6] oom_reaper: reaped process 23693 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2962.257620][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2962.266869][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2962.536500][T23718] 8021q: adding VLAN 0 to HW filter on device team0 [ 2962.602750][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2962.612253][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2962.620810][T16062] bridge0: port 1(bridge_slave_0) entered blocking state [ 2962.627927][T16062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2962.697689][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2962.707169][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2962.733141][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2962.741505][T13425] bridge0: port 2(bridge_slave_1) entered blocking state [ 2962.748614][T13425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2962.859418][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2962.870034][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2962.879535][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2962.890410][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2962.907645][T23751] IPVS: ftp: loaded support on port[0] = 21 [ 2962.915007][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2962.977093][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2962.986820][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2963.009929][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2963.032340][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2963.040852][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2963.049985][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2963.062196][T23718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2963.165791][T23718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2963.307660][T23751] chnl_net:caif_netlink_parms(): no params data found [ 2963.324601][T23755] IPVS: ftp: loaded support on port[0] = 21 [ 2963.479558][T23751] bridge0: port 1(bridge_slave_0) entered blocking state [ 2963.490021][T23751] bridge0: port 1(bridge_slave_0) entered disabled state [ 2963.500050][T23751] device bridge_slave_0 entered promiscuous mode [ 2963.508396][T23762] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2963.548780][T23751] bridge0: port 2(bridge_slave_1) entered blocking state [ 2963.564716][T23751] bridge0: port 2(bridge_slave_1) entered disabled state [ 2963.584985][T23751] device bridge_slave_1 entered promiscuous mode [ 2963.587484][T23761] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2963.605501][T23761] CPU: 0 PID: 23761 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2963.613060][T23761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2963.623111][T23761] Call Trace: [ 2963.626405][T23761] dump_stack+0x172/0x1f0 [ 2963.630738][T23761] dump_header+0x10b/0x82d [ 2963.635157][T23761] oom_kill_process.cold+0x10/0x15 [ 2963.640271][T23761] out_of_memory+0x334/0x1340 [ 2963.644953][T23761] ? __sched_text_start+0x8/0x8 [ 2963.649804][T23761] ? oom_killer_disable+0x280/0x280 [ 2963.655015][T23761] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2963.660564][T23761] ? memcg_stat_show+0xc40/0xc40 [ 2963.665523][T23761] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2963.671339][T23761] ? cgroup_file_notify+0x140/0x1b0 [ 2963.676551][T23761] memory_max_write+0x262/0x3a0 [ 2963.681422][T23761] ? mem_cgroup_write+0x370/0x370 [ 2963.686463][T23761] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2963.691959][T23761] cgroup_file_write+0x241/0x790 [ 2963.696900][T23761] ? mem_cgroup_write+0x370/0x370 [ 2963.701934][T23761] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2963.707585][T23761] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2963.713219][T23761] kernfs_fop_write+0x2b8/0x480 [ 2963.718078][T23761] __vfs_write+0x8a/0x110 [ 2963.722409][T23761] ? kernfs_fop_open+0xd80/0xd80 [ 2963.727346][T23761] vfs_write+0x268/0x5d0 [ 2963.731591][T23761] ksys_write+0x14f/0x290 [ 2963.735914][T23761] ? __ia32_sys_read+0xb0/0xb0 [ 2963.740683][T23761] ? do_syscall_64+0x26/0x760 [ 2963.745364][T23761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2963.751431][T23761] ? do_syscall_64+0x26/0x760 [ 2963.756115][T23761] __x64_sys_write+0x73/0xb0 [ 2963.760711][T23761] do_syscall_64+0xfa/0x760 [ 2963.765226][T23761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2963.771112][T23761] RIP: 0033:0x459a29 [ 2963.775004][T23761] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2963.794617][T23761] RSP: 002b:00007f68f63b2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2963.803056][T23761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2963.811027][T23761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2963.819000][T23761] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2963.826973][T23761] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f68f63b36d4 [ 2963.834961][T23761] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2963.853824][T23761] memory: usage 3088kB, limit 0kB, failcnt 1287 [ 2963.860360][T23761] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2963.869889][T23761] Memory cgroup stats for /syz2: [ 2963.871230][T23761] anon 2134016 [ 2963.871230][T23761] file 20480 [ 2963.871230][T23761] kernel_stack 65536 [ 2963.871230][T23761] slab 806912 [ 2963.871230][T23761] sock 0 [ 2963.871230][T23761] shmem 0 [ 2963.871230][T23761] file_mapped 0 [ 2963.871230][T23761] file_dirty 135168 [ 2963.871230][T23761] file_writeback 0 [ 2963.871230][T23761] anon_thp 2097152 [ 2963.871230][T23761] inactive_anon 0 [ 2963.871230][T23761] active_anon 2134016 [ 2963.871230][T23761] inactive_file 0 [ 2963.871230][T23761] active_file 0 [ 2963.871230][T23761] unevictable 0 [ 2963.871230][T23761] slab_reclaimable 270336 [ 2963.871230][T23761] slab_unreclaimable 536576 [ 2963.871230][T23761] pgfault 18216 [ 2963.871230][T23761] pgmajfault 0 [ 2963.871230][T23761] workingset_refault 0 [ 2963.871230][T23761] workingset_activate 0 [ 2963.871230][T23761] workingset_nodereclaim 0 [ 2963.871230][T23761] pgrefill 99 [ 2963.871230][T23761] pgscan 99 [ 2963.871230][T23761] pgsteal 0 [ 2963.871230][T23761] pgactivate 66 [ 2963.877317][T23761] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23760,uid=0 [ 2964.012189][T23761] Memory cgroup out of memory: Killed process 23760 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2964.052635][T23751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2964.061921][ T1066] oom_reaper: reaped process 23760 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 2964.089427][T23751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:13:53 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:13:53 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:13:53 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x4c000000}, 0x0) 20:13:53 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2964.193436][T23718] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2964.230589][T23751] team0: Port device team_slave_0 added [ 2964.278229][T23751] team0: Port device team_slave_1 added [ 2964.287176][T23718] CPU: 1 PID: 23718 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2964.294739][T23718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2964.304781][T23718] Call Trace: [ 2964.308065][T23718] dump_stack+0x172/0x1f0 [ 2964.312385][T23718] dump_header+0x10b/0x82d [ 2964.312397][T23718] ? oom_kill_process+0x94/0x3f0 [ 2964.312413][T23718] oom_kill_process.cold+0x10/0x15 [ 2964.312433][T23718] out_of_memory+0x334/0x1340 [ 2964.331519][T23718] ? lock_downgrade+0x920/0x920 [ 2964.336375][T23718] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2964.342177][T23718] ? oom_killer_disable+0x280/0x280 [ 2964.347371][T23718] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2964.347386][T23718] ? memcg_stat_show+0xc40/0xc40 [ 2964.357852][T23718] ? do_raw_spin_unlock+0x57/0x270 [ 2964.362968][T23718] ? _raw_spin_unlock+0x2d/0x50 [ 2964.367820][T23718] try_charge+0xf4b/0x1440 [ 2964.372239][T23718] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2964.377787][T23718] ? percpu_ref_tryget_live+0x111/0x290 [ 2964.383336][T23718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2964.383352][T23718] ? __kasan_check_read+0x11/0x20 [ 2964.383368][T23718] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2964.383387][T23718] mem_cgroup_try_charge+0x136/0x590 [ 2964.383407][T23718] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2964.411088][T23718] wp_page_copy+0x407/0x1860 [ 2964.415678][T23718] ? find_held_lock+0x35/0x130 [ 2964.420432][T23718] ? do_wp_page+0x53b/0x15c0 [ 2964.425012][T23718] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2964.425026][T23718] ? lock_downgrade+0x920/0x920 [ 2964.425042][T23718] ? swp_swapcount+0x540/0x540 [ 2964.425058][T23718] ? __kasan_check_read+0x11/0x20 [ 2964.425070][T23718] ? do_raw_spin_unlock+0x57/0x270 [ 2964.425086][T23718] do_wp_page+0x543/0x15c0 [ 2964.454986][T23718] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2964.460376][T23718] __handle_mm_fault+0x23ec/0x4040 [ 2964.465499][T23718] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2964.471052][T23718] ? handle_mm_fault+0x292/0xaa0 [ 2964.475996][T23718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2964.482229][T23718] ? __kasan_check_read+0x11/0x20 [ 2964.482247][T23718] handle_mm_fault+0x3b7/0xaa0 [ 2964.482267][T23718] __do_page_fault+0x536/0xdd0 [ 2964.482287][T23718] do_page_fault+0x38/0x590 [ 2964.482311][T23718] page_fault+0x39/0x40 [ 2964.505412][T23718] RIP: 0033:0x4034f2 [ 2964.509310][T23718] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 20:13:54 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x60000000}, 0x0) [ 2964.528902][T23718] RSP: 002b:00007ffdb721bbe0 EFLAGS: 00010246 [ 2964.528913][T23718] RAX: 0000000000000000 RBX: 00000000002d3868 RCX: 0000000000413630 [ 2964.528919][T23718] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdb721cd10 [ 2964.528926][T23718] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002a3a940 [ 2964.528932][T23718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb721cd10 [ 2964.528939][T23718] R13: 00007ffdb721cd00 R14: 0000000000000000 R15: 00007ffdb721cd10 20:13:54 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x68000000}, 0x0) [ 2964.615999][T23718] memory: usage 720kB, limit 0kB, failcnt 1295 [ 2964.631789][T23718] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2964.648925][T23718] Memory cgroup stats for /syz2: [ 2964.649034][T23718] anon 0 [ 2964.649034][T23718] file 20480 [ 2964.649034][T23718] kernel_stack 0 [ 2964.649034][T23718] slab 806912 [ 2964.649034][T23718] sock 0 [ 2964.649034][T23718] shmem 0 [ 2964.649034][T23718] file_mapped 0 [ 2964.649034][T23718] file_dirty 135168 [ 2964.649034][T23718] file_writeback 0 [ 2964.649034][T23718] anon_thp 0 [ 2964.649034][T23718] inactive_anon 0 [ 2964.649034][T23718] active_anon 0 [ 2964.649034][T23718] inactive_file 0 [ 2964.649034][T23718] active_file 0 [ 2964.649034][T23718] unevictable 0 [ 2964.649034][T23718] slab_reclaimable 270336 [ 2964.649034][T23718] slab_unreclaimable 536576 [ 2964.649034][T23718] pgfault 18216 [ 2964.649034][T23718] pgmajfault 0 [ 2964.649034][T23718] workingset_refault 0 [ 2964.649034][T23718] workingset_activate 0 [ 2964.649034][T23718] workingset_nodereclaim 0 [ 2964.649034][T23718] pgrefill 99 [ 2964.649034][T23718] pgscan 99 [ 2964.649034][T23718] pgsteal 0 [ 2964.649034][T23718] pgactivate 66 [ 2964.649034][T23718] pgdeactivate 99 20:13:54 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x6c000000}, 0x0) [ 2964.777857][T23718] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23718,uid=0 [ 2964.794317][T23718] Memory cgroup out of memory: Killed process 23718 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 20:13:54 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x74000000}, 0x0) [ 2964.875322][ T1066] oom_reaper: reaped process 23718 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2964.889778][T23751] device hsr_slave_0 entered promiscuous mode 20:13:54 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x7a000000}, 0x0) [ 2964.982893][T23751] device hsr_slave_1 entered promiscuous mode [ 2965.012455][T23751] debugfs: Directory 'hsr0' with parent '/' already present! [ 2965.080559][T23755] chnl_net:caif_netlink_parms(): no params data found [ 2965.666951][T23755] bridge0: port 1(bridge_slave_0) entered blocking state [ 2965.674370][T23755] bridge0: port 1(bridge_slave_0) entered disabled state [ 2965.683245][T23755] device bridge_slave_0 entered promiscuous mode [ 2965.747887][T23755] bridge0: port 2(bridge_slave_1) entered blocking state [ 2965.757216][T23755] bridge0: port 2(bridge_slave_1) entered disabled state [ 2965.766032][T23755] device bridge_slave_1 entered promiscuous mode [ 2965.788444][T23751] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2965.903469][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2965.911575][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2965.980792][T23751] 8021q: adding VLAN 0 to HW filter on device team0 [ 2965.997710][T23783] IPVS: ftp: loaded support on port[0] = 21 [ 2966.008170][T23755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2966.095654][T23755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2966.110071][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2966.121091][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2966.130070][T13425] bridge0: port 1(bridge_slave_0) entered blocking state [ 2966.137191][T13425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2966.145837][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2966.154825][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2966.164609][T13425] bridge0: port 2(bridge_slave_1) entered blocking state [ 2966.171726][T13425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2966.192935][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2966.284268][T23755] team0: Port device team_slave_0 added [ 2966.304712][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2966.314895][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2966.324166][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2966.333343][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2966.343038][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2966.364246][T23755] team0: Port device team_slave_1 added [ 2966.379546][T23785] IPVS: ftp: loaded support on port[0] = 21 [ 2966.443784][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2966.453903][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2966.462776][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2966.471296][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2966.487295][T23751] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2966.499616][T23751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2966.597816][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2966.606762][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2966.755494][T23755] device hsr_slave_0 entered promiscuous mode [ 2966.822746][T23755] device hsr_slave_1 entered promiscuous mode [ 2966.861943][T23755] debugfs: Directory 'hsr0' with parent '/' already present! [ 2966.886647][T23751] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2967.123578][T23783] chnl_net:caif_netlink_parms(): no params data found [ 2967.248916][T23792] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2967.554325][T23755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2967.561394][T23785] chnl_net:caif_netlink_parms(): no params data found [ 2967.767216][T23783] bridge0: port 1(bridge_slave_0) entered blocking state [ 2967.775062][T23783] bridge0: port 1(bridge_slave_0) entered disabled state [ 2967.788362][T23783] device bridge_slave_0 entered promiscuous mode [ 2967.867909][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2967.877733][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2967.890882][T23755] 8021q: adding VLAN 0 to HW filter on device team0 [ 2967.898815][T23783] bridge0: port 2(bridge_slave_1) entered blocking state [ 2967.908084][T23783] bridge0: port 2(bridge_slave_1) entered disabled state [ 2967.917352][T23783] device bridge_slave_1 entered promiscuous mode 20:13:57 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, 0xffffffffffffffff, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) socket$kcm(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:13:57 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x9effffff}, 0x0) [ 2967.997977][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2968.014864][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2968.032303][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 2968.039416][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2968.087285][T23785] bridge0: port 1(bridge_slave_0) entered blocking state [ 2968.107309][T23785] bridge0: port 1(bridge_slave_0) entered disabled state [ 2968.153812][T23785] device bridge_slave_0 entered promiscuous mode [ 2968.221733][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2968.230171][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2968.279685][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2968.303176][T23801] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2968.304882][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 2968.314531][T23801] CPU: 1 PID: 23801 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2968.320583][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2968.328081][T23801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2968.328087][T23801] Call Trace: [ 2968.328112][T23801] dump_stack+0x172/0x1f0 [ 2968.328136][T23801] dump_header+0x10b/0x82d [ 2968.357341][T23801] oom_kill_process.cold+0x10/0x15 [ 2968.362456][T23801] out_of_memory+0x334/0x1340 [ 2968.367140][T23801] ? retint_kernel+0x2b/0x2b [ 2968.371740][T23801] ? oom_killer_disable+0x280/0x280 [ 2968.376955][T23801] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2968.377290][T23783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2968.382676][T23801] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2968.382690][T23801] ? memcg_stat_show+0xc40/0xc40 [ 2968.382715][T23801] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2968.382743][T23801] ? cgroup_file_notify+0x140/0x1b0 [ 2968.402193][T23801] memory_max_write+0x262/0x3a0 [ 2968.402213][T23801] ? mem_cgroup_write+0x370/0x370 [ 2968.402235][T23801] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2968.402257][T23801] cgroup_file_write+0x241/0x790 [ 2968.409531][T23783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2968.413223][T23801] ? mem_cgroup_write+0x370/0x370 [ 2968.413243][T23801] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2968.413264][T23801] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2968.413285][T23801] kernfs_fop_write+0x2b8/0x480 [ 2968.423124][T23801] __vfs_write+0x8a/0x110 [ 2968.423140][T23801] ? kernfs_fop_open+0xd80/0xd80 [ 2968.423157][T23801] vfs_write+0x268/0x5d0 [ 2968.423177][T23801] ksys_write+0x14f/0x290 [ 2968.433532][T23801] ? __ia32_sys_read+0xb0/0xb0 [ 2968.433553][T23801] ? do_syscall_64+0x26/0x760 [ 2968.433570][T23801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2968.433587][T23801] ? do_syscall_64+0x26/0x760 [ 2968.447593][T23801] __x64_sys_write+0x73/0xb0 [ 2968.447618][T23801] do_syscall_64+0xfa/0x760 [ 2968.458839][T23801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2968.458851][T23801] RIP: 0033:0x459a29 [ 2968.458869][T23801] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2968.470274][T23801] RSP: 002b:00007f519a33ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2968.470290][T23801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2968.470297][T23801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2968.470309][T23801] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2968.479434][T23801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f519a33f6d4 [ 2968.479443][T23801] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2968.611142][T23785] bridge0: port 2(bridge_slave_1) entered blocking state [ 2968.619591][T23785] bridge0: port 2(bridge_slave_1) entered disabled state [ 2968.628755][T23785] device bridge_slave_1 entered promiscuous mode [ 2968.651909][T23801] memory: usage 36276kB, limit 0kB, failcnt 78 [ 2968.658394][T23801] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2968.671590][T23801] Memory cgroup stats for [ 2968.689898][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2968.709914][T23801] /syz3: [ 2968.711258][T23801] anon 2244608 [ 2968.711258][T23801] file 90112 [ 2968.711258][T23801] kernel_stack 65536 [ 2968.711258][T23801] slab 34721792 [ 2968.711258][T23801] sock 0 [ 2968.711258][T23801] shmem 0 [ 2968.711258][T23801] file_mapped 0 [ 2968.711258][T23801] file_dirty 0 [ 2968.711258][T23801] file_writeback 0 [ 2968.711258][T23801] anon_thp 2097152 [ 2968.711258][T23801] inactive_anon 0 [ 2968.711258][T23801] active_anon 2170880 [ 2968.711258][T23801] inactive_file 135168 [ 2968.711258][T23801] active_file 0 [ 2968.711258][T23801] unevictable 0 [ 2968.711258][T23801] slab_reclaimable 34062336 [ 2968.711258][T23801] slab_unreclaimable 659456 [ 2968.711258][T23801] pgfault 45804 [ 2968.711258][T23801] pgmajfault 0 [ 2968.711258][T23801] workingset_refault 0 [ 2968.711258][T23801] workingset_activate 0 [ 2968.711258][T23801] workingset_nodereclaim 0 [ 2968.711258][T23801] pgrefill 316 [ 2968.711258][T23801] pgscan 343 [ 2968.711258][T23801] pgsteal 0 [ 2968.711258][T23801] pgactivate 297 [ 2968.816612][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2968.827884][T23783] team0: Port device team_slave_0 added [ 2968.853778][T23801] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23798,uid=0 [ 2968.869735][T23801] Memory cgroup out of memory: Killed process 23798 (syz-executor.3) total-vm:72572kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2968.892557][ T1066] oom_reaper: reaped process 23798 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 2968.945315][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2968.966300][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2969.012961][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2969.062625][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2969.073018][T23783] team0: Port device team_slave_1 added [ 2969.112306][T23785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2969.125760][T23751] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2969.140572][T23751] CPU: 1 PID: 23751 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2969.148122][T23751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2969.158166][T23751] Call Trace: [ 2969.158521][T23785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2969.161459][T23751] dump_stack+0x172/0x1f0 [ 2969.170731][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2969.174758][T23751] dump_header+0x10b/0x82d [ 2969.174777][T23751] ? oom_kill_process+0x94/0x3f0 [ 2969.191242][T23751] oom_kill_process.cold+0x10/0x15 [ 2969.196331][T23751] out_of_memory+0x334/0x1340 [ 2969.200982][T23751] ? lock_downgrade+0x920/0x920 [ 2969.205810][T23751] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2969.211589][T23751] ? oom_killer_disable+0x280/0x280 [ 2969.216785][T23751] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2969.222305][T23751] ? memcg_stat_show+0xc40/0xc40 [ 2969.227221][T23751] ? do_raw_spin_unlock+0x57/0x270 [ 2969.232311][T23751] ? _raw_spin_unlock+0x2d/0x50 [ 2969.237138][T23751] try_charge+0xf4b/0x1440 [ 2969.241534][T23751] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2969.247089][T23751] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2969.252617][T23751] ? cache_grow_begin+0x122/0xd20 [ 2969.257651][T23751] ? find_held_lock+0x35/0x130 [ 2969.262565][T23751] ? cache_grow_begin+0x122/0xd20 [ 2969.267577][T23751] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2969.273095][T23751] ? lock_downgrade+0x920/0x920 [ 2969.277922][T23751] ? memcg_kmem_put_cache+0x50/0x50 [ 2969.283109][T23751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2969.289323][T23751] ? __kasan_check_read+0x11/0x20 [ 2969.294325][T23751] cache_grow_begin+0x629/0xd20 [ 2969.299153][T23751] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 2969.304758][T23751] ? mempolicy_slab_node+0x139/0x390 [ 