobject: 'vlan0' (00000000649180ea): kobject_uevent_env [ 1431.047010][ T2877] kobject: 'vlan0' (00000000649180ea): kobject_uevent_env: attempted to send uevent without kset! [ 1431.050041][ T1065] 2 locks held by getty/7894: [ 1431.058038][ T2877] kobject: 'mesh' (000000007c0691b4): kobject_cleanup, parent 00000000db485f3b [ 1431.069898][ T1065] #0: ffff888096023450 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1431.072627][ T2877] kobject: 'mesh' (000000007c0691b4): calling ktype release [ 1431.088184][ T2877] kobject: (000000007c0691b4): dynamic_kobj_release [ 1431.095228][ T2877] kobject: 'mesh': free name [ 1431.099908][ T1065] #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1431.100505][ T2877] kobject: 'vlan0' (00000000649180ea): kobject_cleanup, parent 00000000db485f3b [ 1431.109739][ T1065] 2 locks held by getty/7895: [ 1431.126724][ T1065] #0: ffff88809717c190 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1431.137171][ T1065] #1: ffffc90005f192e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 [ 1431.140038][ T2877] kobject: 'vlan0' (00000000649180ea): calling ktype release [ 1431.147114][ T1065] 7 locks held by kworker/u4:1/2877: [ 1431.160237][ T1065] 3 locks held by kworker/1:18/2505: [ 1431.165518][ T1065] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x75d/0x10e0 [ 1431.170036][ T2877] kobject: (00000000649180ea): dynamic_kobj_release [ 1431.176255][ T1065] #1: ffff888037797d78 ((linkwatch_work).work){+.+.}, at: process_one_work+0x79f/0x10e0 [ 1431.182603][ T2877] kobject: 'vlan0': free name [ 1431.210051][ T1065] #2: ffffffff88b02990 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 1431.218086][ T1065] 3 locks held by kworker/0:16/2522: [ 1431.229983][ T1065] #0: ffff8882162368e8 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x75d/0x10e0 [ 1431.260040][ T1065] #1: ffff88802d4cfd78 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79f/0x10e0 [ 1431.272392][ T1065] #2: ffffffff88b02990 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 1431.280761][ T1065] 3 locks held by kworker/0:18/2525: [ 1431.286037][ T1065] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x75d/0x10e0 [ 1431.296252][ T1065] #1: ffff8880689cfd78 (deferred_process_work){+.+.}, at: process_one_work+0x79f/0x10e0 [ 1431.306365][ T1065] #2: ffffffff88b02990 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 1431.314690][ T1065] 3 locks held by kworker/1:28/2698: [ 1431.320218][ T1065] #0: ffff8882162368e8 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x75d/0x10e0 [ 1431.330957][ T1065] #1: ffff888036e8fd78 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79f/0x10e0 [ 1431.342922][ T1065] #2: ffffffff88b02990 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 1431.359949][ T1065] 1 lock held by syz-executor.2/2845: [ 1431.365345][ T1065] #0: ffffffff88b02990 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x83c/0xd40 [ 1431.389983][ T1065] [ 1431.392341][ T1065] ============================================= [ 1431.392341][ T1065] [ 1431.409913][ T1065] NMI backtrace for cpu 0 [ 1431.414265][ T1065] CPU: 0 PID: 1065 Comm: khungtaskd Not tainted 5.3.0+ #0 [ 1431.421367][ T1065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.431420][ T1065] Call Trace: [ 1431.434711][ T1065] dump_stack+0x1d8/0x2f8 [ 1431.439034][ T1065] nmi_cpu_backtrace+0xaf/0x1a0 [ 