2969.310017][T23751] fallback_alloc+0x1fd/0x2d0 [ 2969.314673][T23751] ____cache_alloc_node+0x1bc/0x1d0 [ 2969.319845][T23751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2969.326060][T23751] kmem_cache_alloc+0x1ef/0x710 [ 2969.330884][T23751] ? lock_downgrade+0x920/0x920 [ 2969.335710][T23751] ? rwlock_bug.part.0+0x90/0x90 [ 2969.340633][T23751] ? ratelimit_state_init+0xb0/0xb0 [ 2969.345805][T23751] ext4_alloc_inode+0x1f/0x640 [ 2969.350541][T23751] ? ratelimit_state_init+0xb0/0xb0 [ 2969.355714][T23751] alloc_inode+0x68/0x1e0 [ 2969.360017][T23751] iget_locked+0x1a6/0x4b0 [ 2969.364410][T23751] __ext4_iget+0x265/0x3e20 [ 2969.368891][T23751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2969.375112][T23751] ? ext4_get_projid+0x190/0x190 [ 2969.380027][T23751] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2969.385548][T23751] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2969.391510][T23751] ? d_alloc_parallel+0xa78/0x1c30 [ 2969.396617][T23751] ext4_lookup+0x3b1/0x7a0 [ 2969.401009][T23751] ? ext4_cross_rename+0x1430/0x1430 [ 2969.406279][T23751] ? __lock_acquire+0x16f2/0x4a00 [ 2969.411285][T23751] ? __kasan_check_read+0x11/0x20 [ 2969.416290][T23751] ? lockdep_init_map+0x1be/0x6d0 [ 2969.421293][T23751] __lookup_slow+0x279/0x500 [ 2969.425859][T23751] ? vfs_unlink+0x620/0x620 [ 2969.430351][T23751] lookup_slow+0x58/0x80 [ 2969.434570][T23751] path_mountpoint+0x5d2/0x1e60 [ 2969.439396][T23751] ? __kasan_check_read+0x11/0x20 [ 2969.444395][T23751] ? __lock_acquire+0x16f2/0x4a00 [ 2969.449396][T23751] ? path_openat+0x46d0/0x46d0 [ 2969.454137][T23751] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2969.459743][T23751] ? find_held_lock+0x35/0x130 [ 2969.464486][T23751] filename_mountpoint+0x18e/0x390 [ 2969.469571][T23751] ? filename_parentat.isra.0+0x410/0x410 [ 2969.475263][T23751] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2969.481396][T23751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2969.487609][T23751] ? __phys_addr_symbol+0x30/0x70 [ 2969.492608][T23751] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2969.498348][T23751] ? __check_object_size+0x3d/0x437 [ 2969.503532][T23751] ? strncpy_from_user+0x2b4/0x400 [ 2969.508662][T23751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2969.514877][T23751] ? getname_flags+0x277/0x5b0 [ 2969.519620][T23751] user_path_mountpoint_at+0x3a/0x50 [ 2969.524882][T23751] ksys_umount+0x164/0xf00 [ 2969.529289][T23751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2969.535512][T23751] ? __detach_mounts+0x2a0/0x2a0 [ 2969.540431][T23751] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2969.545866][T23751] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2969.551299][T23751] ? do_syscall_64+0x26/0x760 [ 2969.555953][T23751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2969.562002][T23751] ? do_syscall_64+0x26/0x760 [ 2969.566667][T23751] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2969.571927][T23751] __x64_sys_umount+0x54/0x80 [ 2969.576579][T23751] do_syscall_64+0xfa/0x760 [ 2969.581064][T23751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2969.586936][T23751] RIP: 0033:0x45c457 [ 2969.590808][T23751] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2969.610387][T23751] RSP: 002b:00007ffda2fb4af8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 2969.618774][T23751] RAX: ffffffffffffffda RBX: 00000000002d4a83 RCX: 000000000045c457 [ 2969.626735][T23751] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffda2fb4ba0 [ 2969.634684][T23751] RBP: 0000000000000006 R08: 0000000000000000 R09: 000000000000000a [ 2969.642628][T23751] R10: 0000000000000006 R11: 0000000000000206 R12: 00007ffda2fb5c30 [ 2969.650573][T23751] R13: 000000000123d940 R14: 0000000000000000 R15: 00007ffda2fb5c30 [ 2969.666193][T23751] memory: usage 33816kB, limit 0kB, failcnt 90 [ 2969.672435][T23751] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2969.674490][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2969.679273][T23751] Memory cgroup stats for /syz3: [ 2969.679382][T23751] anon 131072 [ 2969.679382][T23751] file 90112 [ 2969.679382][T23751] kernel_stack 0 [ 2969.679382][T23751] slab 34721792 [ 2969.679382][T23751] sock 0 [ 2969.679382][T23751] shmem 0 [ 2969.679382][T23751] file_mapped 0 [ 2969.679382][T23751] file_dirty 0 [ 2969.679382][T23751] file_writeback 0 [ 2969.679382][T23751] anon_thp 0 [ 2969.679382][T23751] inactive_anon 0 [ 2969.679382][T23751] active_anon 57344 [ 2969.679382][T23751] inactive_file 135168 [ 2969.679382][T23751] active_file 0 [ 2969.679382][T23751] unevictable 0 [ 2969.679382][T23751] slab_reclaimable 34062336 [ 2969.679382][T23751] slab_unreclaimable 659456 [ 2969.679382][T23751] pgfault 45804 [ 2969.679382][T23751] pgmajfault 0 [ 2969.679382][T23751] workingset_refault 0 [ 2969.679382][T23751] workingset_activate 0 [ 2969.679382][T23751] workingset_nodereclaim 0 [ 2969.679382][T23751] pgrefill 349 [ 2969.679382][T23751] pgscan 343 [ 2969.679382][T23751] pgsteal 0 [ 2969.679382][T23751] pgactivate 297 [ 2969.702831][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2969.783850][T23751] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23751,uid=0 [ 2969.805675][T23751] Memory cgroup out of memory: Killed process 23751 (syz-executor.3) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2969.823958][ T1066] oom_reaper: reaped process 23751 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2969.939592][T23755] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2969.953032][T23755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2969.961484][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2969.971374][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2970.393301][T23783] device hsr_slave_0 entered promiscuous mode [ 2970.442651][T23783] device hsr_slave_1 entered promiscuous mode [ 2970.481805][T23783] debugfs: Directory 'hsr0' with parent '/' already present! [ 2970.490864][T23785] team0: Port device team_slave_0 added [ 2970.564269][T23785] team0: Port device team_slave_1 added [ 2970.592112][T23755] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2970.766104][T23785] device hsr_slave_0 entered promiscuous mode [ 2970.822586][T23785] device hsr_slave_1 entered promiscuous mode [ 2970.861732][T23785] debugfs: Directory 'hsr0' with parent '/' already present! [ 2971.089915][T23809] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2971.100628][T23809] CPU: 1 PID: 23809 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2971.108177][T23809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2971.118231][T23809] Call Trace: [ 2971.121527][T23809] dump_stack+0x172/0x1f0 [ 2971.125859][T23809] dump_header+0x10b/0x82d [ 2971.130275][T23809] oom_kill_process.cold+0x10/0x15 [ 2971.135384][T23809] out_of_memory+0x334/0x1340 [ 2971.140051][T23809] ? retint_kernel+0x2b/0x2b [ 2971.144621][T23809] ? oom_killer_disable+0x280/0x280 [ 2971.149799][T23809] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2971.155543][T23809] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2971.161100][T23809] ? memcg_stat_show+0xc40/0xc40 [ 2971.166018][T23809] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2971.171802][T23809] ? cgroup_file_notify+0x140/0x1b0 [ 2971.176978][T23809] memory_max_write+0x262/0x3a0 [ 2971.181804][T23809] ? mem_cgroup_write+0x370/0x370 [ 2971.186807][T23809] ? cgroup_file_write+0x86/0x790 [ 2971.191815][T23809] cgroup_file_write+0x241/0x790 [ 2971.196732][T23809] ? mem_cgroup_write+0x370/0x370 [ 2971.201733][T23809] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2971.207346][T23809] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2971.212955][T23809] kernfs_fop_write+0x2b8/0x480 [ 2971.217788][T23809] __vfs_write+0x8a/0x110 [ 2971.222097][T23809] ? kernfs_fop_open+0xd80/0xd80 [ 2971.227039][T23809] vfs_write+0x268/0x5d0 [ 2971.231266][T23809] ksys_write+0x14f/0x290 [ 2971.235574][T23809] ? __ia32_sys_read+0xb0/0xb0 [ 2971.240318][T23809] ? do_syscall_64+0x26/0x760 [ 2971.244974][T23809] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2971.251014][T23809] ? do_syscall_64+0x26/0x760 [ 2971.255680][T23809] __x64_sys_write+0x73/0xb0 [ 2971.260246][T23809] do_syscall_64+0xfa/0x760 [ 2971.264729][T23809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2971.270595][T23809] RIP: 0033:0x459a29 [ 2971.274469][T23809] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2971.294049][T23809] RSP: 002b:00007ff47768dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2971.302452][T23809] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2971.310401][T23809] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2971.318348][T23809] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2971.326303][T23809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff47768e6d4 [ 2971.334252][T23809] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2971.374966][T23809] memory: usage 3300kB, limit 0kB, failcnt 1295 [ 2971.381437][T23809] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2971.392954][T23783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2971.409729][T23809] Memory cgroup stats for /syz5: [ 2971.410944][T23809] anon 2166784 [ 2971.410944][T23809] file 0 [ 2971.410944][T23809] kernel_stack 65536 [ 2971.410944][T23809] slab 942080 [ 2971.410944][T23809] sock 4096 [ 2971.410944][T23809] shmem 77824 [ 2971.410944][T23809] file_mapped 0 [ 2971.410944][T23809] file_dirty 0 [ 2971.410944][T23809] file_writeback 0 [ 2971.410944][T23809] anon_thp 2097152 [ 2971.410944][T23809] inactive_anon 135168 [ 2971.410944][T23809] active_anon 2166784 [ 2971.410944][T23809] inactive_file 0 [ 2971.410944][T23809] active_file 0 [ 2971.410944][T23809] unevictable 0 [ 2971.410944][T23809] slab_reclaimable 270336 [ 2971.410944][T23809] slab_unreclaimable 671744 [ 2971.410944][T23809] pgfault 21252 [ 2971.410944][T23809] pgmajfault 0 [ 2971.410944][T23809] workingset_refault 0 [ 2971.410944][T23809] workingset_activate 0 [ 2971.410944][T23809] workingset_nodereclaim 0 [ 2971.410944][T23809] pgrefill 165 [ 2971.410944][T23809] pgscan 253 [ 2971.410944][T23809] pgsteal 69 [ 2971.410944][T23809] pgactivate 66 20:14:01 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:01 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:01 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xf0ffffff}, 0x0) [ 2971.513202][T23809] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23808,uid=0 [ 2971.530600][T23809] Memory cgroup out of memory: Killed process 23808 (syz-executor.5) total-vm:72576kB, anon-rss:2180kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2971.552273][ T1066] oom_reaper: reaped process 23808 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2971.589303][T23755] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2971.628247][T23755] CPU: 1 PID: 23755 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2971.632668][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2971.635824][T23755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2971.635836][T23755] Call Trace: [ 2971.656336][T23755] dump_stack+0x172/0x1f0 [ 2971.660656][T23755] dump_header+0x10b/0x82d [ 2971.665053][T23755] ? oom_kill_process+0x94/0x3f0 [ 2971.669974][T23755] oom_kill_process.cold+0x10/0x15 [ 2971.675092][T23755] out_of_memory+0x334/0x1340 [ 2971.679775][T23755] ? lock_downgrade+0x920/0x920 [ 2971.684638][T23755] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2971.690435][T23755] ? oom_killer_disable+0x280/0x280 [ 2971.695634][T23755] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2971.701171][T23755] ? memcg_stat_show+0xc40/0xc40 [ 2971.706105][T23755] ? do_raw_spin_unlock+0x57/0x270 [ 2971.711203][T23755] ? _raw_spin_unlock+0x2d/0x50 [ 2971.716039][T23755] try_charge+0xf4b/0x1440 [ 2971.720454][T23755] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2971.725978][T23755] ? percpu_ref_tryget_live+0x111/0x290 [ 2971.731508][T23755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2971.737736][T23755] ? __kasan_check_read+0x11/0x20 [ 2971.742745][T23755] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2971.748281][T23755] mem_cgroup_try_charge+0x136/0x590 [ 2971.753556][T23755] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2971.759180][T23755] __handle_mm_fault+0x1f0d/0x4040 [ 2971.764275][T23755] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2971.769802][T23755] ? handle_mm_fault+0x292/0xaa0 [ 2971.774729][T23755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2971.780947][T23755] ? __kasan_check_read+0x11/0x20 [ 2971.785953][T23755] handle_mm_fault+0x3b7/0xaa0 [ 2971.790704][T23755] __do_page_fault+0x536/0xdd0 [ 2971.795453][T23755] do_page_fault+0x38/0x590 [ 2971.799940][T23755] page_fault+0x39/0x40 [ 2971.804075][T23755] RIP: 0033:0x4034f2 [ 2971.807956][T23755] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2971.827542][T23755] RSP: 002b:00007fffb87c8e30 EFLAGS: 00010246 [ 2971.833586][T23755] RAX: 0000000000000000 RBX: 00000000002d559a RCX: 0000000000413630 [ 2971.841542][T23755] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffb87c9f60 [ 2971.849492][T23755] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002049940 [ 2971.857453][T23755] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb87c9f60 [ 2971.865407][T23755] R13: 00007fffb87c9f50 R14: 0000000000000000 R15: 00007fffb87c9f60 [ 2971.880833][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2971.948760][T23783] 8021q: adding VLAN 0 to HW filter on device team0 [ 2972.004306][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2972.012546][T23755] memory: usage 984kB, limit 0kB, failcnt 1307 [ 2972.018704][T23755] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2972.027657][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2972.036008][T23755] Memory cgroup stats for /syz5: [ 2972.036120][T23755] anon 28672 [ 2972.036120][T23755] file 0 [ 2972.036120][T23755] kernel_stack 0 [ 2972.036120][T23755] slab 942080 [ 2972.036120][T23755] sock 4096 [ 2972.036120][T23755] shmem 77824 [ 2972.036120][T23755] file_mapped 0 [ 2972.036120][T23755] file_dirty 0 [ 2972.036120][T23755] file_writeback 0 [ 2972.036120][T23755] anon_thp 0 [ 2972.036120][T23755] inactive_anon 135168 [ 2972.036120][T23755] active_anon 28672 [ 2972.036120][T23755] inactive_file 0 [ 2972.036120][T23755] active_file 0 [ 2972.036120][T23755] unevictable 0 [ 2972.036120][T23755] slab_reclaimable 270336 [ 2972.036120][T23755] slab_unreclaimable 671744 [ 2972.036120][T23755] pgfault 21252 [ 2972.036120][T23755] pgmajfault 0 [ 2972.036120][T23755] workingset_refault 0 [ 2972.036120][T23755] workingset_activate 0 [ 2972.036120][T23755] workingset_nodereclaim 0 [ 2972.036120][T23755] pgrefill 165 [ 2972.036120][T23755] pgscan 253 [ 2972.036120][T23755] pgsteal 69 [ 2972.036120][T23755] pgactivate 66 [ 2972.142297][T22393] bridge0: port 1(bridge_slave_0) entered blocking state [ 2972.149380][T22393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2972.158677][T23755] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23755,uid=0 [ 2972.172297][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2972.174826][T23755] Memory cgroup out of memory: Killed process 23755 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2972.194324][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2972.201434][ T1066] oom_reaper: reaped process 23755 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2972.222447][T22393] bridge0: port 2(bridge_slave_1) entered blocking state [ 2972.229516][T22393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2972.265116][T23785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2972.304314][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2972.316572][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2972.687877][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2972.698859][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2972.708488][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2972.761137][T23785] 8021q: adding VLAN 0 to HW filter on device team0 [ 2972.774060][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2972.793755][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2972.813145][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2972.832466][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2972.841275][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2972.872909][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2972.881161][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2972.961998][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2972.971074][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2972.980280][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2972.990748][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2973.000319][T18236] bridge0: port 1(bridge_slave_0) entered blocking state [ 2973.007430][T18236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2973.023312][T23783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2973.085741][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2973.094287][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2973.104246][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2973.114180][T22393] bridge0: port 2(bridge_slave_1) entered blocking state [ 2973.121238][T22393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2973.130064][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2973.158826][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2973.251325][T23783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2973.291055][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2973.310208][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2973.328437][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2973.338474][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2973.348936][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2973.367485][T23815] IPVS: ftp: loaded support on port[0] = 21 [ 2973.424575][T23785] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2973.435117][T23785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2973.451412][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2973.465443][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2973.483153][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2973.493471][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2973.505551][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2973.768742][T23821] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2973.774253][T23785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2973.788172][T23821] CPU: 1 PID: 23821 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2973.795738][T23821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2973.805784][T23821] Call Trace: [ 2973.809083][T23821] dump_stack+0x172/0x1f0 [ 2973.813422][T23821] dump_header+0x10b/0x82d [ 2973.817850][T23821] oom_kill_process.cold+0x10/0x15 [ 2973.822976][T23821] out_of_memory+0x334/0x1340 [ 2973.827651][T23821] ? __this_cpu_preempt_check+0x3a/0x210 [ 2973.833285][T23821] ? retint_kernel+0x2b/0x2b [ 2973.837882][T23821] ? oom_killer_disable+0x280/0x280 [ 2973.843090][T23821] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2973.848813][T23821] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2973.854337][T23821] ? memcg_stat_show+0xc40/0xc40 [ 2973.859259][T23821] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2973.865043][T23821] ? cgroup_file_notify+0x140/0x1b0 [ 2973.870227][T23821] memory_max_write+0x262/0x3a0 [ 2973.875057][T23821] ? mem_cgroup_write+0x370/0x370 [ 2973.880058][T23821] ? mem_cgroup_write+0x370/0x370 [ 2973.885061][T23821] cgroup_file_write+0x241/0x790 [ 2973.889975][T23821] ? mem_cgroup_write+0x370/0x370 [ 2973.894980][T23821] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2973.900593][T23821] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2973.906212][T23821] kernfs_fop_write+0x2b8/0x480 [ 2973.911044][T23821] __vfs_write+0x8a/0x110 [ 2973.915349][T23821] ? kernfs_fop_open+0xd80/0xd80 [ 2973.920260][T23821] vfs_write+0x268/0x5d0 [ 2973.924488][T23821] ksys_write+0x14f/0x290 [ 2973.928795][T23821] ? __ia32_sys_read+0xb0/0xb0 [ 2973.933536][T23821] ? do_syscall_64+0x26/0x760 [ 2973.938192][T23821] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2973.944235][T23821] ? do_syscall_64+0x26/0x760 [ 2973.948891][T23821] __x64_sys_write+0x73/0xb0 [ 2973.953457][T23821] do_syscall_64+0xfa/0x760 [ 2973.957939][T23821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2973.963817][T23821] RIP: 0033:0x459a29 [ 2973.967699][T23821] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2973.987278][T23821] RSP: 002b:00007f789625bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2973.995663][T23821] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2974.003609][T23821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 2974.011556][T23821] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2974.019502][T23821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f789625c6d4 [ 2974.027449][T23821] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2974.054237][T23821] memory: usage 3028kB, limit 0kB, failcnt 1236 [ 2974.060724][T23821] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2974.079299][T23821] Memory cgroup stats for /syz4: [ 2974.080119][T23821] anon 2138112 [ 2974.080119][T23821] file 28672 [ 2974.080119][T23821] kernel_stack 65536 [ 2974.080119][T23821] slab 692224 [ 2974.080119][T23821] sock 0 [ 2974.080119][T23821] shmem 0 [ 2974.080119][T23821] file_mapped 0 [ 2974.080119][T23821] file_dirty 135168 [ 2974.080119][T23821] file_writeback 0 [ 2974.080119][T23821] anon_thp 2097152 [ 2974.080119][T23821] inactive_anon 0 [ 2974.080119][T23821] active_anon 2138112 [ 2974.080119][T23821] inactive_file 135168 [ 2974.080119][T23821] active_file 0 [ 2974.080119][T23821] unevictable 0 [ 2974.080119][T23821] slab_reclaimable 270336 [ 2974.080119][T23821] slab_unreclaimable 421888 [ 2974.080119][T23821] pgfault 19536 [ 2974.080119][T23821] pgmajfault 0 [ 2974.080119][T23821] workingset_refault 0 [ 2974.080119][T23821] workingset_activate 0 [ 2974.080119][T23821] workingset_nodereclaim 0 [ 2974.080119][T23821] pgrefill 67 [ 2974.080119][T23821] pgscan 110 [ 2974.080119][T23821] pgsteal 70 [ 2974.080119][T23821] pgactivate 33 [ 2974.177515][T23821] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23820,uid=0 [ 2974.214130][T23821] Memory cgroup out of memory: Killed process 23820 (syz-executor.4) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2974.251952][ T1066] oom_reaper: reaped process 23820 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2974.315309][T23815] chnl_net:caif_netlink_parms(): no params data found 20:14:04 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2974.419322][T23783] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2974.427477][T23829] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2974.457298][T23783] CPU: 0 PID: 23783 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2974.464863][T23783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2974.474909][T23783] Call Trace: [ 2974.474933][T23783] dump_stack+0x172/0x1f0 [ 2974.474957][T23783] dump_header+0x10b/0x82d [ 2974.474969][T23783] ? oom_kill_process+0x94/0x3f0 [ 2974.474985][T23783] oom_kill_process.cold+0x10/0x15 [ 2974.475001][T23783] out_of_memory+0x334/0x1340 [ 2974.475017][T23783] ? lock_downgrade+0x920/0x920 [ 2974.475041][T23783] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2974.475057][T23783] ? oom_killer_disable+0x280/0x280 [ 2974.475079][T23783] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2974.475095][T23783] ? memcg_stat_show+0xc40/0xc40 [ 2974.506559][T23783] ? do_raw_spin_unlock+0x57/0x270 [ 2974.523035][T23783] ? _raw_spin_unlock+0x2d/0x50 [ 2974.533041][T23783] try_charge+0xf4b/0x1440 [ 2974.533064][T23783] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2974.533076][T23783] ? percpu_ref_tryget_live+0x111/0x290 [ 2974.533096][T23783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2974.533112][T23783] ? __kasan_check_read+0x11/0x20 [ 2974.533131][T23783] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2974.533151][T23783] mem_cgroup_try_charge+0x136/0x590 [ 2974.533175][T23783] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2974.542394][T23783] __handle_mm_fault+0x1f0d/0x4040 [ 2974.542414][T23783] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2974.542431][T23783] ? handle_mm_fault+0x292/0xaa0 [ 2974.542457][T23783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2974.581119][T23783] ? __kasan_check_read+0x11/0x20 [ 2974.602888][T23783] handle_mm_fault+0x3b7/0xaa0 [ 2974.612652][T23783] __do_page_fault+0x536/0xdd0 [ 2974.612675][T23783] do_page_fault+0x38/0x590 [ 2974.612698][T23783] page_fault+0x39/0x40 [ 2974.612708][T23783] RIP: 0033:0x4034f2 [ 2974.612724][T23783] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2974.612730][T23783] RSP: 002b:00007fff16366e60 EFLAGS: 00010246 [ 2974.612742][T23783] RAX: 0000000000000000 RBX: 00000000002d6015 RCX: 0000000000413630 [ 2974.612749][T23783] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff16367f90 [ 2974.612757][T23783] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002021940 [ 2974.612765][T23783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff16367f90 [ 2974.612772][T23783] R13: 00007fff16367f80 R14: 0000000000000000 R15: 00007fff16367f90 [ 2974.722102][T23783] memory: usage 700kB, limit 0kB, failcnt 1244 [ 2974.728289][T23783] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2974.751762][T23783] Memory cgroup stats for /syz4: [ 2974.751868][T23783] anon 28672 [ 2974.751868][T23783] file 28672 [ 2974.751868][T23783] kernel_stack 65536 [ 2974.751868][T23783] slab 692224 [ 2974.751868][T23783] sock 0 [ 2974.751868][T23783] shmem 0 [ 2974.751868][T23783] file_mapped 0 [ 2974.751868][T23783] file_dirty 135168 [ 2974.751868][T23783] file_writeback 0 [ 2974.751868][T23783] anon_thp 0 [ 2974.751868][T23783] inactive_anon 0 [ 2974.751868][T23783] active_anon 28672 [ 2974.751868][T23783] inactive_file 135168 [ 2974.751868][T23783] active_file 0 [ 2974.751868][T23783] unevictable 0 [ 2974.751868][T23783] slab_reclaimable 270336 [ 2974.751868][T23783] slab_unreclaimable 421888 [ 2974.751868][T23783] pgfault 19536 [ 2974.751868][T23783] pgmajfault 0 [ 2974.751868][T23783] workingset_refault 0 [ 2974.751868][T23783] workingset_activate 0 [ 2974.751868][T23783] workingset_nodereclaim 0 [ 2974.751868][T23783] pgrefill 67 [ 2974.751868][T23783] pgscan 110 [ 2974.751868][T23783] pgsteal 70 [ 2974.751868][T23783] pgactivate 33 [ 2974.847151][T23783] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23783,uid=0 [ 2974.862937][T23783] Memory cgroup out of memory: Killed process 23783 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2974.881264][ T1066] oom_reaper: reaped process 23783 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2974.893045][T23829] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2974.925122][T23829] CPU: 1 PID: 23829 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2974.932704][T23829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2974.942760][T23829] Call Trace: [ 2974.946058][T23829] dump_stack+0x172/0x1f0 [ 2974.950395][T23829] dump_header+0x10b/0x82d [ 2974.954819][T23829] oom_kill_process.cold+0x10/0x15 [ 2974.959926][T23829] out_of_memory+0x334/0x1340 [ 2974.964598][T23829] ? oom_killer_disable+0x280/0x280 [ 2974.969786][T23829] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2974.975311][T23829] ? memcg_stat_show+0xc40/0xc40 [ 2974.980233][T23829] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2974.986021][T23829] ? cgroup_file_notify+0x140/0x1b0 [ 2974.991199][T23829] memory_max_write+0x262/0x3a0 [ 2974.996032][T23829] ? mem_cgroup_write+0x370/0x370 [ 2975.001046][T23829] ? mem_cgroup_write+0x370/0x370 [ 2975.006066][T23829] cgroup_file_write+0x241/0x790 [ 2975.011000][T23829] ? mem_cgroup_write+0x370/0x370 [ 2975.016016][T23829] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2975.021638][T23829] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2975.027253][T23829] kernfs_fop_write+0x2b8/0x480 [ 2975.032086][T23829] __vfs_write+0x8a/0x110 [ 2975.036404][T23829] ? kernfs_fop_open+0xd80/0xd80 [ 2975.041330][T23829] vfs_write+0x268/0x5d0 [ 2975.045726][T23829] ksys_write+0x14f/0x290 [ 2975.050032][T23829] ? __ia32_sys_read+0xb0/0xb0 [ 2975.054776][T23829] ? do_syscall_64+0x26/0x760 [ 2975.059436][T23829] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2975.065479][T23829] ? do_syscall_64+0x26/0x760 [ 2975.070138][T23829] __x64_sys_write+0x73/0xb0 [ 2975.074707][T23829] do_syscall_64+0xfa/0x760 [ 2975.079194][T23829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2975.085065][T23829] RIP: 0033:0x459a29 [ 2975.088949][T23829] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2975.108532][T23829] RSP: 002b:00007f057bd18c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2975.116933][T23829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2975.124886][T23829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2975.132833][T23829] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2975.140781][T23829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f057bd196d4 [ 2975.148745][T23829] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2975.176464][T23829] memory: usage 3232kB, limit 0kB, failcnt 1270 [ 2975.189632][T23829] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2975.196957][T23829] Memory cgroup stats for /syz0: [ 2975.197730][T23829] anon 2187264 [ 2975.197730][T23829] file 20480 [ 2975.197730][T23829] kernel_stack 65536 [ 2975.197730][T23829] slab 958464 [ 2975.197730][T23829] sock 0 [ 2975.197730][T23829] shmem 0 [ 2975.197730][T23829] file_mapped 0 [ 2975.197730][T23829] file_dirty 0 [ 2975.197730][T23829] file_writeback 0 [ 2975.197730][T23829] anon_thp 2097152 [ 2975.197730][T23829] inactive_anon 0 [ 2975.197730][T23829] active_anon 2187264 [ 2975.197730][T23829] inactive_file 0 [ 2975.197730][T23829] active_file 0 [ 2975.197730][T23829] unevictable 0 [ 2975.197730][T23829] slab_reclaimable 270336 [ 2975.197730][T23829] slab_unreclaimable 688128 [ 2975.197730][T23829] pgfault 18777 [ 2975.197730][T23829] pgmajfault 0 [ 2975.197730][T23829] workingset_refault 0 [ 2975.197730][T23829] workingset_activate 0 [ 2975.197730][T23829] workingset_nodereclaim 0 [ 2975.197730][T23829] pgrefill 66 [ 2975.197730][T23829] pgscan 66 [ 2975.197730][T23829] pgsteal 0 [ 2975.197730][T23829] pgactivate 33 [ 2975.294505][T23829] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23828,uid=0 [ 2975.321243][T23815] bridge0: port 1(bridge_slave_0) entered blocking state [ 2975.330408][T23815] bridge0: port 1(bridge_slave_0) entered disabled state [ 2975.339322][T23815] device bridge_slave_0 entered promiscuous mode [ 2975.342036][T23829] Memory cgroup out of memory: Killed process 23829 (syz-executor.0) total-vm:72708kB, anon-rss:2196kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 20:14:05 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:05 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, 0xffffffffffffffff, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) socket$kcm(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:05 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xfffff000}, 0x0) 20:14:05 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2975.393813][ T1066] oom_reaper: reaped process 23829 (syz-executor.0), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 20:14:05 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xffffff7f}, 0x0) [ 2975.465597][T23785] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2975.561899][T23785] CPU: 1 PID: 23785 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2975.569485][T23785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2975.579538][T23785] Call Trace: [ 2975.582837][T23785] dump_stack+0x172/0x1f0 [ 2975.587174][T23785] dump_header+0x10b/0x82d [ 2975.591583][T23785] ? oom_kill_process+0x94/0x3f0 [ 2975.596520][T23785] oom_kill_process.cold+0x10/0x15 [ 2975.601633][T23785] out_of_memory+0x334/0x1340 [ 2975.606310][T23785] ? preempt_schedule_irq+0xf3/0x160 [ 2975.611593][T23785] ? retint_kernel+0x2b/0x2b [ 2975.616182][T23785] ? oom_killer_disable+0x280/0x280 [ 2975.621397][T23785] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2975.626945][T23785] ? memcg_stat_show+0xc40/0xc40 [ 2975.631891][T23785] ? do_raw_spin_unlock+0x57/0x270 [ 2975.637002][T23785] ? _raw_spin_unlock+0x2d/0x50 [ 2975.641853][T23785] try_charge+0xf4b/0x1440 [ 2975.646285][T23785] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2975.651830][T23785] ? percpu_ref_tryget_live+0x111/0x290 [ 2975.657381][T23785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2975.663620][T23785] ? __kasan_check_read+0x11/0x20 [ 2975.668663][T23785] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2975.674214][T23785] mem_cgroup_try_charge+0x136/0x590 [ 2975.679508][T23785] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2975.685145][T23785] wp_page_copy+0x407/0x1860 [ 2975.689732][T23785] ? find_held_lock+0x35/0x130 [ 2975.694498][T23785] ? do_wp_page+0x53b/0x15c0 [ 2975.699088][T23785] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2975.704894][T23785] ? lock_downgrade+0x920/0x920 [ 2975.709748][T23785] ? swp_swapcount+0x540/0x540 [ 2975.714508][T23785] ? __kasan_check_read+0x11/0x20 [ 2975.719527][T23785] ? do_raw_spin_unlock+0x57/0x270 [ 2975.724644][T23785] do_wp_page+0x543/0x15c0 [ 2975.729065][T23785] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2975.734446][T23785] __handle_mm_fault+0x23ec/0x4040 [ 2975.739563][T23785] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2975.745107][T23785] ? handle_mm_fault+0x292/0xaa0 [ 2975.750051][T23785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2975.756288][T23785] ? __kasan_check_read+0x11/0x20 [ 2975.761320][T23785] handle_mm_fault+0x3b7/0xaa0 [ 2975.766091][T23785] __do_page_fault+0x536/0xdd0 [ 2975.770865][T23785] do_page_fault+0x38/0x590 [ 2975.775375][T23785] page_fault+0x39/0x40 [ 2975.779521][T23785] RIP: 0033:0x430b06 [ 2975.783412][T23785] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 2975.803017][T23785] RSP: 002b:00007ffcd23cf8e0 EFLAGS: 00010206 [ 2975.809086][T23785] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2975.817055][T23785] RDX: 0000000000ba0930 RSI: 0000000000ba8970 RDI: 0000000000000003 [ 2975.825019][T23785] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000b9f940 [ 2975.832983][T23785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2975.840948][T23785] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 20:14:05 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xffffff9e}, 0x0) 20:14:05 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xfffffff0}, 0x0) [ 2976.056571][T23815] bridge0: port 2(bridge_slave_1) entered blocking state [ 2976.073955][T23815] bridge0: port 2(bridge_slave_1) entered disabled state 20:14:05 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x3000000000000}, 0x0) [ 2976.097273][T23815] device bridge_slave_1 entered promiscuous mode [ 2976.221700][T23785] memory: usage 864kB, limit 0kB, failcnt 1278 [ 2976.249192][T23785] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2976.258076][T23815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2976.289275][T23785] Memory cgroup stats for /syz0: [ 2976.289376][T23785] anon 0 [ 2976.289376][T23785] file 20480 [ 2976.289376][T23785] kernel_stack 0 [ 2976.289376][T23785] slab 958464 [ 2976.289376][T23785] sock 0 [ 2976.289376][T23785] shmem 0 [ 2976.289376][T23785] file_mapped 0 [ 2976.289376][T23785] file_dirty 0 [ 2976.289376][T23785] file_writeback 0 [ 2976.289376][T23785] anon_thp 0 [ 2976.289376][T23785] inactive_anon 0 [ 2976.289376][T23785] active_anon 0 [ 2976.289376][T23785] inactive_file 0 [ 2976.289376][T23785] active_file 0 [ 2976.289376][T23785] unevictable 0 [ 2976.289376][T23785] slab_reclaimable 270336 [ 2976.289376][T23785] slab_unreclaimable 688128 [ 2976.289376][T23785] pgfault 18777 [ 2976.289376][T23785] pgmajfault 0 [ 2976.289376][T23785] workingset_refault 0 [ 2976.289376][T23785] workingset_activate 0 [ 2976.289376][T23785] workingset_nodereclaim 0 [ 2976.289376][T23785] pgrefill 66 [ 2976.289376][T23785] pgscan 66 [ 2976.289376][T23785] pgsteal 0 [ 2976.289376][T23785] pgactivate 33 [ 2976.289376][T23785] pgdeactivate 66 [ 2976.392136][T23815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2976.447444][T23785] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23785,uid=0 [ 2976.463866][T23785] Memory cgroup out of memory: Killed process 23785 (syz-executor.0) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2976.482540][ T1066] oom_reaper: reaped process 23785 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2976.497808][T23815] team0: Port device team_slave_0 added [ 2976.507251][T23815] team0: Port device team_slave_1 added [ 2976.885693][T23815] device hsr_slave_0 entered promiscuous mode [ 2976.942694][T23815] device hsr_slave_1 entered promiscuous mode [ 2976.982561][T23815] debugfs: Directory 'hsr0' with parent '/' already present! [ 2977.108873][T23847] IPVS: ftp: loaded support on port[0] = 21 [ 2977.283050][T23815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2977.387277][T23815] 8021q: adding VLAN 0 to HW filter on device team0 [ 2977.468257][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2977.492945][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2977.511537][T23847] chnl_net:caif_netlink_parms(): no params data found [ 2977.531458][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2977.553032][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2977.561578][T13425] bridge0: port 1(bridge_slave_0) entered blocking state [ 2977.568732][T13425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2977.599615][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2977.609751][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2977.620613][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2977.629869][T20707] bridge0: port 2(bridge_slave_1) entered blocking state [ 2977.637013][T20707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2977.646159][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2977.673499][T23850] IPVS: ftp: loaded support on port[0] = 21 [ 2977.728486][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2977.738535][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2977.748122][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2977.807568][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2977.830902][T23847] bridge0: port 1(bridge_slave_0) entered blocking state [ 2977.840110][T23847] bridge0: port 1(bridge_slave_0) entered disabled state [ 2977.849133][T23847] device bridge_slave_0 entered promiscuous mode [ 2977.863932][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2977.874526][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2977.883715][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2977.893715][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2977.970192][T23815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2977.985706][T23815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2977.994785][T23847] bridge0: port 2(bridge_slave_1) entered blocking state [ 2978.003286][T23847] bridge0: port 2(bridge_slave_1) entered disabled state [ 2978.012895][T23847] device bridge_slave_1 entered promiscuous mode [ 2978.077463][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2978.088490][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2978.284507][T23815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2978.295575][T23847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2978.326888][T23847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2978.446037][T23847] team0: Port device team_slave_0 added [ 2978.477570][T23847] team0: Port device team_slave_1 added [ 2978.557002][T23850] chnl_net:caif_netlink_parms(): no params data found [ 2978.643226][T23847] device hsr_slave_0 entered promiscuous mode [ 2978.682665][T23847] device hsr_slave_1 entered promiscuous mode [ 2978.691583][T23858] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2978.732006][T23847] debugfs: Directory 'hsr0' with parent '/' already present! [ 2978.817468][T23860] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2978.853020][T23860] CPU: 0 PID: 23860 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2978.860603][T23860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2978.870653][T23860] Call Trace: [ 2978.873956][T23860] dump_stack+0x172/0x1f0 [ 2978.878299][T23860] dump_header+0x10b/0x82d [ 2978.882721][T23860] oom_kill_process.cold+0x10/0x15 [ 2978.887833][T23860] out_of_memory+0x334/0x1340 [ 2978.892512][T23860] ? __sched_text_start+0x8/0x8 [ 2978.892526][T23860] ? oom_killer_disable+0x280/0x280 [ 2978.892551][T23860] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2978.892563][T23860] ? memcg_stat_show+0xc40/0xc40 [ 2978.892583][T23860] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2978.892603][T23860] ? cgroup_file_notify+0x140/0x1b0 [ 2978.892623][T23860] memory_max_write+0x262/0x3a0 [ 2978.913095][T23860] ? mem_cgroup_write+0x370/0x370 [ 2978.924046][T23860] ? lock_acquire+0x190/0x410 [ 2978.924063][T23860] ? kernfs_fop_write+0x227/0x480 [ 2978.924090][T23860] cgroup_file_write+0x241/0x790 [ 2978.924108][T23860] ? mem_cgroup_write+0x370/0x370 [ 2978.924129][T23860] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2978.924152][T23860] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2978.924166][T23860] kernfs_fop_write+0x2b8/0x480 [ 2978.924183][T23860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.924205][T23860] __vfs_write+0x8a/0x110 [ 2978.943687][T23860] ? kernfs_fop_open+0xd80/0xd80 [ 2978.953609][T23860] vfs_write+0x268/0x5d0 [ 2978.953628][T23860] ksys_write+0x14f/0x290 [ 2978.953644][T23860] ? __ia32_sys_read+0xb0/0xb0 [ 2978.953664][T23860] ? do_syscall_64+0x26/0x760 [ 2978.953684][T23860] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2978.953697][T23860] ? do_syscall_64+0x26/0x760 [ 2978.953716][T23860] __x64_sys_write+0x73/0xb0 [ 2978.953730][T23860] do_syscall_64+0xfa/0x760 [ 2978.953750][T23860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2978.976020][T23860] RIP: 0033:0x459a29 [ 2978.985236][T23860] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2978.985244][T23860] RSP: 002b:00007f4c0a438c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2978.985257][T23860] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2978.985264][T23860] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2978.985270][T23860] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2978.985277][T23860] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c0a4396d4 [ 2978.985284][T23860] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2979.108983][T23850] bridge0: port 1(bridge_slave_0) entered blocking state [ 2979.116203][T23850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2979.124708][T23850] device bridge_slave_0 entered promiscuous mode [ 2979.138838][T23860] memory: usage 3152kB, limit 0kB, failcnt 1296 [ 2979.145572][T23860] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2979.152556][T23860] Memory cgroup stats for /syz2: [ 2979.152674][T23860] anon 2084864 [ 2979.152674][T23860] file 20480 [ 2979.152674][T23860] kernel_stack 65536 [ 2979.152674][T23860] slab 671744 [ 2979.152674][T23860] sock 0 [ 2979.152674][T23860] shmem 0 [ 2979.152674][T23860] file_mapped 0 [ 2979.152674][T23860] file_dirty 135168 [ 2979.152674][T23860] file_writeback 0 [ 2979.152674][T23860] anon_thp 2097152 [ 2979.152674][T23860] inactive_anon 0 [ 2979.152674][T23860] active_anon 2084864 [ 2979.152674][T23860] inactive_file 0 [ 2979.152674][T23860] active_file 0 [ 2979.152674][T23860] unevictable 0 [ 2979.152674][T23860] slab_reclaimable 270336 [ 2979.152674][T23860] slab_unreclaimable 401408 [ 2979.152674][T23860] pgfault 18249 [ 2979.152674][T23860] pgmajfault 0 [ 2979.152674][T23860] workingset_refault 0 [ 2979.152674][T23860] workingset_activate 0 [ 2979.152674][T23860] workingset_nodereclaim 0 [ 2979.152674][T23860] pgrefill 99 [ 2979.152674][T23860] pgscan 99 [ 2979.152674][T23860] pgsteal 0 [ 2979.152674][T23860] pgactivate 66 [ 2979.247882][T23860] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23857,uid=0 [ 2979.267971][T23860] Memory cgroup out of memory: Killed process 23857 (syz-executor.2) total-vm:72840kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2979.288400][ T1066] oom_reaper: reaped process 23857 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 2979.299745][T23850] bridge0: port 2(bridge_slave_1) entered blocking state [ 2979.308035][T23850] bridge0: port 2(bridge_slave_1) entered disabled state 20:14:08 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:08 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:08 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x40030000000000}, 0x0) 20:14:08 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 2979.323229][T23850] device bridge_slave_1 entered promiscuous mode [ 2979.351810][T23815] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2979.407763][T23815] CPU: 0 PID: 23815 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2979.415345][T23815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2979.425396][T23815] Call Trace: [ 2979.428698][T23815] dump_stack+0x172/0x1f0 [ 2979.433035][T23815] dump_header+0x10b/0x82d [ 2979.437449][T23815] ? oom_kill_process+0x94/0x3f0 [ 2979.442391][T23815] oom_kill_process.cold+0x10/0x15 [ 2979.447504][T23815] out_of_memory+0x334/0x1340 [ 2979.452177][T23815] ? lock_downgrade+0x920/0x920 [ 2979.457028][T23815] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2979.462834][T23815] ? oom_killer_disable+0x280/0x280 [ 2979.468051][T23815] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2979.473595][T23815] ? memcg_stat_show+0xc40/0xc40 [ 2979.478643][T23815] ? do_raw_spin_unlock+0x57/0x270 [ 2979.483760][T23815] ? _raw_spin_unlock+0x2d/0x50 [ 2979.488622][T23815] try_charge+0xf4b/0x1440 [ 2979.493052][T23815] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2979.498599][T23815] ? percpu_ref_tryget_live+0x111/0x290 [ 2979.504151][T23815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2979.510391][T23815] ? __kasan_check_read+0x11/0x20 [ 2979.515417][T23815] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2979.520963][T23815] mem_cgroup_try_charge+0x136/0x590 [ 2979.526253][T23815] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2979.531892][T23815] wp_page_copy+0x407/0x1860 [ 2979.536489][T23815] ? find_held_lock+0x35/0x130 [ 2979.541258][T23815] ? do_wp_page+0x53b/0x15c0 [ 2979.545856][T23815] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2979.551672][T23815] ? lock_downgrade+0x920/0x920 [ 2979.556534][T23815] ? swp_swapcount+0x540/0x540 [ 2979.561304][T23815] ? __kasan_check_read+0x11/0x20 [ 2979.566327][T23815] ? do_raw_spin_unlock+0x57/0x270 [ 2979.571438][T23815] do_wp_page+0x543/0x15c0 [ 2979.575857][T23815] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2979.581238][T23815] __handle_mm_fault+0x23ec/0x4040 [ 2979.586353][T23815] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2979.591895][T23815] ? handle_mm_fault+0x292/0xaa0 [ 2979.596838][T23815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2979.603075][T23815] ? __kasan_check_read+0x11/0x20 [ 2979.608102][T23815] handle_mm_fault+0x3b7/0xaa0 [ 2979.612873][T23815] __do_page_fault+0x536/0xdd0 [ 2979.617639][T23815] do_page_fault+0x38/0x590 [ 2979.622146][T23815] page_fault+0x39/0x40 [ 2979.626301][T23815] RIP: 0033:0x430b06 [ 2979.630197][T23815] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 2979.649809][T23815] RSP: 002b:00007fffcc7fa150 EFLAGS: 00010206 20:14:09 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xf0ffffffffffff}, 0x0) [ 2979.655888][T23815] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2979.663868][T23815] RDX: 0000000001f43930 RSI: 0000000001f4b970 RDI: 0000000000000003 [ 2979.671842][T23815] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001f42940 [ 2979.679821][T23815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2979.687798][T23815] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2979.778330][T23815] memory: usage 736kB, limit 0kB, failcnt 1304 [ 2979.811728][T23815] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2979.818628][T23815] Memory cgroup stats for /syz2: [ 2979.818741][T23815] anon 0 [ 2979.818741][T23815] file 20480 [ 2979.818741][T23815] kernel_stack 65536 [ 2979.818741][T23815] slab 671744 [ 2979.818741][T23815] sock 0 [ 2979.818741][T23815] shmem 0 [ 2979.818741][T23815] file_mapped 0 [ 2979.818741][T23815] file_dirty 