1431.443884][ T1065] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 1431.450099][ T1065] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 1431.456169][ T1065] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 1431.462149][ T1065] arch_trigger_cpumask_backtrace+0x10/0x20 [ 1431.468037][ T1065] trigger_all_cpu_backtrace+0x17/0x20 [ 1431.473490][ T1065] watchdog+0xbb9/0xbd0 [ 1431.477647][ T1065] kthread+0x332/0x350 [ 1431.481725][ T1065] ? hungtask_pm_notify+0x50/0x50 [ 1431.486740][ T1065] ? kthread_blkcg+0xe0/0xe0 [ 1431.491331][ T1065] ret_from_fork+0x24/0x30 [ 1431.495910][ T1065] Sending NMI from CPU 0 to CPUs 1: [ 1431.502197][ C1] NMI backtrace for cpu 1 [ 1431.502200][ C1] CPU: 1 PID: 2793 Comm: kworker/u4:5 Not tainted 5.3.0+ #0 [ 1431.502204][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.502206][ C1] Workqueue: bat_events batadv_nc_worker [ 1431.502210][ C1] RIP: 0010:__lock_acquire+0x70e/0x1be0 [ 1431.502216][ C1] Code: 01 d8 48 c1 f8 06 48 8d 3c c5 e0 b4 5d 89 be 08 00 00 00 e8 e4 c5 53 00 48 bf 00 00 00 00 00 fc ff df 48 0f a3 1d c2 4b 05 08 <4c> 8b 7c 24 18 0f 83 73 0a 00 00 49 8d 9f 88 08 00 00 48 89 d8 48 [ 1431.502218][ C1] RSP: 0018:ffff8880a04afa70 EFLAGS: 00000057 [ 1431.502222][ C1] RAX: 0000000000000001 RBX: 0000000000000029 RCX: ffffffff8158690c [ 1431.502225][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: dffffc0000000000 [ 1431.502228][ C1] RBP: ffff8880a04afbc8 R08: dffffc0000000000 R09: fffffbfff12bb69d [ 1431.502231][ C1] R10: fffffbfff12bb69d R11: 0000000000000000 R12: ffff8880a049ab8c [ 1431.502233][ C1] R13: ffff8880a049ab10 R14: ffff8880a049ab68 R15: ffff8880a049a280 [ 1431.502236][ C1] FS: 0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 1431.502239][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1431.502241][ C1] CR2: 0000000000413849 CR3: 000000008ef3e000 CR4: 00000000001406e0 [ 1431.502244][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1431.502247][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 1431.502248][ C1] Call Trace: [ 1431.502251][ C1] ? trace_lock_acquire+0x159/0x1d0 [ 1431.502253][ C1] lock_acquire+0x158/0x250 [ 1431.502255][ C1] ? rcu_lock_acquire+0x9/0x40 [ 1431.502256][ C1] rcu_lock_acquire+0x2e/0x40 [ 1431.502258][ C1] ? rcu_lock_acquire+0x9/0x40 [ 1431.502260][ C1] batadv_nc_worker+0xdc/0x600 [ 1431.502262][ C1] process_one_work+0x7ef/0x10e0 [ 1431.502264][ C1] worker_thread+0xc01/0x1630 [ 1431.502266][ C1] kthread+0x332/0x350 [ 1431.502268][ C1] ? rcu_lock_release+0x30/0x30 [ 1431.502271][ C1] ? kthread_blkcg+0xe0/0xe0 [ 1431.502273][ C1] ret_from_fork+0x24/0x30 [ 1431.599899][ T1065] Kernel panic - not syncing: hung_task: blocked tasks [ 1431.709233][ T1065] CPU: 0 PID: 1065 Comm: khungtaskd Not tainted 5.3.0+ #0 [ 1431.716351][ T1065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.726842][ T1065] Call Trace: [ 1431.730135][ T1065] dump_stack+0x1d8/0x2f8 [ 1431.734460][ T1065] panic+0x25c/0x799 [ 1431.738345][ T1065] ? nmi_trigger_cpumask_backtrace+0x21a/0x290 [ 1431.744498][ T1065] watchdog+0xbcc/0xbd0 [ 1431.748653][ T1065] kthread+0x332/0x350 [ 1431.752710][ T1065] ? hungtask_pm_notify+0x50/0x50 [ 1431.757721][ T1065] ? kthread_blkcg+0xe0/0xe0 [ 1431.762305][ T1065] ret_from_fork+0x24/0x30 [ 1431.768493][ T1065] Kernel Offset: disabled [ 1431.772823][ T1065] Rebooting in 86400 seconds..