135168 [ 2979.818741][T23815] file_writeback 0 [ 2979.818741][T23815] anon_thp 0 [ 2979.818741][T23815] inactive_anon 0 [ 2979.818741][T23815] active_anon 0 [ 2979.818741][T23815] inactive_file 0 [ 2979.818741][T23815] active_file 0 [ 2979.818741][T23815] unevictable 0 [ 2979.818741][T23815] slab_reclaimable 270336 [ 2979.818741][T23815] slab_unreclaimable 401408 [ 2979.818741][T23815] pgfault 18282 [ 2979.818741][T23815] pgmajfault 0 [ 2979.818741][T23815] workingset_refault 0 [ 2979.818741][T23815] workingset_activate 0 [ 2979.818741][T23815] workingset_nodereclaim 0 [ 2979.818741][T23815] pgrefill 99 [ 2979.818741][T23815] pgscan 99 [ 2979.818741][T23815] pgsteal 0 [ 2979.818741][T23815] pgactivate 66 [ 2979.819010][T23850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2979.851659][T23815] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23815,uid=0 [ 2980.079400][T23815] Memory cgroup out of memory: Killed process 23815 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 2980.111462][ T1066] oom_reaper: reaped process 23815 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2980.196462][T23850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2980.567271][T23850] team0: Port device team_slave_0 added [ 2980.630942][T23850] team0: Port device team_slave_1 added [ 2980.662264][T23847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2980.785421][T23850] device hsr_slave_0 entered promiscuous mode [ 2980.822526][T23850] device hsr_slave_1 entered promiscuous mode [ 2980.871734][T23850] debugfs: Directory 'hsr0' with parent '/' already present! [ 2980.928459][T23847] 8021q: adding VLAN 0 to HW filter on device team0 [ 2980.938089][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2980.946559][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2981.067726][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2981.077208][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2981.086232][T20707] bridge0: port 1(bridge_slave_0) entered blocking state [ 2981.093343][T20707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2981.124122][T23868] IPVS: ftp: loaded support on port[0] = 21 [ 2981.124148][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2981.139121][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2981.149474][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2981.159437][T13425] bridge0: port 2(bridge_slave_1) entered blocking state [ 2981.166557][T13425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2981.176257][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2981.259705][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2981.328247][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2981.337928][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2981.371102][T23870] IPVS: ftp: loaded support on port[0] = 21 [ 2981.417480][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2981.428720][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2981.438347][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2981.448319][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2981.458270][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2981.557163][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2981.566742][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2981.699705][T23850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2981.720275][T23847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2981.803020][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2981.811167][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2981.834086][T23850] 8021q: adding VLAN 0 to HW filter on device team0 [ 2981.989988][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2981.999894][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2982.008520][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 2982.015634][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2982.025997][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2982.035393][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2982.044022][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 2982.051115][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2982.076337][T23878] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2982.086956][T23878] CPU: 1 PID: 23878 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2982.094503][T23878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2982.104563][T23878] Call Trace: [ 2982.107864][T23878] dump_stack+0x172/0x1f0 [ 2982.112191][T23878] dump_header+0x10b/0x82d [ 2982.116589][T23878] oom_kill_process.cold+0x10/0x15 [ 2982.121680][T23878] out_of_memory+0x334/0x1340 [ 2982.126354][T23878] ? __sched_text_start+0x8/0x8 [ 2982.131230][T23878] ? oom_killer_disable+0x280/0x280 [ 2982.136453][T23878] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2982.141998][T23878] ? memcg_stat_show+0xc40/0xc40 [ 2982.146942][T23878] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2982.152783][T23878] ? cgroup_file_notify+0x140/0x1b0 [ 2982.157967][T23878] memory_max_write+0x262/0x3a0 [ 2982.162800][T23878] ? mem_cgroup_write+0x370/0x370 [ 2982.167805][T23878] ? cgroup_file_write+0x86/0x790 [ 2982.172813][T23878] cgroup_file_write+0x241/0x790 [ 2982.177738][T23878] ? mem_cgroup_write+0x370/0x370 [ 2982.182751][T23878] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2982.188374][T23878] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2982.193990][T23878] kernfs_fop_write+0x2b8/0x480 [ 2982.198824][T23878] __vfs_write+0x8a/0x110 [ 2982.203131][T23878] ? kernfs_fop_open+0xd80/0xd80 [ 2982.208053][T23878] vfs_write+0x268/0x5d0 [ 2982.212280][T23878] ksys_write+0x14f/0x290 [ 2982.216590][T23878] ? __ia32_sys_read+0xb0/0xb0 [ 2982.221366][T23878] ? do_syscall_64+0x26/0x760 [ 2982.226027][T23878] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2982.232069][T23878] ? do_syscall_64+0x26/0x760 [ 2982.236725][T23878] __x64_sys_write+0x73/0xb0 [ 2982.241293][T23878] do_syscall_64+0xfa/0x760 [ 2982.245778][T23878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2982.251645][T23878] RIP: 0033:0x459a29 [ 2982.255517][T23878] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2982.275100][T23878] RSP: 002b:00007f3f0111cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2982.283488][T23878] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2982.291434][T23878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2982.299382][T23878] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2982.307328][T23878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f0111d6d4 [ 2982.315276][T23878] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2982.329866][T23878] memory: usage 3228kB, limit 0kB, failcnt 1308 [ 2982.365200][T23878] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2982.374306][T23878] Memory cgroup stats for /syz5: [ 2982.375532][T23878] anon 2101248 [ 2982.375532][T23878] file 0 [ 2982.375532][T23878] kernel_stack 65536 [ 2982.375532][T23878] slab 942080 [ 2982.375532][T23878] sock 4096 [ 2982.375532][T23878] shmem 77824 [ 2982.375532][T23878] file_mapped 0 [ 2982.375532][T23878] file_dirty 0 [ 2982.375532][T23878] file_writeback 0 [ 2982.375532][T23878] anon_thp 2097152 [ 2982.375532][T23878] inactive_anon 135168 [ 2982.375532][T23878] active_anon 2101248 [ 2982.375532][T23878] inactive_file 0 [ 2982.375532][T23878] active_file 0 [ 2982.375532][T23878] unevictable 0 [ 2982.375532][T23878] slab_reclaimable 270336 [ 2982.375532][T23878] slab_unreclaimable 671744 [ 2982.375532][T23878] pgfault 21351 [ 2982.375532][T23878] pgmajfault 0 [ 2982.375532][T23878] workingset_refault 0 [ 2982.375532][T23878] workingset_activate 0 [ 2982.375532][T23878] workingset_nodereclaim 0 [ 2982.375532][T23878] pgrefill 165 [ 2982.375532][T23878] pgscan 253 [ 2982.375532][T23878] pgsteal 69 [ 2982.375532][T23878] pgactivate 66 [ 2982.481787][T23878] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23877,uid=0 [ 2982.512034][T23878] Memory cgroup out of memory: Killed process 23877 (syz-executor.5) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2982.540164][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2982.551943][ T1066] oom_reaper: reaped process 23877 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2982.552757][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2982.593219][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2982.602521][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2982.611562][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2982.733511][T23847] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2982.748754][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2982.757075][T23847] CPU: 0 PID: 23847 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2982.764622][T23847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2982.774666][T23847] Call Trace: [ 2982.777959][T23847] dump_stack+0x172/0x1f0 [ 2982.782292][T23847] dump_header+0x10b/0x82d [ 2982.786703][T23847] ? oom_kill_process+0x94/0x3f0 [ 2982.791636][T23847] oom_kill_process.cold+0x10/0x15 [ 2982.796745][T23847] out_of_memory+0x334/0x1340 [ 2982.801415][T23847] ? lock_downgrade+0x920/0x920 [ 2982.806268][T23847] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2982.812085][T23847] ? oom_killer_disable+0x280/0x280 [ 2982.817289][T23847] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2982.822831][T23847] ? memcg_stat_show+0xc40/0xc40 [ 2982.827770][T23847] ? do_raw_spin_unlock+0x57/0x270 [ 2982.832879][T23847] ? _raw_spin_unlock+0x2d/0x50 [ 2982.837731][T23847] try_charge+0xf4b/0x1440 [ 2982.842153][T23847] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2982.847704][T23847] ? percpu_ref_tryget_live+0x111/0x290 [ 2982.853251][T23847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2982.859487][T23847] ? __kasan_check_read+0x11/0x20 [ 2982.864513][T23847] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2982.870057][T23847] mem_cgroup_try_charge+0x136/0x590 [ 2982.875348][T23847] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2982.880981][T23847] wp_page_copy+0x407/0x1860 [ 2982.885572][T23847] ? find_held_lock+0x35/0x130 [ 2982.890334][T23847] ? do_wp_page+0x53b/0x15c0 [ 2982.894925][T23847] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2982.900730][T23847] ? lock_downgrade+0x920/0x920 [ 2982.905585][T23847] ? swp_swapcount+0x540/0x540 [ 2982.910345][T23847] ? __kasan_check_read+0x11/0x20 [ 2982.915361][T23847] ? do_raw_spin_unlock+0x57/0x270 [ 2982.920472][T23847] do_wp_page+0x543/0x15c0 [ 2982.924889][T23847] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2982.930267][T23847] __handle_mm_fault+0x23ec/0x4040 [ 2982.935378][T23847] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2982.940915][T23847] ? handle_mm_fault+0x292/0xaa0 [ 2982.945861][T23847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2982.952099][T23847] ? __kasan_check_read+0x11/0x20 [ 2982.957124][T23847] handle_mm_fault+0x3b7/0xaa0 [ 2982.961893][T23847] __do_page_fault+0x536/0xdd0 [ 2982.966662][T23847] do_page_fault+0x38/0x590 [ 2982.971162][T23847] page_fault+0x39/0x40 [ 2982.975310][T23847] RIP: 0033:0x430b06 [ 2982.979201][T23847] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 2982.998801][T23847] RSP: 002b:00007ffc6e1f1460 EFLAGS: 00010206 [ 2983.004866][T23847] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2983.012829][T23847] RDX: 0000000002401930 RSI: 0000000002409970 RDI: 0000000000000003 [ 2983.020789][T23847] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002400940 [ 2983.028754][T23847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2983.036720][T23847] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2983.045415][T23847] memory: usage 852kB, limit 0kB, failcnt 1316 [ 2983.048575][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2983.051575][T23847] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2983.060569][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2983.075489][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2983.084041][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2983.091769][T23847] Memory cgroup stats for /syz5: [ 2983.091880][T23847] anon 0 [ 2983.091880][T23847] file 0 [ 2983.091880][T23847] kernel_stack 0 [ 2983.091880][T23847] slab 942080 [ 2983.091880][T23847] sock 4096 [ 2983.091880][T23847] shmem 77824 [ 2983.091880][T23847] file_mapped 0 [ 2983.091880][T23847] file_dirty 0 [ 2983.091880][T23847] file_writeback 0 [ 2983.091880][T23847] anon_thp 0 [ 2983.091880][T23847] inactive_anon 135168 [ 2983.091880][T23847] active_anon 0 [ 2983.091880][T23847] inactive_file 0 [ 2983.091880][T23847] active_file 0 [ 2983.091880][T23847] unevictable 0 [ 2983.091880][T23847] slab_reclaimable 270336 [ 2983.091880][T23847] slab_unreclaimable 671744 [ 2983.091880][T23847] pgfault 21351 [ 2983.091880][T23847] pgmajfault 0 [ 2983.091880][T23847] workingset_refault 0 [ 2983.091880][T23847] workingset_activate 0 [ 2983.091880][T23847] workingset_nodereclaim 0 [ 2983.091880][T23847] pgrefill 165 [ 2983.091880][T23847] pgscan 253 [ 2983.091880][T23847] pgsteal 69 [ 2983.091880][T23847] pgactivate 66 [ 2983.186127][T23847] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23847,uid=0 [ 2983.201747][T23847] Memory cgroup out of memory: Killed process 23847 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2983.219931][ T1066] oom_reaper: reaped process 23847 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2983.258217][T23850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2983.276460][T23850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2983.284691][T23870] chnl_net:caif_netlink_parms(): no params data found [ 2983.299655][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2983.312561][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2983.673387][T23868] chnl_net:caif_netlink_parms(): no params data found [ 2983.785164][T23870] bridge0: port 1(bridge_slave_0) entered blocking state [ 2983.801808][T23870] bridge0: port 1(bridge_slave_0) entered disabled state [ 2983.823075][T23870] device bridge_slave_0 entered promiscuous mode [ 2983.851569][T23850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2983.968479][T23870] bridge0: port 2(bridge_slave_1) entered blocking state [ 2983.976113][T23870] bridge0: port 2(bridge_slave_1) entered disabled state [ 2983.985502][T23870] device bridge_slave_1 entered promiscuous mode [ 2984.055379][T23868] bridge0: port 1(bridge_slave_0) entered blocking state [ 2984.063992][T23868] bridge0: port 1(bridge_slave_0) entered disabled state [ 2984.073176][T23868] device bridge_slave_0 entered promiscuous mode [ 2984.085339][T23870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2984.096151][T23868] bridge0: port 2(bridge_slave_1) entered blocking state [ 2984.103721][T23868] bridge0: port 2(bridge_slave_1) entered disabled state [ 2984.112382][T23868] device bridge_slave_1 entered promiscuous mode [ 2984.122837][T23870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2984.254182][T23868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2984.266590][T23870] team0: Port device team_slave_0 added [ 2984.275430][T23868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2984.292645][T23870] team0: Port device team_slave_1 added [ 2984.395845][T23868] team0: Port device team_slave_0 added [ 2984.408872][T23887] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2984.419591][T23887] CPU: 1 PID: 23887 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2984.427131][T23887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2984.437179][T23887] Call Trace: [ 2984.440472][T23887] dump_stack+0x172/0x1f0 [ 2984.444808][T23887] dump_header+0x10b/0x82d [ 2984.449214][T23887] oom_kill_process.cold+0x10/0x15 [ 2984.454306][T23887] out_of_memory+0x334/0x1340 [ 2984.458960][T23887] ? __this_cpu_preempt_check+0x3a/0x210 [ 2984.464608][T23887] ? retint_kernel+0x2b/0x2b [ 2984.469176][T23887] ? oom_killer_disable+0x280/0x280 [ 2984.474352][T23887] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2984.480047][T23887] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2984.485596][T23887] ? memcg_stat_show+0xc40/0xc40 [ 2984.490513][T23887] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2984.496310][T23887] ? cgroup_file_notify+0x140/0x1b0 [ 2984.501484][T23887] memory_max_write+0x262/0x3a0 [ 2984.506314][T23887] ? mem_cgroup_write+0x370/0x370 [ 2984.511313][T23887] ? cgroup_file_write+0x86/0x790 [ 2984.516315][T23887] cgroup_file_write+0x241/0x790 [ 2984.521226][T23887] ? mem_cgroup_write+0x370/0x370 [ 2984.526274][T23887] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2984.531925][T23887] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2984.537537][T23887] kernfs_fop_write+0x2b8/0x480 [ 2984.542365][T23887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.548592][T23887] __vfs_write+0x8a/0x110 [ 2984.552905][T23887] ? kernfs_fop_open+0xd80/0xd80 [ 2984.557820][T23887] vfs_write+0x268/0x5d0 [ 2984.562039][T23887] ksys_write+0x14f/0x290 [ 2984.566346][T23887] ? __ia32_sys_read+0xb0/0xb0 [ 2984.571093][T23887] ? do_syscall_64+0x26/0x760 [ 2984.575753][T23887] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2984.581792][T23887] ? do_syscall_64+0x26/0x760 [ 2984.586445][T23887] __x64_sys_write+0x73/0xb0 [ 2984.591014][T23887] do_syscall_64+0xfa/0x760 [ 2984.595499][T23887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2984.601366][T23887] RIP: 0033:0x459a29 [ 2984.605245][T23887] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2984.624826][T23887] RSP: 002b:00007fcbcca76c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2984.633212][T23887] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2984.641184][T23887] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2984.649139][T23887] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2984.657092][T23887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbcca776d4 [ 2984.665062][T23887] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2984.707977][T23887] memory: usage 33280kB, limit 0kB, failcnt 91 [ 2984.714613][T23887] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2984.721506][T23887] Memory cgroup stats for [ 2984.721909][T23887] /syz3: [ 2984.722529][T23887] anon 2220032 [ 2984.722529][T23887] file 90112 [ 2984.722529][T23887] kernel_stack 65536 [ 2984.722529][T23887] slab 31748096 [ 2984.722529][T23887] sock 0 [ 2984.722529][T23887] shmem 0 [ 2984.722529][T23887] file_mapped 0 [ 2984.722529][T23887] file_dirty 0 [ 2984.722529][T23887] file_writeback 0 [ 2984.722529][T23887] anon_thp 2097152 [ 2984.722529][T23887] inactive_anon 0 [ 2984.722529][T23887] active_anon 2146304 [ 2984.722529][T23887] inactive_file 135168 [ 2984.722529][T23887] active_file 0 [ 2984.722529][T23887] unevictable 0 [ 2984.722529][T23887] slab_reclaimable 31088640 [ 2984.722529][T23887] slab_unreclaimable 659456 [ 2984.722529][T23887] pgfault 45870 [ 2984.722529][T23887] pgmajfault 0 [ 2984.722529][T23887] workingset_refault 0 [ 2984.722529][T23887] workingset_activate 0 [ 2984.722529][T23887] workingset_nodereclaim 0 [ 2984.722529][T23887] pgrefill 349 [ 2984.722529][T23887] pgscan 343 [ 2984.722529][T23887] pgsteal 33 [ 2984.722529][T23887] pgactivate 297 [ 2984.822974][T23887] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23886,uid=0 [ 2984.839944][T23870] device hsr_slave_0 entered promiscuous mode [ 2984.857807][T23887] Memory cgroup out of memory: Killed process 23886 (syz-executor.3) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2984.880375][ T1066] oom_reaper: reaped process 23886 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 2984.902617][T23870] device hsr_slave_1 entered promiscuous mode [ 2984.942722][T23870] debugfs: Directory 'hsr0' with parent '/' already present! 20:14:14 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, 0xffffffffffffffff, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) socket$kcm(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:14 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x100000000000000}, 0x0) 20:14:14 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:14 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2984.989459][T23868] team0: Port device team_slave_1 added [ 2985.050214][T23850] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2985.062084][T23850] CPU: 0 PID: 23850 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2985.069645][T23850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2985.079701][T23850] Call Trace: [ 2985.082997][T23850] dump_stack+0x172/0x1f0 [ 2985.087328][T23850] dump_header+0x10b/0x82d [ 2985.091735][T23850] ? oom_kill_process+0x94/0x3f0 [ 2985.096683][T23850] oom_kill_process.cold+0x10/0x15 [ 2985.101801][T23850] out_of_memory+0x334/0x1340 [ 2985.106472][T23850] ? lock_downgrade+0x920/0x920 [ 2985.111327][T23850] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2985.117127][T23850] ? oom_killer_disable+0x280/0x280 [ 2985.122339][T23850] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2985.127881][T23850] ? memcg_stat_show+0xc40/0xc40 [ 2985.132819][T23850] ? do_raw_spin_unlock+0x57/0x270 [ 2985.137928][T23850] ? _raw_spin_unlock+0x2d/0x50 [ 2985.142783][T23850] try_charge+0xf4b/0x1440 [ 2985.147205][T23850] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2985.152746][T23850] ? percpu_ref_tryget_live+0x111/0x290 [ 2985.158292][T23850] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.164535][T23850] ? __kasan_check_read+0x11/0x20 [ 2985.169571][T23850] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2985.175123][T23850] mem_cgroup_try_charge+0x136/0x590 [ 2985.180417][T23850] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2985.186055][T23850] wp_page_copy+0x407/0x1860 [ 2985.190642][T23850] ? find_held_lock+0x35/0x130 [ 2985.195410][T23850] ? do_wp_page+0x53b/0x15c0 [ 2985.200002][T23850] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2985.205814][T23850] ? lock_downgrade+0x920/0x920 [ 2985.210670][T23850] ? swp_swapcount+0x540/0x540 [ 2985.215434][T23850] ? __kasan_check_read+0x11/0x20 [ 2985.220455][T23850] ? do_raw_spin_unlock+0x57/0x270 [ 2985.225569][T23850] do_wp_page+0x543/0x15c0 [ 2985.229993][T23850] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2985.235393][T23850] __handle_mm_fault+0x23ec/0x4040 [ 2985.240510][T23850] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2985.246056][T23850] ? handle_mm_fault+0x292/0xaa0 [ 2985.251004][T23850] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.257247][T23850] ? __kasan_check_read+0x11/0x20 [ 2985.262276][T23850] handle_mm_fault+0x3b7/0xaa0 [ 2985.267047][T23850] __do_page_fault+0x536/0xdd0 [ 2985.271817][T23850] do_page_fault+0x38/0x590 [ 2985.276316][T23850] page_fault+0x39/0x40 [ 2985.280465][T23850] RIP: 0033:0x430b06 20:14:14 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x200000000000000}, 0x0) [ 2985.284357][T23850] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 2985.303966][T23850] RSP: 002b:00007fffa120a0d0 EFLAGS: 00010206 [ 2985.310035][T23850] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2985.318008][T23850] RDX: 00000000016fb930 RSI: 0000000001703970 RDI: 0000000000000003 [ 2985.325981][T23850] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000016fa940 [ 2985.333957][T23850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2985.341926][T23850] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 20:14:15 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x300000000000000}, 0x0) [ 2985.455887][T23868] device hsr_slave_0 entered promiscuous mode [ 2985.502503][T23868] device hsr_slave_1 entered promiscuous mode [ 2985.531894][T23850] memory: usage 30860kB, limit 0kB, failcnt 99 [ 2985.538138][T23850] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2985.561727][T23868] debugfs: Directory 'hsr0' with parent '/' already present! [ 2985.583903][T23850] Memory cgroup stats for /syz3: [ 2985.584025][T23850] anon 122880 [ 2985.584025][T23850] file 90112 [ 2985.584025][T23850] kernel_stack 0 [ 2985.584025][T23850] slab 31612928 [ 2985.584025][T23850] sock 0 [ 2985.584025][T23850] shmem 0 [ 2985.584025][T23850] file_mapped 0 [ 2985.584025][T23850] file_dirty 0 [ 2985.584025][T23850] file_writeback 0 [ 2985.584025][T23850] anon_thp 0 [ 2985.584025][T23850] inactive_anon 0 [ 2985.584025][T23850] active_anon 49152 [ 2985.584025][T23850] inactive_file 135168 [ 2985.584025][T23850] active_file 0 [ 2985.584025][T23850] unevictable 0 [ 2985.584025][T23850] slab_reclaimable 30953472 [ 2985.584025][T23850] slab_unreclaimable 659456 [ 2985.584025][T23850] pgfault 45870 [ 2985.584025][T23850] pgmajfault 0 [ 2985.584025][T23850] workingset_refault 0 [ 2985.584025][T23850] workingset_activate 0 20:14:15 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x400000000000000}, 0x0) [ 2985.584025][T23850] workingset_nodereclaim 0 [ 2985.584025][T23850] pgrefill 349 [ 2985.584025][T23850] pgscan 343 [ 2985.584025][T23850] pgsteal 33 [ 2985.584025][T23850] pgactivate 297 [ 2985.693339][T23850] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23850,uid=0 [ 2985.722206][T23850] Memory cgroup out of memory: Killed process 23850 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2985.785337][ T1066] oom_reaper: reaped process 23850 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 20:14:15 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x500000000000000}, 0x0) [ 2986.411826][T23870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2986.441085][T23868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2986.516403][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2986.525486][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2986.534211][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2986.543138][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2986.560880][T23870] 8021q: adding VLAN 0 to HW filter on device team0 [ 2986.583152][T23868] 8021q: adding VLAN 0 to HW filter on device team0 [ 2986.653582][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2986.664265][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2986.683257][T20707] bridge0: port 1(bridge_slave_0) entered blocking state [ 2986.690347][T20707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2986.722513][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2986.731573][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2986.741367][T20707] bridge0: port 1(bridge_slave_0) entered blocking state [ 2986.748519][T20707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2986.789630][T23905] IPVS: ftp: loaded support on port[0] = 21 [ 2986.816585][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2986.826864][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2986.837053][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2986.848327][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2986.858278][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 2986.865409][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2986.875081][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2986.884672][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2986.894554][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2986.904909][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2986.914332][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 2986.921395][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2987.002959][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2987.015253][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2987.043303][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2987.064611][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2987.093107][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2987.112684][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2987.132213][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2987.140302][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2987.163365][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2987.172915][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2987.189774][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2987.202034][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2987.275903][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2987.290284][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2987.299936][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2987.309963][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2987.323889][T23870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2987.327117][T23907] IPVS: ftp: loaded support on port[0] = 21 [ 2987.353919][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2987.363850][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2987.442446][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2987.451347][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2987.479542][T23870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2987.496218][T23868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2987.755756][T23868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2988.006382][T23905] chnl_net:caif_netlink_parms(): no params data found [ 2988.088239][T23917] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2988.113423][T23917] CPU: 0 PID: 23917 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2988.121012][T23917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2988.131086][T23917] Call Trace: [ 2988.134389][T23917] dump_stack+0x172/0x1f0 [ 2988.138723][T23917] dump_header+0x10b/0x82d [ 2988.143140][T23917] oom_kill_process.cold+0x10/0x15 [ 2988.148250][T23917] out_of_memory+0x334/0x1340 [ 2988.152927][T23917] ? __sched_text_start+0x8/0x8 [ 2988.157775][T23917] ? oom_killer_disable+0x280/0x280 [ 2988.162989][T23917] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2988.168532][T23917] ? memcg_stat_show+0xc40/0xc40 [ 2988.173474][T23917] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2988.179279][T23917] ? cgroup_file_notify+0x140/0x1b0 [ 2988.184489][T23917] memory_max_write+0x262/0x3a0 [ 2988.184505][T23917] ? mem_cgroup_write+0x370/0x370 [ 2988.184520][T23917] ? cgroup_file_write+0x86/0x790 [ 2988.184535][T23917] cgroup_file_write+0x241/0x790 [ 2988.184549][T23917] ? mem_cgroup_write+0x370/0x370 [ 2988.184562][T23917] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2988.184581][T23917] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2988.184599][T23917] kernfs_fop_write+0x2b8/0x480 [ 2988.184617][T23917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.184638][T23917] __vfs_write+0x8a/0x110 [ 2988.184652][T23917] ? kernfs_fop_open+0xd80/0xd80 [ 2988.184668][T23917] vfs_write+0x268/0x5d0 [ 2988.184685][T23917] ksys_write+0x14f/0x290 [ 2988.184700][T23917] ? __ia32_sys_read+0xb0/0xb0 [ 2988.184721][T23917] __x64_sys_write+0x73/0xb0 [ 2988.184742][T23917] ? do_syscall_64+0x5b/0x760 [ 2988.204497][T23917] do_syscall_64+0xfa/0x760 [ 2988.215113][T23917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2988.215125][T23917] RIP: 0033:0x459a29 [ 2988.215141][T23917] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2988.215148][T23917] RSP: 002b:00007f3fb49c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2988.215160][T23917] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2988.215169][T23917] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 2988.215177][T23917] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2988.215186][T23917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3fb49c96d4 [ 2988.215195][T23917] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2988.221229][T23917] memory: usage 3080kB, limit 0kB, failcnt 1245 [ 2988.256040][T23917] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2988.266568][T23917] Memory cgroup stats for /syz4: [ 2988.267260][T23917] anon 2101248 [ 2988.267260][T23917] file 28672 [ 2988.267260][T23917] kernel_stack 65536 [ 2988.267260][T23917] slab 692224 [ 2988.267260][T23917] sock 0 [ 2988.267260][T23917] shmem 0 [ 2988.267260][T23917] file_mapped 0 [ 2988.267260][T23917] file_dirty 135168 [ 2988.267260][T23917] file_writeback 0 [ 2988.267260][T23917] anon_thp 2097152 [ 2988.267260][T23917] inactive_anon 0 [ 2988.267260][T23917] active_anon 2101248 [ 2988.267260][T23917] inactive_file 135168 [ 2988.267260][T23917] active_file 0 [ 2988.267260][T23917] unevictable 0 [ 2988.267260][T23917] slab_reclaimable 270336 [ 2988.267260][T23917] slab_unreclaimable 421888 [ 2988.267260][T23917] pgfault 19602 [ 2988.267260][T23917] pgmajfault 0 [ 2988.267260][T23917] workingset_refault 0 [ 2988.267260][T23917] workingset_activate 0 [ 2988.267260][T23917] workingset_nodereclaim 0 [ 2988.267260][T23917] pgrefill 67 [ 2988.267260][T23917] pgscan 110 [ 2988.267260][T23917] pgsteal 70 [ 2988.267260][T23917] pgactivate 33 [ 2988.301185][T23917] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23916,uid=0 20:14:18 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:18 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x600000000000000}, 0x0) [ 2988.334317][T23917] Memory cgroup out of memory: Killed process 23916 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2988.431028][T23870] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2988.507136][T23870] CPU: 0 PID: 23870 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2988.514711][T23870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2988.524773][T23870] Call Trace: [ 2988.528071][T23870] dump_stack+0x172/0x1f0 [ 2988.532411][T23870] dump_header+0x10b/0x82d [ 2988.536825][T23870] ? oom_kill_process+0x94/0x3f0 [ 2988.536842][T23870] oom_kill_process.cold+0x10/0x15 [ 2988.546871][T23870] out_of_memory+0x334/0x1340 [ 2988.551568][T23870] ? lock_downgrade+0x920/0x920 [ 2988.556425][T23870] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2988.562244][T23870] ? oom_killer_disable+0x280/0x280 [ 2988.562266][T23870] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2988.562277][T23870] ? memcg_stat_show+0xc40/0xc40 [ 2988.562295][T23870] ? do_raw_spin_unlock+0x57/0x270 [ 2988.562312][T23870] ? _raw_spin_unlock+0x2d/0x50 [ 2988.562326][T23870] try_charge+0xf4b/0x1440 [ 2988.562352][T23870] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2988.568415][T23905] bridge0: port 1(bridge_slave_0) entered blocking state [ 2988.573064][T23870] ? percpu_ref_tryget_live+0x111/0x290 [ 2988.573084][T23870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.573099][T23870] ? __kasan_check_read+0x11/0x20 [ 2988.573115][T23870] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2988.573131][T23870] mem_cgroup_try_charge+0x136/0x590 [ 2988.573151][T23870] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2988.592010][T23905] bridge0: port 1(bridge_slave_0) entered disabled state [ 2988.592393][T23870] wp_page_copy+0x407/0x1860 [ 2988.604910][T23870] ? find_held_lock+0x35/0x130 [ 2988.604925][T23870] ? do_wp_page+0x53b/0x15c0 [ 2988.604941][T23870] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2988.604955][T23870] ? lock_downgrade+0x920/0x920 [ 2988.604974][T23870] ? swp_swapcount+0x540/0x540 [ 2988.604990][T23870] ? __kasan_check_read+0x11/0x20 [ 2988.605002][T23870] ? do_raw_spin_unlock+0x57/0x270 [ 2988.605019][T23870] do_wp_page+0x543/0x15c0 [ 2988.605038][T23870] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2988.605062][T23870] __handle_mm_fault+0x23ec/0x4040 [ 2988.605085][T23870] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2988.642177][T23905] device bridge_slave_0 entered promiscuous mode [ 2988.645248][T23870] ? handle_mm_fault+0x292/0xaa0 [ 2988.664933][T23870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.674497][T23870] ? __kasan_check_read+0x11/0x20 [ 2988.674515][T23870] handle_mm_fault+0x3b7/0xaa0 [ 2988.674534][T23870] __do_page_fault+0x536/0xdd0 [ 2988.674553][T23870] do_page_fault+0x38/0x590 [ 2988.674573][T23870] page_fault+0x39/0x40 [ 2988.674583][T23870] RIP: 0033:0x4034f2 [ 2988.674596][T23870] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2988.674603][T23870] RSP: 002b:00007fff7264eb90 EFLAGS: 00010246 [ 2988.674613][T23870] RAX: 0000000000000000 RBX: 00000000002d97f5 RCX: 0000000000413630 [ 2988.674621][T23870] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff7264fcc0 [ 2988.674629][T23870] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000014a1940 [ 2988.674636][T23870] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff7264fcc0 [ 2988.674644][T23870] R13: 00007fff7264fcb0 R14: 0000000000000000 R15: 00007fff7264fcc0 [ 2988.816508][T23870] memory: usage 712kB, limit 0kB, failcnt 1253 [ 2988.825650][T23870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2988.834682][T23870] Memory cgroup stats for /syz4: [ 2988.834789][T23870] anon 0 [ 2988.834789][T23870] file 28672 [ 2988.834789][T23870] kernel_stack 0 [ 2988.834789][T23870] slab 692224 [ 2988.834789][T23870] sock 0 [ 2988.834789][T23870] shmem 0 [ 2988.834789][T23870] file_mapped 0 [ 2988.834789][T23870] file_dirty 135168 [ 2988.834789][T23870] file_writeback 0 [ 2988.834789][T23870] anon_thp 0 [ 2988.834789][T23870] inactive_anon 0 [ 2988.834789][T23870] active_anon 0 [ 2988.834789][T23870] inactive_file 135168 [ 2988.834789][T23870] active_file 0 [ 2988.834789][T23870] unevictable 0 [ 2988.834789][T23870] slab_reclaimable 270336 [ 2988.834789][T23870] slab_unreclaimable 421888 [ 2988.834789][T23870] pgfault 19602 [ 2988.834789][T23870] pgmajfault 0 [ 2988.834789][T23870] workingset_refault 0 [ 2988.834789][T23870] workingset_activate 0 [ 2988.834789][T23870] workingset_nodereclaim 0 [ 2988.834789][T23870] pgrefill 67 [ 2988.834789][T23870] pgscan 110 [ 2988.834789][T23870] pgsteal 70 [ 2988.834789][T23870] pgactivate 33 [ 2988.878886][T23905] bridge0: port 2(bridge_slave_1) entered blocking state [ 2988.959294][T23905] bridge0: port 2(bridge_slave_1) entered disabled state [ 2988.985672][T23905] device bridge_slave_1 entered promiscuous mode [ 2988.992660][T23870] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23870,uid=0 [ 2989.021294][T23926] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2989.040586][T23870] Memory cgroup out of memory: Killed process 23870 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2989.059883][ T1066] oom_reaper: reaped process 23870 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2989.167326][T23905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2989.170027][T23926] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2989.189204][T23926] CPU: 0 PID: 23926 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2989.196768][T23926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2989.206825][T23926] Call Trace: [ 2989.210119][T23926] dump_stack+0x172/0x1f0 [ 2989.214458][T23926] dump_header+0x10b/0x82d [ 2989.218883][T23926] oom_kill_process.cold+0x10/0x15 [ 2989.224004][T23926] out_of_memory+0x334/0x1340 [ 2989.228716][T23926] ? __sched_text_start+0x8/0x8 [ 2989.233590][T23926] ? oom_killer_disable+0x280/0x280 [ 2989.238805][T23926] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2989.244357][T23926] ? memcg_stat_show+0xc40/0xc40 [ 2989.249306][T23926] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2989.255121][T23926] ? cgroup_file_notify+0x140/0x1b0 [ 2989.260326][T23926] memory_max_write+0x262/0x3a0 [ 2989.265180][T23926] ? mem_cgroup_write+0x370/0x370 [ 2989.270210][T23926] ? cgroup_file_write+0x86/0x790 [ 2989.275240][T23926] cgroup_file_write+0x241/0x790 [ 2989.280182][T23926] ? mem_cgroup_write+0x370/0x370 [ 2989.285212][T23926] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2989.290857][T23926] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2989.296498][T23926] kernfs_fop_write+0x2b8/0x480 [ 2989.301353][T23926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2989.307614][T23926] __vfs_write+0x8a/0x110 [ 2989.311952][T23926] ? kernfs_fop_open+0xd80/0xd80 [ 2989.316892][T23926] vfs_write+0x268/0x5d0 [ 2989.321137][T23926] ksys_write+0x14f/0x290 [ 2989.325471][T23926] ? __ia32_sys_read+0xb0/0xb0 [ 2989.330244][T23926] ? do_syscall_64+0x26/0x760 [ 2989.334930][T23926] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2989.341009][T23926] ? do_syscall_64+0x26/0x760 [ 2989.345710][T23926] __x64_sys_write+0x73/0xb0 [ 2989.350306][T23926] do_syscall_64+0xfa/0x760 [ 2989.354827][T23926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2989.360715][T23926] RIP: 0033:0x459a29 [ 2989.364610][T23926] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2989.384219][T23926] RSP: 002b:00007f32c3b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2989.392637][T23926] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2989.400611][T23926] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2989.408584][T23926] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2989.416551][T23926] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32c3b696d4 [ 2989.424522][T23926] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2989.449344][T23926] memory: usage 3192kB, limit 0kB, failcnt 1279 [ 2989.455993][T23926] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2989.471429][T23926] Memory cgroup stats for /syz0: [ 2989.472912][T23926] anon 2183168 [ 2989.472912][T23926] file 20480 [ 2989.472912][T23926] kernel_stack 65536 [ 2989.472912][T23926] slab 823296 [ 2989.472912][T23926] sock 0 [ 2989.472912][T23926] shmem 0 [ 2989.472912][T23926] file_mapped 0 [ 2989.472912][T23926] file_dirty 0 [ 2989.472912][T23926] file_writeback 0 [ 2989.472912][T23926] anon_thp 2097152 [ 2989.472912][T23926] inactive_anon 0 [ 2989.472912][T23926] active_anon 2183168 [ 2989.472912][T23926] inactive_file 0 [ 2989.472912][T23926] active_file 0 [ 2989.472912][T23926] unevictable 0 [ 2989.472912][T23926] slab_reclaimable 270336 [ 2989.472912][T23926] slab_unreclaimable 552960 [ 2989.472912][T23926] pgfault 18810 [ 2989.472912][T23926] pgmajfault 0 [ 2989.472912][T23926] workingset_refault 0 [ 2989.472912][T23926] workingset_activate 0 [ 2989.472912][T23926] workingset_nodereclaim 0 [ 2989.472912][T23926] pgrefill 66 [ 2989.472912][T23926] pgscan 66 [ 2989.472912][T23926] pgsteal 0 [ 2989.472912][T23926] pgactivate 33 [ 2989.569323][T23926] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23925,uid=0 [ 2989.587971][T23926] Memory cgroup out of memory: Killed process 23925 (syz-executor.0) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2989.610207][ T1066] oom_reaper: reaped process 23925 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 2989.663538][T23905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:14:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:19 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:19 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x700000000000000}, 0x0) 20:14:19 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2989.818216][T23907] chnl_net:caif_netlink_parms(): no params data found [ 2989.900880][T23868] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2989.972421][T23905] team0: Port device team_slave_0 added [ 2989.978130][T23868] CPU: 1 PID: 23868 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2989.985676][T23868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2989.995735][T23868] Call Trace: [ 2989.999035][T23868] dump_stack+0x172/0x1f0 [ 2990.003382][T23868] dump_header+0x10b/0x82d [ 2990.007793][T23868] ? oom_kill_process+0x94/0x3f0 [ 2990.012733][T23868] oom_kill_process.cold+0x10/0x15 [ 2990.017849][T23868] out_of_memory+0x334/0x1340 [ 2990.022534][T23868] ? lock_downgrade+0x920/0x920 [ 2990.027421][T23868] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2990.033246][T23868] ? oom_killer_disable+0x280/0x280 [ 2990.038455][T23868] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2990.044005][T23868] ? memcg_stat_show+0xc40/0xc40 [ 2990.048943][T23868] ? do_raw_spin_unlock+0x57/0x270 [ 2990.054052][T23868] ? _raw_spin_unlock+0x2d/0x50 [ 2990.058910][T23868] try_charge+0xf4b/0x1440 [ 2990.063338][T23868] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2990.068891][T23868] ? percpu_ref_tryget_live+0x111/0x290 [ 2990.074444][T23868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2990.080687][T23868] ? __kasan_check_read+0x11/0x20 [ 2990.085721][T23868] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2990.091274][T23868] mem_cgroup_try_charge+0x136/0x590 [ 2990.096590][T23868] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2990.102225][T23868] wp_page_copy+0x407/0x1860 [ 2990.106815][T23868] ? find_held_lock+0x35/0x130 [ 2990.111582][T23868] ? do_wp_page+0x53b/0x15c0 [ 2990.116176][T23868] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2990.121989][T23868] ? lock_downgrade+0x920/0x920 [ 2990.126853][T23868] ? swp_swapcount+0x540/0x540 [ 2990.131617][T23868] ? __kasan_check_read+0x11/0x20 [ 2990.136637][T23868] ? do_raw_spin_unlock+0x57/0x270 [ 2990.141751][T23868] do_wp_page+0x543/0x15c0 [ 2990.146173][T23868] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2990.151554][T23868] __handle_mm_fault+0x23ec/0x4040 [ 2990.156672][T23868] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2990.162222][T23868] ? handle_mm_fault+0x292/0xaa0 [ 2990.167177][T23868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2990.173419][T23868] ? __kasan_check_read+0x11/0x20 [ 2990.178448][T23868] handle_mm_fault+0x3b7/0xaa0 [ 2990.183215][T23868] __do_page_fault+0x536/0xdd0 [ 2990.187988][T23868] do_page_fault+0x38/0x590 [ 2990.192496][T23868] page_fault+0x39/0x40 [ 2990.196650][T23868] RIP: 0033:0x430b06 [ 2990.200539][T23868] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 2990.220148][T23868] RSP: 002b:00007fff5f094550 EFLAGS: 00010206 [ 2990.226227][T23868] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2990.234208][T23868] RDX: 0000000001220930 RSI: 0000000001228970 RDI: 0000000000000003 [ 2990.242181][T23868] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000121f940 [ 2990.250136][T23868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2990.250148][T23868] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2990.268160][T23868] memory: usage 816kB, limit 0kB, failcnt 1287 [ 2990.291730][T23868] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2990.298606][T23868] Memory cgroup stats for /syz0: [ 2990.298707][T23868] anon 0 [ 2990.298707][T23868] file 20480 [ 2990.298707][T23868] kernel_stack 0 [ 2990.298707][T23868] slab 823296 [ 2990.298707][T23868] sock 0 [ 2990.298707][T23868] shmem 0 [ 2990.298707][T23868] file_mapped 0 [ 2990.298707][T23868] file_dirty 0 [ 2990.298707][T23868] file_writeback 0 [ 2990.298707][T23868] anon_thp 0 [ 2990.298707][T23868] inactive_anon 0 [ 2990.298707][T23868] active_anon 0 [ 2990.298707][T23868] inactive_file 0 [ 2990.298707][T23868] active_file 0 [ 2990.298707][T23868] unevictable 0 [ 2990.298707][T23868] slab_reclaimable 270336 [ 2990.298707][T23868] slab_unreclaimable 552960 [ 2990.298707][T23868] pgfault 18810 [ 2990.298707][T23868] pgmajfault 0 [ 2990.298707][T23868] workingset_refault 0 [ 2990.298707][T23868] workingset_activate 0 [ 2990.298707][T23868] workingset_nodereclaim 0 [ 2990.298707][T23868] pgrefill 66 [ 2990.298707][T23868] pgscan 66 [ 2990.298707][T23868] pgsteal 0 [ 2990.298707][T23868] pgactivate 33 [ 2990.298707][T23868] pgdeactivate 66 [ 2990.300883][T23905] team0: Port device team_slave_1 added [ 2990.304677][T23868] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23868,uid=0 [ 2990.417936][T23868] Memory cgroup out of memory: Killed process 23868 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2990.436149][ T1066] oom_reaper: reaped process 23868 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2990.803878][T23907] bridge0: port 1(bridge_slave_0) entered blocking state [ 2990.810944][T23907] bridge0: port 1(bridge_slave_0) entered disabled state [ 2990.820443][T23907] device bridge_slave_0 entered promiscuous mode [ 2990.877736][T23907] bridge0: port 2(bridge_slave_1) entered blocking state [ 2990.886966][T23907] bridge0: port 2(bridge_slave_1) entered disabled state [ 2990.895940][T23907] device bridge_slave_1 entered promiscuous mode [ 2990.945348][T23905] device hsr_slave_0 entered promiscuous mode [ 2990.984664][T23905] device hsr_slave_1 entered promiscuous mode [ 2991.022033][T23905] debugfs: Directory 'hsr0' with parent '/' already present! [ 2991.106779][T23907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2991.135022][T23907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2991.218709][T23907] team0: Port device team_slave_0 added [ 2991.229232][T23907] team0: Port device team_slave_1 added [ 2991.435337][T23907] device hsr_slave_0 entered promiscuous mode [ 2991.482880][T23907] device hsr_slave_1 entered promiscuous mode [ 2991.531765][T23907] debugfs: Directory 'hsr0' with parent '/' already present! [ 2991.562030][T23933] IPVS: ftp: loaded support on port[0] = 21 [ 2991.740845][T23905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2991.865658][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2991.874513][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2991.888636][T23905] 8021q: adding VLAN 0 to HW filter on device team0 [ 2991.973369][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2991.983193][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2991.992968][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 2992.000034][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2992.073784][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2992.093245][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2992.103755][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2992.112338][T18236] bridge0: port 2(bridge_slave_1) entered blocking state [ 2992.119388][T18236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2992.127786][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2992.215156][T23907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2992.234200][T23933] chnl_net:caif_netlink_parms(): no params data found [ 2992.246200][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2992.328990][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2992.339435][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2992.363732][T23907] 8021q: adding VLAN 0 to HW filter on device team0 [ 2992.380011][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2992.389605][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2992.398546][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2992.408081][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2992.418111][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2992.536210][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2992.545698][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2992.555436][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2992.567685][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2992.577703][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2992.588013][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2992.597341][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 2992.604564][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2992.613910][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2992.623228][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2992.632469][T13492] bridge0: port 2(bridge_slave_1) entered blocking state [ 2992.639529][T13492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2992.653249][T23905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2992.850611][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2992.859611][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2992.869475][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2992.974077][T23933] bridge0: port 1(bridge_slave_0) entered blocking state [ 2992.981169][T23933] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.992864][T23933] device bridge_slave_0 entered promiscuous mode [ 2993.007720][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2993.017307][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2993.026652][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2993.036838][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2993.119471][T23933] bridge0: port 2(bridge_slave_1) entered blocking state [ 2993.128705][T23933] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.138058][T23933] device bridge_slave_1 entered promiscuous mode [ 2993.164505][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2993.173579][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2993.183293][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2993.194315][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2993.203643][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2993.284789][T23907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2993.298757][T23905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2993.314085][T23933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2993.333167][T23933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2993.431423][T23907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2993.450476][T23933] team0: Port device team_slave_0 added [ 2993.484867][T23933] team0: Port device team_slave_1 added [ 2993.595305][T23933] device hsr_slave_0 entered promiscuous mode [ 2993.642754][T23933] device hsr_slave_1 entered promiscuous mode [ 2993.667625][T23945] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2993.678455][T23945] CPU: 0 PID: 23945 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2993.685999][T23945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2993.696051][T23945] Call Trace: [ 2993.699351][T23945] dump_stack+0x172/0x1f0 [ 2993.703690][T23945] dump_header+0x10b/0x82d [ 2993.708108][T23945] oom_kill_process.cold+0x10/0x15 [ 2993.713240][T23945] out_of_memory+0x334/0x1340 [ 2993.717926][T23945] ? retint_kernel+0x2b/0x2b [ 2993.722519][T23945] ? oom_killer_disable+0x280/0x280 [ 2993.727718][T23945] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2993.733440][T23945] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2993.738983][T23945] ? memcg_stat_show+0xc40/0xc40 [ 2993.743929][T23945] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2993.749740][T23945] ? cgroup_file_notify+0x140/0x1b0 [ 2993.754940][T23945] memory_max_write+0x262/0x3a0 [ 2993.759794][T23945] ? mem_cgroup_write+0x370/0x370 [ 2993.764826][T23945] ? cgroup_file_write+0x86/0x790 [ 2993.769850][T23945] cgroup_file_write+0x241/0x790 [ 2993.774790][T23945] ? mem_cgroup_write+0x370/0x370 [ 2993.779821][T23945] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2993.785470][T23945] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2993.791102][T23945] kernfs_fop_write+0x2b8/0x480 [ 2993.795957][T23945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2993.802200][T23945] __vfs_write+0x8a/0x110 [ 2993.806525][T23945] ? kernfs_fop_open+0xd80/0xd80 [ 2993.811461][T23945] vfs_write+0x268/0x5d0 [ 2993.815705][T23945] ksys_write+0x14f/0x290 [ 2993.820032][T23945] ? __ia32_sys_read+0xb0/0xb0 [ 2993.824795][T23945] ? do_syscall_64+0x26/0x760 [ 2993.829470][T23945] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2993.835531][T23945] ? do_syscall_64+0x26/0x760 [ 2993.840207][T23945] __x64_sys_write+0x73/0xb0 [ 2993.844801][T23945] do_syscall_64+0xfa/0x760 [ 2993.849309][T23945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2993.855192][T23945] RIP: 0033:0x459a29 [ 2993.859086][T23945] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2993.878685][T23945] RSP: 002b:00007f05c7ce4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2993.887093][T23945] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2993.895063][T23945] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2993.903028][T23945] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2993.910994][T23945] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f05c7ce56d4 [ 2993.918960][T23945] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2993.936107][T23933] debugfs: Directory 'hsr0' with parent '/' already present! [ 2993.946340][T23945] memory: usage 3152kB, limit 0kB, failcnt 1317 [ 2993.956078][T23945] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2993.975883][T23945] Memory cgroup stats for /syz5: [ 2993.976809][T23945] anon 2220032 [ 2993.976809][T23945] file 0 [ 2993.976809][T23945] kernel_stack 65536 [ 2993.976809][T23945] slab 806912 [ 2993.976809][T23945] sock 4096 [ 2993.976809][T23945] shmem 77824 [ 2993.976809][T23945] file_mapped 0 [ 2993.976809][T23945] file_dirty 0 [ 2993.976809][T23945] file_writeback 0 [ 2993.976809][T23945] anon_thp 2097152 [ 2993.976809][T23945] inactive_anon 135168 [ 2993.976809][T23945] active_anon 2220032 [ 2993.976809][T23945] inactive_file 0 [ 2993.976809][T23945] active_file 0 [ 2993.976809][T23945] unevictable 0 [ 2993.976809][T23945] slab_reclaimable 270336 [ 2993.976809][T23945] slab_unreclaimable 536576 [ 2993.976809][T23945] pgfault 21417 [ 2993.976809][T23945] pgmajfault 0 [ 2993.976809][T23945] workingset_refault 0 [ 2993.976809][T23945] workingset_activate 0 [ 2993.976809][T23945] workingset_nodereclaim 0 [ 2993.976809][T23945] pgrefill 165 [ 2993.976809][T23945] pgscan 253 [ 2993.976809][T23945] pgsteal 69 [ 2993.976809][T23945] pgactivate 66 [ 2994.081151][T23945] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23944,uid=0 [ 2994.097797][T23945] Memory cgroup out of memory: Killed process 23944 (syz-executor.5) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2994.123757][ T1066] oom_reaper: reaped process 23944 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2994.204280][T23948] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 20:14:23 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:23 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:23 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xa00000000000000}, 0x0) 20:14:23 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:23 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 2994.409870][T23905] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2994.442553][T23905] CPU: 1 PID: 23905 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2994.450130][T23905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2994.460188][T23905] Call Trace: [ 2994.463491][T23905] dump_stack+0x172/0x1f0 [ 2994.467838][T23905] dump_header+0x10b/0x82d [ 2994.472264][T23905] ? oom_kill_process+0x94/0x3f0 [ 2994.477211][T23905] oom_kill_process.cold+0x10/0x15 [ 2994.482334][T23905] out_of_memory+0x334/0x1340 [ 2994.487021][T23905] ? lock_downgrade+0x920/0x920 [ 2994.491890][T23905] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2994.497703][T23905] ? oom_killer_disable+0x280/0x280 [ 2994.502919][T23905] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2994.508469][T23905] ? memcg_stat_show+0xc40/0xc40 [ 2994.513409][T23905] ? do_raw_spin_unlock+0x57/0x270 [ 2994.518526][T23905] ? _raw_spin_unlock+0x2d/0x50 [ 2994.523381][T23905] try_charge+0xf4b/0x1440 [ 2994.527806][T23905] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2994.533352][T23905] ? percpu_ref_tryget_live+0x111/0x290 [ 2994.538912][T23905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2994.541721][T23933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2994.545159][T23905] ? __kasan_check_read+0x11/0x20 [ 2994.545180][T23905] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2994.562300][T23905] mem_cgroup_try_charge+0x136/0x590 [ 2994.567610][T23905] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2994.573257][T23905] __handle_mm_fault+0x1f0d/0x4040 [ 2994.578373][T23905] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2994.583923][T23905] ? handle_mm_fault+0x292/0xaa0 [ 2994.588879][T23905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2994.595122][T23905] ? __kasan_check_read+0x11/0x20 [ 2994.600151][T23905] handle_mm_fault+0x3b7/0xaa0 [ 2994.601950][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2994.604919][T23905] __do_page_fault+0x536/0xdd0 [ 2994.604942][T23905] do_page_fault+0x38/0x590 [ 2994.604965][T23905] page_fault+0x39/0x40 [ 2994.618832][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2994.621365][T23905] RIP: 0033:0x4579c1 [ 2994.621380][T23905] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 20:14:24 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 2994.621392][T23905] RSP: 002b:00007ffd7efeaf80 EFLAGS: 00010206 [ 2994.637811][T23933] 8021q: adding VLAN 0 to HW filter on device team0 [ 2994.656183][T23905] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004579a0 [ 2994.656191][T23905] RDX: 00007ffd7efeaf80 RSI: 0000000000000003 RDI: 0000000000000001 [ 2994.656198][T23905] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000c89940 [ 2994.656205][T23905] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd7efec160 20:14:24 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xe00000000000000}, 0x0) [ 2994.656212][T23905] R13: 00007ffd7efec150 R14: 0000000000000000 R15: 00007ffd7efec160 [ 2994.823810][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2994.855022][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 20:14:24 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xf00000000000000}, 0x0) 20:14:24 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 2994.892423][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 2994.899558][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2994.931796][T23905] memory: usage 824kB, limit 0kB, failcnt 1329 [ 2994.941711][T23905] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2994.991300][T23905] Memory cgroup stats for /syz5: [ 2994.999317][T23905] anon 0 [ 2994.999317][T23905] file 0 [ 2994.999317][T23905] kernel_stack 0 [ 2994.999317][T23905] slab 806912 [ 2994.999317][T23905] sock 4096 [ 2994.999317][T23905] shmem 77824 [ 2994.999317][T23905] file_mapped 0 [ 2994.999317][T23905] file_dirty 0 [ 2994.999317][T23905] file_writeback 0 [ 2994.999317][T23905] anon_thp 0 [ 2994.999317][T23905] inactive_anon 135168 [ 2994.999317][T23905] active_anon 0 [ 2994.999317][T23905] inactive_file 0 [ 2994.999317][T23905] active_file 0 [ 2994.999317][T23905] unevictable 0 [ 2994.999317][T23905] slab_reclaimable 270336 [ 2994.999317][T23905] slab_unreclaimable 536576 [ 2994.999317][T23905] pgfault 21417 [ 2994.999317][T23905] pgmajfault 0 [ 2994.999317][T23905] workingset_refault 0 [ 2994.999317][T23905] workingset_activate 0 [ 2994.999317][T23905] workingset_nodereclaim 0 [ 2994.999317][T23905] pgrefill 165 [ 2994.999317][T23905] pgscan 253 [ 2994.999317][T23905] pgsteal 69 [ 2994.999317][T23905] pgactivate 66 [ 2995.112555][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2995.120931][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2995.170741][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2995.202345][T18236] bridge0: port 2(bridge_slave_1) entered blocking state [ 2995.204187][T23905] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23905,uid=0 [ 2995.209422][T18236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2995.210238][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2995.270801][T23905] Memory cgroup out of memory: Killed process 23905 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2995.345993][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2995.363256][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2995.372080][ T1066] oom_reaper: reaped process 23905 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2995.382765][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2995.383614][T23967] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2995.441887][T23967] CPU: 1 PID: 23967 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2995.449468][T23967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2995.459531][T23967] Call Trace: [ 2995.462825][T23967] dump_stack+0x172/0x1f0 [ 2995.462844][T23967] dump_header+0x10b/0x82d [ 2995.462860][T23967] oom_kill_process.cold+0x10/0x15 [ 2995.462875][T23967] out_of_memory+0x334/0x1340 [ 2995.462898][T23967] ? oom_killer_disable+0x280/0x280 [ 2995.471621][T23967] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2995.471634][T23967] ? memcg_stat_show+0xc40/0xc40 [ 2995.471660][T23967] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2995.481389][T23967] ? cgroup_file_notify+0x140/0x1b0 [ 2995.481407][T23967] memory_max_write+0x262/0x3a0 [ 2995.481427][T23967] ? mem_cgroup_write+0x370/0x370 [ 2995.492115][T23967] ? lock_acquire+0x190/0x410 [ 2995.492131][T23967] ? kernfs_fop_write+0x227/0x480 [ 2995.492152][T23967] cgroup_file_write+0x241/0x790 [ 2995.502873][T23967] ? mem_cgroup_write+0x370/0x370 [ 2995.502894][T23967] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2995.502919][T23967] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2995.512932][T23967] kernfs_fop_write+0x2b8/0x480 [ 2995.512951][T23967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2995.512973][T23967] __vfs_write+0x8a/0x110 [ 2995.522624][T23967] ? kernfs_fop_open+0xd80/0xd80 [ 2995.522641][T23967] vfs_write+0x268/0x5d0 [ 2995.522662][T23967] ksys_write+0x14f/0x290 [ 2995.532589][T23967] ? __ia32_sys_read+0xb0/0xb0 [ 2995.532607][T23967] ? do_syscall_64+0x26/0x760 [ 2995.532631][T23967] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2995.543230][T23967] ? do_syscall_64+0x26/0x760 [ 2995.543248][T23967] __x64_sys_write+0x73/0xb0 [ 2995.543262][T23967] do_syscall_64+0xfa/0x760 [ 2995.543282][T23967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2995.553719][T23967] RIP: 0033:0x459a29 [ 2995.553735][T23967] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2995.553742][T23967] RSP: 002b:00007fd98f1bcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2995.564261][T23967] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2995.564268][T23967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2995.564277][T23967] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2995.564284][T23967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd98f1bd6d4 [ 2995.564297][T23967] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2995.702384][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2995.710790][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2995.719344][T23967] memory: usage 3400kB, limit 0kB, failcnt 1305 [ 2995.720714][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2995.731925][T23967] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2995.736467][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2995.749386][T23967] Memory cgroup stats for /syz2: [ 2995.749560][T23967] anon 2162688 [ 2995.749560][T23967] file 20480 [ 2995.749560][T23967] kernel_stack 65536 [ 2995.749560][T23967] slab 806912 [ 2995.749560][T23967] sock 0 [ 2995.749560][T23967] shmem 0 [ 2995.749560][T23967] file_mapped 0 [ 2995.749560][T23967] file_dirty 135168 [ 2995.749560][T23967] file_writeback 0 [ 2995.749560][T23967] anon_thp 2097152 [ 2995.749560][T23967] inactive_anon 0 [ 2995.749560][T23967] active_anon 2162688 [ 2995.749560][T23967] inactive_file 0 [ 2995.749560][T23967] active_file 0 [ 2995.749560][T23967] unevictable 0 [ 2995.749560][T23967] slab_reclaimable 270336 [ 2995.749560][T23967] slab_unreclaimable 536576 [ 2995.749560][T23967] pgfault 18546 [ 2995.749560][T23967] pgmajfault 0 [ 2995.749560][T23967] workingset_refault 0 [ 2995.749560][T23967] workingset_activate 0 [ 2995.749560][T23967] workingset_nodereclaim 0 [ 2995.749560][T23967] pgrefill 99 [ 2995.749560][T23967] pgscan 99 [ 2995.749560][T23967] pgsteal 0 [ 2995.749560][T23967] pgactivate 66 [ 2995.749585][T23967] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23962,uid=0 [ 2995.749723][T23967] Memory cgroup out of memory: Killed process 23962 (syz-executor.2) total-vm:72704kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2995.752980][ T1066] oom_reaper: reaped process 23962 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2995.756214][T18236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2995.882495][T23907] syz-executor.2 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2995.910130][T23907] CPU: 1 PID: 23907 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2995.917678][T23907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2995.927728][T23907] Call Trace: [ 2995.931020][T23907] dump_stack+0x172/0x1f0 [ 2995.935355][T23907] dump_header+0x10b/0x82d [ 2995.939766][T23907] ? oom_kill_process+0x94/0x3f0 [ 2995.944702][T23907] oom_kill_process.cold+0x10/0x15 [ 2995.949811][T23907] out_of_memory+0x334/0x1340 [ 2995.954489][T23907] ? lock_downgrade+0x920/0x920 [ 2995.959329][T23907] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2995.965114][T23907] ? oom_killer_disable+0x280/0x280 [ 2995.970293][T23907] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2995.975814][T23907] ? memcg_stat_show+0xc40/0xc40 [ 2995.980730][T23907] ? do_raw_spin_unlock+0x57/0x270 [ 2995.985822][T23907] ? _raw_spin_unlock+0x2d/0x50 [ 2995.990649][T23907] try_charge+0xf4b/0x1440 [ 2995.995048][T23907] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2996.000606][T23907] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2996.006166][T23907] ? cache_grow_begin+0x122/0xd20 [ 2996.011170][T23907] ? find_held_lock+0x35/0x130 [ 2996.015914][T23907] ? cache_grow_begin+0x122/0xd20 [ 2996.020920][T23907] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2996.026442][T23907] ? lock_downgrade+0x920/0x920 [ 2996.031272][T23907] ? memcg_kmem_put_cache+0x50/0x50 [ 2996.036447][T23907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2996.042670][T23907] ? __kasan_check_read+0x11/0x20 [ 2996.047716][T23907] cache_grow_begin+0x629/0xd20 [ 2996.052565][T23907] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 2996.058173][T23907] ? mempolicy_slab_node+0x139/0x390 [ 2996.063436][T23907] fallback_alloc+0x1fd/0x2d0 [ 2996.068093][T23907] ____cache_alloc_node+0x1bc/0x1d0 [ 2996.073269][T23907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2996.079492][T23907] kmem_cache_alloc+0x1ef/0x710 [ 2996.084351][T23907] ? lock_downgrade+0x920/0x920 [ 2996.089182][T23907] ? rwlock_bug.part.0+0x90/0x90 [ 2996.094111][T23907] ? ratelimit_state_init+0xb0/0xb0 [ 2996.099290][T23907] ext4_alloc_inode+0x1f/0x640 [ 2996.104032][T23907] ? ratelimit_state_init+0xb0/0xb0 [ 2996.109220][T23907] alloc_inode+0x68/0x1e0 [ 2996.113528][T23907] iget_locked+0x1a6/0x4b0 [ 2996.117935][T23907] __ext4_iget+0x265/0x3e20 [ 2996.122420][T23907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2996.128642][T23907] ? ext4_get_projid+0x190/0x190 [ 2996.133555][T23907] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2996.139092][T23907] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2996.145051][T23907] ? d_alloc_parallel+0xa78/0x1c30 [ 2996.150142][T23907] ext4_lookup+0x3b1/0x7a0 [ 2996.154538][T23907] ? ext4_cross_rename+0x1430/0x1430 [ 2996.159800][T23907] ? __lock_acquire+0x16f2/0x4a00 [ 2996.164797][T23907] ? __kasan_check_read+0x11/0x20 [ 2996.169812][T23907] ? lockdep_init_map+0x1be/0x6d0 [ 2996.174816][T23907] __lookup_slow+0x279/0x500 [ 2996.179395][T23907] ? vfs_unlink+0x620/0x620 [ 2996.183899][T23907] lookup_slow+0x58/0x80 [ 2996.188121][T23907] path_mountpoint+0x5d2/0x1e60 [ 2996.192947][T23907] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2996.198474][T23907] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2996.204431][T23907] ? path_openat+0x46d0/0x46d0 [ 2996.209175][T23907] filename_mountpoint+0x18e/0x390 [ 2996.214272][T23907] ? filename_parentat.isra.0+0x410/0x410 [ 2996.219970][T23907] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2996.226115][T23907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2996.232336][T23907] ? __phys_addr_symbol+0x30/0x70 [ 2996.237336][T23907] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2996.243030][T23907] ? __check_object_size+0x3d/0x437 [ 2996.248209][T23907] ? strncpy_from_user+0x2b4/0x400 [ 2996.253298][T23907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2996.259513][T23907] ? getname_flags+0x277/0x5b0 [ 2996.264254][T23907] user_path_mountpoint_at+0x3a/0x50 [ 2996.269515][T23907] ksys_umount+0x164/0xf00 [ 2996.273909][T23907] ? __ia32_sys_rmdir+0x40/0x40 [ 2996.278738][T23907] ? __detach_mounts+0x2a0/0x2a0 [ 2996.283651][T23907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2996.289867][T23907] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2996.295302][T23907] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2996.300740][T23907] ? do_syscall_64+0x26/0x760 [ 2996.305396][T23907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2996.311452][T23907] ? do_syscall_64+0x26/0x760 [ 2996.316119][T23907] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2996.321378][T23907] __x64_sys_umount+0x54/0x80 [ 2996.326031][T23907] do_syscall_64+0xfa/0x760 [ 2996.330513][T23907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2996.336390][T23907] RIP: 0033:0x45c457 [ 2996.340264][T23907] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2996.359846][T23907] RSP: 002b:00007ffd31a01598 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 2996.368235][T23907] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c457 [ 2996.376188][T23907] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffd31a01640 [ 2996.384136][T23907] RBP: 0000000000000009 R08: 0000000000000000 R09: 000000000000000e [ 2996.392084][T23907] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffd31a026d0 [ 2996.400031][T23907] R13: 00000000021aa940 R14: 0000000000000000 R15: 00007ffd31a026d0 [ 2996.416158][T23907] memory: usage 1016kB, limit 0kB, failcnt 1317 [ 2996.422590][T23907] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2996.429439][T23907] Memory cgroup stats for /syz2: [ 2996.429558][T23907] anon 57344 [ 2996.429558][T23907] file 20480 [ 2996.429558][T23907] kernel_stack 0 [ 2996.429558][T23907] slab 806912 [ 2996.429558][T23907] sock 0 [ 2996.429558][T23907] shmem 0 [ 2996.429558][T23907] file_mapped 0 [ 2996.429558][T23907] file_dirty 135168 [ 2996.429558][T23907] file_writeback 0 [ 2996.429558][T23907] anon_thp 0 [ 2996.429558][T23907] inactive_anon 0 [ 2996.429558][T23907] active_anon 57344 [ 2996.429558][T23907] inactive_file 0 [ 2996.429558][T23907] active_file 0 [ 2996.429558][T23907] unevictable 0 [ 2996.429558][T23907] slab_reclaimable 270336 [ 2996.429558][T23907] slab_unreclaimable 536576 [ 2996.429558][T23907] pgfault 18579 [ 2996.429558][T23907] pgmajfault 0 [ 2996.429558][T23907] workingset_refault 0 [ 2996.429558][T23907] workingset_activate 0 [ 2996.429558][T23907] workingset_nodereclaim 0 [ 2996.429558][T23907] pgrefill 99 [ 2996.429558][T23907] pgscan 99 [ 2996.429558][T23907] pgsteal 0 [ 2996.429558][T23907] pgactivate 66 [ 2996.524420][T23907] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23907,uid=0 [ 2996.540741][T23907] Memory cgroup out of memory: Killed process 23907 (syz-executor.2) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2996.559204][ T1066] oom_reaper: reaped process 23907 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2996.887539][T23933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2996.904355][T23933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2996.920620][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2996.929917][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2997.222347][T23970] IPVS: ftp: loaded support on port[0] = 21 [ 2997.243472][T23971] IPVS: ftp: loaded support on port[0] = 21 [ 2997.439119][T23933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2997.634964][T23971] chnl_net:caif_netlink_parms(): no params data found [ 2997.807388][T23979] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2997.864819][T23971] bridge0: port 1(bridge_slave_0) entered blocking state [ 2997.874143][T23971] bridge0: port 1(bridge_slave_0) entered disabled state [ 2997.883045][T23971] device bridge_slave_0 entered promiscuous mode [ 2997.912641][T23981] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2997.922965][T23981] CPU: 0 PID: 23981 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2997.930503][T23981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2997.940553][T23981] Call Trace: [ 2997.943850][T23981] dump_stack+0x172/0x1f0 [ 2997.948181][T23981] dump_header+0x10b/0x82d [ 2997.952602][T23981] oom_kill_process.cold+0x10/0x15 [ 2997.957710][T23981] out_of_memory+0x334/0x1340 [ 2997.962388][T23981] ? __sched_text_start+0x8/0x8 [ 2997.967235][T23981] ? oom_killer_disable+0x280/0x280 [ 2997.972449][T23981] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2997.977987][T23981] ? memcg_stat_show+0xc40/0xc40 [ 2997.982929][T23981] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2997.988733][T23981] ? cgroup_file_notify+0x140/0x1b0 [ 2997.993935][T23981] memory_max_write+0x262/0x3a0 [ 2997.998789][T23981] ? mem_cgroup_write+0x370/0x370 [ 2998.003808][T23981] ? lock_acquire+0x190/0x410 [ 2998.008488][T23981] ? kernfs_fop_write+0x227/0x480 [ 2998.013516][T23981] cgroup_file_write+0x241/0x790 [ 2998.018451][T23981] ? mem_cgroup_write+0x370/0x370 [ 2998.023473][T23981] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2998.029112][T23981] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2998.034745][T23981] kernfs_fop_write+0x2b8/0x480 [ 2998.039595][T23981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2998.045840][T23981] __vfs_write+0x8a/0x110 [ 2998.050173][T23981] ? kernfs_fop_open+0xd80/0xd80 [ 2998.055111][T23981] vfs_write+0x268/0x5d0 [ 2998.059351][T23981] ksys_write+0x14f/0x290 [ 2998.063679][T23981] ? __ia32_sys_read+0xb0/0xb0 [ 2998.068442][T23981] ? do_syscall_64+0x26/0x760 [ 2998.073116][T23981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2998.079177][T23981] ? do_syscall_64+0x26/0x760 [ 2998.083863][T23981] __x64_sys_write+0x73/0xb0 [ 2998.088454][T23981] do_syscall_64+0xfa/0x760 [ 2998.092960][T23981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2998.098843][T23981] RIP: 0033:0x459a29 [ 2998.102739][T23981] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2998.122339][T23981] RSP: 002b:00007f47a494fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2998.130744][T23981] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 2998.138706][T23981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2998.146673][T23981] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2998.154637][T23981] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47a49506d4 [ 2998.162599][T23981] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 2998.193844][T23981] memory: usage 30704kB, limit 0kB, failcnt 100 [ 2998.200620][T23981] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2998.208288][T23981] Memory cgroup stats for /syz3: [ 2998.208415][T23981] anon 2199552 [ 2998.208415][T23981] file 90112 [ 2998.208415][T23981] kernel_stack 65536 [ 2998.208415][T23981] slab 29044736 [ 2998.208415][T23981] sock 0 [ 2998.208415][T23981] shmem 0 [ 2998.208415][T23981] file_mapped 0 [ 2998.208415][T23981] file_dirty 0 [ 2998.208415][T23981] file_writeback 0 [ 2998.208415][T23981] anon_thp 2097152 [ 2998.208415][T23981] inactive_anon 0 [ 2998.208415][T23981] active_anon 2125824 [ 2998.208415][T23981] inactive_file 135168 [ 2998.208415][T23981] active_file 0 [ 2998.208415][T23981] unevictable 0 [ 2998.208415][T23981] slab_reclaimable 28385280 [ 2998.208415][T23981] slab_unreclaimable 659456 [ 2998.208415][T23981] pgfault 45936 [ 2998.208415][T23981] pgmajfault 0 [ 2998.208415][T23981] workingset_refault 0 [ 2998.208415][T23981] workingset_activate 0 [ 2998.208415][T23981] workingset_nodereclaim 0 [ 2998.208415][T23981] pgrefill 349 [ 2998.208415][T23981] pgscan 343 [ 2998.208415][T23981] pgsteal 33 [ 2998.208415][T23981] pgactivate 297 [ 2998.307076][T23981] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23978,uid=0 [ 2998.323183][T23981] Memory cgroup out of memory: Killed process 23978 (syz-executor.3) total-vm:72708kB, anon-rss:2188kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2998.348326][ T1066] oom_reaper: reaped process 23978 (syz-executor.3), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB 20:14:28 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r4, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r6 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r6, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 20:14:28 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x2000000000000000}, 0x0) 20:14:28 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:28 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2998.367881][T23971] bridge0: port 2(bridge_slave_1) entered blocking state [ 2998.386743][T23971] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.403018][T23971] device bridge_slave_1 entered promiscuous mode [ 2998.442478][T23933] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 20:14:28 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x3300000000000000}, 0x0) [ 2998.489064][T23933] CPU: 0 PID: 23933 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2998.496645][T23933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2998.506705][T23933] Call Trace: [ 2998.510014][T23933] dump_stack+0x172/0x1f0 [ 2998.514352][T23933] dump_header+0x10b/0x82d [ 2998.518764][T23933] ? oom_kill_process+0x94/0x3f0 [ 2998.523809][T23933] oom_kill_process.cold+0x10/0x15 [ 2998.528936][T23933] out_of_memory+0x334/0x1340 [ 2998.533619][T23933] ? lock_downgrade+0x920/0x920 [ 2998.538476][T23933] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2998.544285][T23933] ? oom_killer_disable+0x280/0x280 [ 2998.549492][T23933] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2998.555039][T23933] ? memcg_stat_show+0xc40/0xc40 [ 2998.559981][T23933] ? do_raw_spin_unlock+0x57/0x270 [ 2998.565094][T23933] ? _raw_spin_unlock+0x2d/0x50 [ 2998.569948][T23933] try_charge+0xf4b/0x1440 [ 2998.574374][T23933] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2998.579916][T23933] ? percpu_ref_tryget_live+0x111/0x290 20:14:28 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x3f00000000000000}, 0x0) [ 2998.585467][T23933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2998.591709][T23933] ? __kasan_check_read+0x11/0x20 [ 2998.596737][T23933] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2998.602288][T23933] mem_cgroup_try_charge+0x136/0x590 [ 2998.607579][T23933] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2998.613212][T23933] wp_page_copy+0x407/0x1860 [ 2998.617801][T23933] ? find_held_lock+0x35/0x130 [ 2998.622563][T23933] ? do_wp_page+0x53b/0x15c0 [ 2998.627162][T23933] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2998.632977][T23933] ? lock_downgrade+0x920/0x920 [ 2998.637831][T23933] ? swp_swapcount+0x540/0x540 [ 2998.642608][T23933] ? __kasan_check_read+0x11/0x20 [ 2998.647641][T23933] ? do_raw_spin_unlock+0x57/0x270 [ 2998.652752][T23933] do_wp_page+0x543/0x15c0 [ 2998.657176][T23933] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2998.662555][T23933] __handle_mm_fault+0x23ec/0x4040 [ 2998.667678][T23933] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2998.673232][T23933] ? handle_mm_fault+0x292/0xaa0 [ 2998.678181][T23933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2998.684422][T23933] ? __kasan_check_read+0x11/0x20 [ 2998.689447][T23933] handle_mm_fault+0x3b7/0xaa0 [ 2998.694215][T23933] __do_page_fault+0x536/0xdd0 [ 2998.698989][T23933] do_page_fault+0x38/0x590 [ 2998.703502][T23933] page_fault+0x39/0x40 [ 2998.707655][T23933] RIP: 0033:0x430b06 [ 2998.711544][T23933] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 2998.731145][T23933] RSP: 002b:00007fff7e74f110 EFLAGS: 00010206 [ 2998.737214][T23933] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2998.745184][T23933] RDX: 0000000002081930 RSI: 0000000002089970 RDI: 0000000000000003 [ 2998.753151][T23933] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002080940 [ 2998.761121][T23933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2998.769092][T23933] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2998.851869][T23933] memory: usage 28224kB, limit 0kB, failcnt 108 [ 2998.858264][T23933] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2998.871707][T23933] Memory cgroup stats for /syz3: [ 2998.871811][T23933] anon 73728 [ 2998.871811][T23933] file 90112 [ 2998.871811][T23933] kernel_stack 0 [ 2998.871811][T23933] slab 28909568 [ 2998.871811][T23933] sock 0 [ 2998.871811][T23933] shmem 0 [ 2998.871811][T23933] file_mapped 0 [ 2998.871811][T23933] file_dirty 0 [ 2998.871811][T23933] file_writeback 0 [ 2998.871811][T23933] anon_thp 0 [ 2998.871811][T23933] inactive_anon 0 [ 2998.871811][T23933] active_anon 0 [ 2998.871811][T23933] inactive_file 135168 [ 2998.871811][T23933] active_file 0 [ 2998.871811][T23933] unevictable 0 [ 2998.871811][T23933] slab_reclaimable 28250112 [ 2998.871811][T23933] slab_unreclaimable 659456 [ 2998.871811][T23933] pgfault 45936 [ 2998.871811][T23933] pgmajfault 0 [ 2998.871811][T23933] workingset_refault 0 [ 2998.871811][T23933] workingset_activate 0 [ 2998.871811][T23933] workingset_nodereclaim 0 [ 2998.871811][T23933] pgrefill 349 [ 2998.871811][T23933] pgscan 343 [ 2998.871811][T23933] pgsteal 33 [ 2998.871811][T23933] pgactivate 297 [ 2998.977906][T23970] chnl_net:caif_netlink_parms(): no params data found [ 2999.008938][T23971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2999.110424][T23971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2999.191750][T23970] bridge0: port 1(bridge_slave_0) entered blocking state [ 2999.198839][T23970] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.201860][T23933] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23933,uid=0 [ 2999.234232][T23970] device bridge_slave_0 entered promiscuous mode [ 2999.241905][T23933] Memory cgroup out of memory: Killed process 23933 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2999.272404][ T1066] oom_reaper: reaped process 23933 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2999.315608][T23971] team0: Port device team_slave_0 added [ 2999.321786][T23970] bridge0: port 2(bridge_slave_1) entered blocking state [ 2999.328842][T23970] bridge0: port 2(bridge_slave_1) entered disabled state [ 2999.339924][T23970] device bridge_slave_1 entered promiscuous mode [ 2999.350134][T23971] team0: Port device team_slave_1 added [ 2999.736641][T23971] device hsr_slave_0 entered promiscuous mode [ 2999.792974][T23971] device hsr_slave_1 entered promiscuous mode [ 2999.841746][T23971] debugfs: Directory 'hsr0' with parent '/' already present! [ 2999.854981][T23970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2999.912975][T23970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2999.941419][T23970] team0: Port device team_slave_0 added [ 3000.017461][T23970] team0: Port device team_slave_1 added [ 3000.185659][T23970] device hsr_slave_0 entered promiscuous mode [ 3000.252789][T23970] device hsr_slave_1 entered promiscuous mode [ 3000.311753][T23970] debugfs: Directory 'hsr0' with parent '/' already present! [ 3000.413539][T23990] IPVS: ftp: loaded support on port[0] = 21 [ 3000.565948][T23992] IPVS: ftp: loaded support on port[0] = 21 [ 3000.694483][T23971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3000.814731][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3000.823654][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3000.846116][T23970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3000.884083][T23971] 8021q: adding VLAN 0 to HW filter on device team0 [ 3000.994295][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3001.003346][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3001.012154][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3001.021294][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3001.030836][T13425] bridge0: port 1(bridge_slave_0) entered blocking state [ 3001.037968][T13425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3001.066677][T23970] 8021q: adding VLAN 0 to HW filter on device team0 [ 3001.078186][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3001.087945][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3001.097967][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3001.108408][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3001.115540][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3001.125514][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3001.180498][T23990] chnl_net:caif_netlink_parms(): no params data found [ 3001.206842][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3001.216776][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3001.229952][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3001.240233][T13425] bridge0: port 1(bridge_slave_0) entered blocking state [ 3001.247371][T13425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3001.256177][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3001.265715][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3001.274662][T13425] bridge0: port 2(bridge_slave_1) entered blocking state [ 3001.281778][T13425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3001.388536][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3001.397996][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3001.407677][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3001.420746][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3001.431232][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3001.441169][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3001.572085][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3001.580292][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3001.589271][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3001.599510][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3001.609482][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3001.618976][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3001.628575][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3001.637956][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3001.657275][T23971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3001.736355][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3001.753996][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3001.764044][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3001.773341][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3001.783037][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3001.803622][T23990] bridge0: port 1(bridge_slave_0) entered blocking state [ 3001.810696][T23990] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.819633][T23990] device bridge_slave_0 entered promiscuous mode [ 3001.889387][T23990] bridge0: port 2(bridge_slave_1) entered blocking state [ 3001.903430][T23990] bridge0: port 2(bridge_slave_1) entered disabled state [ 3001.912605][T23990] device bridge_slave_1 entered promiscuous mode [ 3001.920971][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3001.930491][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3001.973433][T23971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3001.984061][T23970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3002.106390][T23990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3002.209837][T23990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3002.220247][T23992] chnl_net:caif_netlink_parms(): no params data found [ 3002.334654][T23970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3002.408769][T23990] team0: Port device team_slave_0 added [ 3002.430834][T23990] team0: Port device team_slave_1 added [ 3002.531880][T24001] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3002.547754][T23992] bridge0: port 1(bridge_slave_0) entered blocking state [ 3002.555500][T24001] CPU: 0 PID: 24001 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3002.563059][T24001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3002.573120][T24001] Call Trace: [ 3002.576415][T24001] dump_stack+0x172/0x1f0 [ 3002.580748][T24001] dump_header+0x10b/0x82d [ 3002.585171][T24001] oom_kill_process.cold+0x10/0x15 [ 3002.590284][T24001] out_of_memory+0x334/0x1340 [ 3002.594960][T24001] ? __sched_text_start+0x8/0x8 [ 3002.599812][T24001] ? oom_killer_disable+0x280/0x280 [ 3002.605033][T24001] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3002.610578][T24001] ? memcg_stat_show+0xc40/0xc40 [ 3002.615522][T24001] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3002.621328][T24001] ? cgroup_file_notify+0x140/0x1b0 [ 3002.626533][T24001] memory_max_write+0x262/0x3a0 [ 3002.631389][T24001] ? mem_cgroup_write+0x370/0x370 [ 3002.636420][T24001] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3002.641889][T24001] cgroup_file_write+0x241/0x790 [ 3002.646829][T24001] ? mem_cgroup_write+0x370/0x370 [ 3002.651867][T24001] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3002.657510][T24001] ? kernfs_ops+0x9f/0x120 [ 3002.661933][T24001] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3002.667572][T24001] kernfs_fop_write+0x2b8/0x480 [ 3002.672438][T24001] __vfs_write+0x8a/0x110 [ 3002.676773][T24001] ? kernfs_fop_open+0xd80/0xd80 [ 3002.681713][T24001] vfs_write+0x268/0x5d0 [ 3002.685962][T24001] ksys_write+0x14f/0x290 [ 3002.690296][T24001] ? __ia32_sys_read+0xb0/0xb0 [ 3002.695068][T24001] ? do_syscall_64+0x26/0x760 [ 3002.699746][T24001] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3002.705808][T24001] ? do_syscall_64+0x26/0x760 [ 3002.710489][T24001] __x64_sys_write+0x73/0xb0 [ 3002.715084][T24001] do_syscall_64+0xfa/0x760 [ 3002.719598][T24001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3002.725487][T24001] RIP: 0033:0x459a29 [ 3002.729380][T24001] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3002.748984][T24001] RSP: 002b:00007fc61e65bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3002.757399][T24001] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3002.765367][T24001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 3002.773336][T24001] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3002.781301][T24001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc61e65c6d4 [ 3002.789270][T24001] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3002.802672][T23992] bridge0: port 1(bridge_slave_0) entered disabled state [ 3002.811404][T23992] device bridge_slave_0 entered promiscuous mode [ 3002.827268][T23992] bridge0: port 2(bridge_slave_1) entered blocking state [ 3002.834395][T23992] bridge0: port 2(bridge_slave_1) entered disabled state [ 3002.843311][T23992] device bridge_slave_1 entered promiscuous mode [ 3002.850796][T24001] memory: usage 3080kB, limit 0kB, failcnt 1254 [ 3002.858413][T24001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3002.865946][T24001] Memory cgroup stats for /syz4: [ 3002.866710][T24001] anon 2166784 [ 3002.866710][T24001] file 28672 [ 3002.866710][T24001] kernel_stack 65536 [ 3002.866710][T24001] slab 692224 [ 3002.866710][T24001] sock 0 [ 3002.866710][T24001] shmem 0 [ 3002.866710][T24001] file_mapped 0 [ 3002.866710][T24001] file_dirty 135168 [ 3002.866710][T24001] file_writeback 0 [ 3002.866710][T24001] anon_thp 2097152 [ 3002.866710][T24001] inactive_anon 0 [ 3002.866710][T24001] active_anon 2166784 [ 3002.866710][T24001] inactive_file 135168 [ 3002.866710][T24001] active_file 0 [ 3002.866710][T24001] unevictable 0 [ 3002.866710][T24001] slab_reclaimable 270336 [ 3002.866710][T24001] slab_unreclaimable 421888 [ 3002.866710][T24001] pgfault 19701 [ 3002.866710][T24001] pgmajfault 0 [ 3002.866710][T24001] workingset_refault 0 [ 3002.866710][T24001] workingset_activate 0 [ 3002.866710][T24001] workingset_nodereclaim 0 [ 3002.866710][T24001] pgrefill 67 [ 3002.866710][T24001] pgscan 110 [ 3002.866710][T24001] pgsteal 70 [ 3002.866710][T24001] pgactivate 33 [ 3002.985487][T24001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24000,uid=0 [ 3003.003490][T24001] Memory cgroup out of memory: Killed process 24000 (syz-executor.4) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3003.033556][T23990] device hsr_slave_0 entered promiscuous mode [ 3003.043528][T24008] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3003.065609][ T1066] oom_reaper: reaped process 24000 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3003.304570][T23990] device hsr_slave_1 entered promiscuous mode [ 3003.332075][T24011] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3003.351822][T23990] debugfs: Directory 'hsr0' with parent '/' already present! [ 3003.371726][T24011] CPU: 1 PID: 24011 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3003.379290][T24011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3003.389346][T24011] Call Trace: [ 3003.392653][T24011] dump_stack+0x172/0x1f0 [ 3003.397001][T24011] dump_header+0x10b/0x82d [ 3003.401433][T24011] oom_kill_process.cold+0x10/0x15 [ 3003.406552][T24011] out_of_memory+0x334/0x1340 [ 3003.411235][T24011] ? __sched_text_start+0x8/0x8 [ 3003.416090][T24011] ? oom_killer_disable+0x280/0x280 [ 3003.421306][T24011] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3003.426851][T24011] ? memcg_stat_show+0xc40/0xc40 [ 3003.431796][T24011] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3003.437610][T24011] ? cgroup_file_notify+0x140/0x1b0 [ 3003.442810][T24011] memory_max_write+0x262/0x3a0 [ 3003.447663][T24011] ? mem_cgroup_write+0x370/0x370 20:14:32 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r2, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) [ 3003.452687][T24011] ? lock_acquire+0x190/0x410 [ 3003.457364][T24011] ? kernfs_fop_write+0x227/0x480 [ 3003.462393][T24011] cgroup_file_write+0x241/0x790 [ 3003.467332][T24011] ? mem_cgroup_write+0x370/0x370 [ 3003.472357][T24011] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3003.477994][T24011] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3003.483608][T24011] kernfs_fop_write+0x2b8/0x480 [ 3003.488438][T24011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3003.494659][T24011] __vfs_write+0x8a/0x110 [ 3003.498965][T24011] ? kernfs_fop_open+0xd80/0xd80 [ 3003.503880][T24011] vfs_write+0x268/0x5d0 [ 3003.508106][T24011] ksys_write+0x14f/0x290 [ 3003.512416][T24011] ? __ia32_sys_read+0xb0/0xb0 [ 3003.517161][T24011] ? do_syscall_64+0x26/0x760 [ 3003.521823][T24011] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3003.527883][T24011] ? do_syscall_64+0x26/0x760 [ 3003.532541][T24011] __x64_sys_write+0x73/0xb0 [ 3003.537112][T24011] do_syscall_64+0xfa/0x760 [ 3003.541614][T24011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3003.547497][T24011] RIP: 0033:0x459a29 [ 3003.551372][T24011] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3003.570955][T24011] RSP: 002b:00007f2dc1494c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3003.579346][T24011] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3003.587295][T24011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3003.595246][T24011] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 3003.603195][T24011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2dc14956d4 [ 3003.611142][T24011] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3003.622991][T24011] memory: usage 3280kB, limit 0kB, failcnt 1288 [ 3003.629310][T24011] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3003.636271][T24011] Memory cgroup stats for /syz0: [ 3003.636371][T24011] anon 2088960 [ 3003.636371][T24011] file 20480 [ 3003.636371][T24011] kernel_stack 131072 [ 3003.636371][T24011] slab 823296 [ 3003.636371][T24011] sock 0 [ 3003.636371][T24011] shmem 0 [ 3003.636371][T24011] file_mapped 0 [ 3003.636371][T24011] file_dirty 0 [ 3003.636371][T24011] file_writeback 0 [ 3003.636371][T24011] anon_thp 2097152 [ 3003.636371][T24011] inactive_anon 0 [ 3003.636371][T24011] active_anon 2088960 [ 3003.636371][T24011] inactive_file 0 [ 3003.636371][T24011] active_file 0 [ 3003.636371][T24011] unevictable 0 [ 3003.636371][T24011] slab_reclaimable 270336 [ 3003.636371][T24011] slab_unreclaimable 552960 [ 3003.636371][T24011] pgfault 18909 [ 3003.636371][T24011] pgmajfault 0 [ 3003.636371][T24011] workingset_refault 0 [ 3003.636371][T24011] workingset_activate 0 [ 3003.636371][T24011] workingset_nodereclaim 0 [ 3003.636371][T24011] pgrefill 66 [ 3003.636371][T24011] pgscan 66 [ 3003.636371][T24011] pgsteal 0 [ 3003.636371][T24011] pgactivate 33 [ 3003.641322][T24011] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24007,uid=0 [ 3003.762039][T24011] Memory cgroup out of memory: Killed process 24007 (syz-executor.0) total-vm:72840kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3003.803885][ T1066] oom_reaper: reaped process 24007 (syz-executor.0), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3003.815271][T23971] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3003.829788][T23992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3003.843959][T23992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3003.851812][T23971] CPU: 1 PID: 23971 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3003.860524][T23971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3003.870577][T23971] Call Trace: [ 3003.873872][T23971] dump_stack+0x172/0x1f0 [ 3003.878204][T23971] dump_header+0x10b/0x82d [ 3003.882612][T23971] ? oom_kill_process+0x94/0x3f0 [ 3003.887562][T23971] oom_kill_process.cold+0x10/0x15 [ 3003.892675][T23971] out_of_memory+0x334/0x1340 [ 3003.897347][T23971] ? lock_downgrade+0x920/0x920 [ 3003.902199][T23971] ? oom_killer_disable+0x280/0x280 [ 3003.907407][T23971] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3003.912960][T23971] ? memcg_stat_show+0xc40/0xc40 [ 3003.917890][T23971] ? do_raw_spin_unlock+0x57/0x270 [ 3003.922986][T23971] ? _raw_spin_unlock+0x2d/0x50 [ 3003.927819][T23971] try_charge+0xf4b/0x1440 [ 3003.932217][T23971] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3003.937778][T23971] ? percpu_ref_tryget_live+0x111/0x290 [ 3003.943305][T23971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3003.949522][T23971] ? __kasan_check_read+0x11/0x20 [ 3003.954543][T23971] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3003.960072][T23971] mem_cgroup_try_charge+0x136/0x590 [ 3003.965336][T23971] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3003.970967][T23971] wp_page_copy+0x407/0x1860 [ 3003.975553][T23971] ? __sched_text_start+0x8/0x8 [ 3003.980381][T23971] ? do_wp_page+0x53b/0x15c0 [ 3003.984985][T23971] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3003.990774][T23971] ? __kasan_check_read+0x11/0x20 [ 3003.995789][T23971] ? preempt_schedule_common+0x63/0xe0 [ 3004.001224][T23971] ? preempt_schedule+0x4b/0x60 [ 3004.006053][T23971] ? ___preempt_schedule+0x16/0x20 [ 3004.011147][T23971] do_wp_page+0x543/0x15c0 [ 3004.015547][T23971] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3004.020912][T23971] __handle_mm_fault+0x23ec/0x4040 [ 3004.026009][T23971] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3004.031535][T23971] ? handle_mm_fault+0x292/0xaa0 [ 3004.036458][T23971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3004.042677][T23971] ? __kasan_check_read+0x11/0x20 [ 3004.047682][T23971] handle_mm_fault+0x3b7/0xaa0 [ 3004.052429][T23971] __do_page_fault+0x536/0xdd0 [ 3004.057176][T23971] do_page_fault+0x38/0x590 [ 3004.061664][T23971] page_fault+0x39/0x40 [ 3004.065794][T23971] RIP: 0033:0x430b06 [ 3004.069679][T23971] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3004.089270][T23971] RSP: 002b:00007ffc19ba41e0 EFLAGS: 00010206 [ 3004.095312][T23971] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3004.103259][T23971] RDX: 00000000025d8930 RSI: 00000000025e0970 RDI: 0000000000000003 [ 3004.111216][T23971] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000025d7940 [ 3004.119163][T23971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3004.127114][T23971] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3004.143509][T23971] memory: usage 708kB, limit 0kB, failcnt 1262 20:14:33 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:33 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r4, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r6 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r6, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 20:14:33 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x4000000000000000}, 0x0) [ 3004.149680][T23971] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3004.191021][T23971] Memory cgroup stats for /syz4: [ 3004.191134][T23971] anon 0 [ 3004.191134][T23971] file 28672 [ 3004.191134][T23971] kernel_stack 0 [ 3004.191134][T23971] slab 692224 [ 3004.191134][T23971] sock 0 [ 3004.191134][T23971] shmem 0 [ 3004.191134][T23971] file_mapped 0 [ 3004.191134][T23971] file_dirty 135168 [ 3004.191134][T23971] file_writeback 0 [ 3004.191134][T23971] anon_thp 0 [ 3004.191134][T23971] inactive_anon 0 [ 3004.191134][T23971] active_anon 0 [ 3004.191134][T23971] inactive_file 135168 [ 3004.191134][T23971] active_file 0 20:14:33 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x4800000000000000}, 0x0) [ 3004.191134][T23971] unevictable 0 [ 3004.191134][T23971] slab_reclaimable 270336 [ 3004.191134][T23971] slab_unreclaimable 421888 [ 3004.191134][T23971] pgfault 19701 [ 3004.191134][T23971] pgmajfault 0 [ 3004.191134][T23971] workingset_refault 0 [ 3004.191134][T23971] workingset_activate 0 [ 3004.191134][T23971] workingset_nodereclaim 0 [ 3004.191134][T23971] pgrefill 67 [ 3004.191134][T23971] pgscan 110 [ 3004.191134][T23971] pgsteal 70 [ 3004.191134][T23971] pgactivate 33 20:14:33 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x4c00000000000000}, 0x0) [ 3004.339225][T23992] team0: Port device team_slave_0 added [ 3004.440985][T23992] team0: Port device team_slave_1 added 20:14:34 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x6000000000000000}, 0x0) 20:14:34 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x6800000000000000}, 0x0) [ 3004.671944][T23971] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23971,uid=0 [ 3004.709155][T23992] device hsr_slave_0 entered promiscuous mode [ 3004.713279][T23971] Memory cgroup out of memory: Killed process 23971 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3004.734605][T23970] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3004.735053][ T1066] oom_reaper: reaped process 23971 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3004.745682][T23970] CPU: 1 PID: 23970 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3004.763354][T23970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3004.773404][T23970] Call Trace: [ 3004.776700][T23970] dump_stack+0x172/0x1f0 [ 3004.781031][T23970] dump_header+0x10b/0x82d [ 3004.785444][T23970] ? oom_kill_process+0x94/0x3f0 [ 3004.790377][T23970] oom_kill_process.cold+0x10/0x15 [ 3004.795483][T23970] out_of_memory+0x334/0x1340 [ 3004.800153][T23970] ? lock_downgrade+0x920/0x920 [ 3004.805003][T23970] ? oom_killer_disable+0x280/0x280 [ 3004.810207][T23970] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3004.815758][T23970] ? memcg_stat_show+0xc40/0xc40 [ 3004.820696][T23970] ? do_raw_spin_unlock+0x57/0x270 [ 3004.825810][T23970] ? _raw_spin_unlock+0x2d/0x50 [ 3004.830640][T23970] try_charge+0xf4b/0x1440 [ 3004.835039][T23970] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3004.840562][T23970] ? percpu_ref_tryget_live+0x111/0x290 [ 3004.846088][T23970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3004.852340][T23970] ? __kasan_check_read+0x11/0x20 [ 3004.857374][T23970] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3004.862902][T23970] mem_cgroup_try_charge+0x136/0x590 [ 3004.868171][T23970] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3004.873783][T23970] wp_page_copy+0x407/0x1860 [ 3004.878384][T23970] ? find_held_lock+0x35/0x130 [ 3004.883122][T23970] ? do_wp_page+0x53b/0x15c0 [ 3004.887690][T23970] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3004.893474][T23970] ? lock_downgrade+0x920/0x920 [ 3004.898302][T23970] ? swp_swapcount+0x540/0x540 [ 3004.903045][T23970] ? __kasan_check_read+0x11/0x20 [ 3004.908043][T23970] ? do_raw_spin_unlock+0x57/0x270 [ 3004.913133][T23970] do_wp_page+0x543/0x15c0 [ 3004.917548][T23970] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3004.922912][T23970] __handle_mm_fault+0x23ec/0x4040 [ 3004.928005][T23970] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3004.933524][T23970] ? handle_mm_fault+0x292/0xaa0 [ 3004.938454][T23970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3004.944677][T23970] ? __kasan_check_read+0x11/0x20 [ 3004.949680][T23970] handle_mm_fault+0x3b7/0xaa0 [ 3004.954426][T23970] __do_page_fault+0x536/0xdd0 [ 3004.959189][T23970] do_page_fault+0x38/0x590 [ 3004.963672][T23970] page_fault+0x39/0x40 [ 3004.967811][T23970] RIP: 0033:0x430b06 [ 3004.971694][T23970] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3004.991273][T23970] RSP: 002b:00007ffcd442c680 EFLAGS: 00010206 [ 3004.997313][T23970] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3005.005261][T23970] RDX: 00000000023df930 RSI: 00000000023e7970 RDI: 0000000000000003 [ 3005.013207][T23970] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000023de940 [ 3005.021155][T23970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3005.029100][T23970] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3005.055434][T23970] memory: usage 864kB, limit 0kB, failcnt 1296 [ 3005.062747][T23992] device hsr_slave_1 entered promiscuous mode [ 3005.076949][T23970] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3005.083917][T23970] Memory cgroup stats for /syz0: [ 3005.084013][T23970] anon 0 [ 3005.084013][T23970] file 20480 [ 3005.084013][T23970] kernel_stack 0 [ 3005.084013][T23970] slab 823296 [ 3005.084013][T23970] sock 0 [ 3005.084013][T23970] shmem 0 [ 3005.084013][T23970] file_mapped 0 [ 3005.084013][T23970] file_dirty 0 [ 3005.084013][T23970] file_writeback 0 [ 3005.084013][T23970] anon_thp 0 [ 3005.084013][T23970] inactive_anon 0 [ 3005.084013][T23970] active_anon 0 [ 3005.084013][T23970] inactive_file 0 [ 3005.084013][T23970] active_file 0 [ 3005.084013][T23970] unevictable 0 [ 3005.084013][T23970] slab_reclaimable 270336 [ 3005.084013][T23970] slab_unreclaimable 552960 [ 3005.084013][T23970] pgfault 18909 [ 3005.084013][T23970] pgmajfault 0 [ 3005.084013][T23970] workingset_refault 0 [ 3005.084013][T23970] workingset_activate 0 [ 3005.084013][T23970] workingset_nodereclaim 0 [ 3005.084013][T23970] pgrefill 66 [ 3005.084013][T23970] pgscan 66 [ 3005.084013][T23970] pgsteal 0 [ 3005.084013][T23970] pgactivate 33 [ 3005.084013][T23970] pgdeactivate 66 [ 3005.181439][T23970] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23970,uid=0 [ 3005.197983][T23970] Memory cgroup out of memory: Killed process 23970 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3005.202927][T23992] debugfs: Directory 'hsr0' with parent '/' already present! [ 3005.878280][T23990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3005.948956][T24029] IPVS: ftp: loaded support on port[0] = 21 [ 3005.964980][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3005.986367][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3006.057143][T23990] 8021q: adding VLAN 0 to HW filter on device team0 [ 3006.105498][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3006.115724][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3006.125010][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3006.132117][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3006.140466][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3006.162434][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3006.170919][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3006.178028][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3006.268961][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3006.278548][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3006.288167][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3006.335537][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3006.347575][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3006.356898][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3006.370797][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3006.470300][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3006.480675][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3006.490118][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3006.500590][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3006.510009][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3006.520816][T23990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3006.708948][T23992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3006.755217][T23990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3006.856144][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3006.865768][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3006.879410][T23992] 8021q: adding VLAN 0 to HW filter on device team0 [ 3006.918936][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3006.928286][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3006.937524][T13510] bridge0: port 1(bridge_slave_0) entered blocking state [ 3006.944659][T13510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3006.953190][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3006.963305][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3006.972485][T13510] bridge0: port 2(bridge_slave_1) entered blocking state [ 3006.979550][T13510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3007.058596][T24029] chnl_net:caif_netlink_parms(): no params data found [ 3007.077607][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3007.106419][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3007.204835][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3007.215062][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3007.216616][T24037] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3007.224403][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3007.297783][T24029] bridge0: port 1(bridge_slave_0) entered blocking state [ 3007.307485][T24029] bridge0: port 1(bridge_slave_0) entered disabled state [ 3007.317354][T24029] device bridge_slave_0 entered promiscuous mode [ 3007.328494][T24038] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3007.341368][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3007.341728][T24038] CPU: 0 PID: 24038 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3007.356112][T24038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3007.363306][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3007.366171][T24038] Call Trace: [ 3007.377334][T24038] dump_stack+0x172/0x1f0 [ 3007.381671][T24038] dump_header+0x10b/0x82d [ 3007.383666][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3007.386100][T24038] oom_kill_process.cold+0x10/0x15 [ 3007.398976][T24038] out_of_memory+0x334/0x1340 [ 3007.402809][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3007.403661][T24038] ? __sched_text_start+0x8/0x8 [ 3007.416280][T24038] ? oom_killer_disable+0x280/0x280 [ 3007.421488][T24038] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3007.422525][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3007.427033][T24038] ? memcg_stat_show+0xc40/0xc40 [ 3007.439666][T24038] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3007.445480][T24038] ? cgroup_file_notify+0x140/0x1b0 [ 3007.450678][T24038] memory_max_write+0x262/0x3a0 [ 3007.455537][T24038] ? mem_cgroup_write+0x370/0x370 [ 3007.460562][T24038] ? lock_acquire+0x190/0x410 [ 3007.465251][T24038] ? kernfs_fop_write+0x227/0x480 [ 3007.470286][T24038] cgroup_file_write+0x241/0x790 [ 3007.475226][T24038] ? mem_cgroup_write+0x370/0x370 [ 3007.480257][T24038] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3007.485915][T24038] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3007.491559][T24038] kernfs_fop_write+0x2b8/0x480 [ 3007.496425][T24038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3007.502682][T24038] __vfs_write+0x8a/0x110 [ 3007.507015][T24038] ? kernfs_fop_open+0xd80/0xd80 [ 3007.511960][T24038] vfs_write+0x268/0x5d0 [ 3007.516206][T24038] ksys_write+0x14f/0x290 [ 3007.520536][T24038] ? __ia32_sys_read+0xb0/0xb0 [ 3007.525303][T24038] ? do_syscall_64+0x26/0x760 [ 3007.529976][T24038] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3007.536041][T24038] ? do_syscall_64+0x26/0x760 [ 3007.540719][T24038] __x64_sys_write+0x73/0xb0 [ 3007.545325][T24038] do_syscall_64+0xfa/0x760 [ 3007.549835][T24038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3007.555733][T24038] RIP: 0033:0x459a29 [ 3007.559633][T24038] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3007.579235][T24038] RSP: 002b:00007f4af1051c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3007.587649][T24038] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3007.595617][T24038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3007.603585][T24038] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3007.611549][T24038] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4af10526d4 [ 3007.619521][T24038] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3007.645077][T24038] memory: usage 3456kB, limit 0kB, failcnt 1318 [ 3007.651519][T24038] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3007.658612][T24038] Memory cgroup stats for /syz2: [ 3007.658710][T24038] anon 2101248 [ 3007.658710][T24038] file 20480 [ 3007.658710][T24038] kernel_stack 65536 [ 3007.658710][T24038] slab 946176 [ 3007.658710][T24038] sock 0 [ 3007.658710][T24038] shmem 0 [ 3007.658710][T24038] file_mapped 0 [ 3007.658710][T24038] file_dirty 135168 [ 3007.658710][T24038] file_writeback 0 [ 3007.658710][T24038] anon_thp 2097152 [ 3007.658710][T24038] inactive_anon 0 [ 3007.658710][T24038] active_anon 2101248 [ 3007.658710][T24038] inactive_file 0 [ 3007.658710][T24038] active_file 0 [ 3007.658710][T24038] unevictable 0 [ 3007.658710][T24038] slab_reclaimable 270336 [ 3007.658710][T24038] slab_unreclaimable 675840 [ 3007.658710][T24038] pgfault 18612 [ 3007.658710][T24038] pgmajfault 0 [ 3007.658710][T24038] workingset_refault 0 [ 3007.658710][T24038] workingset_activate 0 [ 3007.658710][T24038] workingset_nodereclaim 0 [ 3007.658710][T24038] pgrefill 99 [ 3007.658710][T24038] pgscan 99 [ 3007.658710][T24038] pgsteal 0 [ 3007.658710][T24038] pgactivate 66 [ 3007.757337][T24029] bridge0: port 2(bridge_slave_1) entered blocking state [ 3007.768623][T24029] bridge0: port 2(bridge_slave_1) entered disabled state [ 3007.777452][T24029] device bridge_slave_1 entered promiscuous mode [ 3007.783509][T24038] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24036,uid=0 [ 3007.811902][T24038] Memory cgroup out of memory: Killed process 24036 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3007.812840][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3007.839706][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 20:14:37 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x0, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3007.853703][ T1066] oom_reaper: reaped process 24036 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3007.890584][T23990] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 3007.902682][T23990] CPU: 0 PID: 23990 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3007.910224][T23990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3007.920273][T23990] Call Trace: [ 3007.923568][T23990] dump_stack+0x172/0x1f0 [ 3007.927905][T23990] dump_header+0x10b/0x82d [ 3007.932315][T23990] ? oom_kill_process+0x94/0x3f0 [ 3007.937251][T23990] oom_kill_process.cold+0x10/0x15 [ 3007.942363][T23990] out_of_memory+0x334/0x1340 [ 3007.947035][T23990] ? lock_downgrade+0x920/0x920 [ 3007.951887][T23990] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3007.957693][T23990] ? oom_killer_disable+0x280/0x280 [ 3007.962906][T23990] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3007.968446][T23990] ? memcg_stat_show+0xc40/0xc40 [ 3007.973387][T23990] ? do_raw_spin_unlock+0x57/0x270 [ 3007.978497][T23990] ? _raw_spin_unlock+0x2d/0x50 [ 3007.983347][T23990] try_charge+0xf4b/0x1440 [ 3007.987769][T23990] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3007.993312][T23990] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3007.998859][T23990] ? cache_grow_begin+0x122/0xd20 [ 3008.003879][T23990] ? find_held_lock+0x35/0x130 [ 3008.008642][T23990] ? cache_grow_begin+0x122/0xd20 [ 3008.013670][T23990] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3008.019210][T23990] ? lock_downgrade+0x920/0x920 [ 3008.024060][T23990] ? memcg_kmem_put_cache+0x50/0x50 [ 3008.029254][T23990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3008.035491][T23990] ? __kasan_check_read+0x11/0x20 [ 3008.040520][T23990] cache_grow_begin+0x629/0xd20 [ 3008.045371][T23990] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 3008.051016][T23990] ? mempolicy_slab_node+0x139/0x390 [ 3008.056317][T23990] fallback_alloc+0x1fd/0x2d0 [ 3008.061021][T23990] ____cache_alloc_node+0x1bc/0x1d0 [ 3008.066233][T23990] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3008.072493][T23990] kmem_cache_alloc+0x1ef/0x710 [ 3008.077351][T23990] ? stack_trace_save+0xac/0xe0 [ 3008.082208][T23990] __alloc_file+0x27/0x340 [ 3008.086624][T23990] alloc_empty_file+0x72/0x170 [ 3008.091387][T23990] path_openat+0xef/0x46d0 [ 3008.095804][T23990] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3008.101600][T23990] ? kasan_slab_alloc+0xf/0x20 [ 3008.106366][T23990] ? kmem_cache_alloc+0x121/0x710 [ 3008.111386][T23990] ? getname_flags+0xd6/0x5b0 [ 3008.116056][T23990] ? getname+0x1a/0x20 [ 3008.120119][T23990] ? do_sys_open+0x2c9/0x5d0 [ 3008.124711][T23990] ? __x64_sys_open+0x7e/0xc0 [ 3008.129386][T23990] ? __kasan_check_read+0x11/0x20 [ 3008.134406][T23990] ? mark_lock+0xc2/0x1220 [ 3008.138821][T23990] ? __kasan_check_read+0x11/0x20 [ 3008.143850][T23990] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 3008.149225][T23990] ? __alloc_fd+0x487/0x620 [ 3008.153730][T23990] do_filp_open+0x1a1/0x280 [ 3008.158230][T23990] ? may_open_dev+0x100/0x100 [ 3008.162905][T23990] ? lock_downgrade+0x920/0x920 [ 3008.167760][T23990] ? rwlock_bug.part.0+0x90/0x90 [ 3008.172726][T23990] ? __kasan_check_read+0x11/0x20 [ 3008.177742][T23990] ? do_raw_spin_unlock+0x57/0x270 [ 3008.182859][T23990] ? _raw_spin_unlock+0x2d/0x50 [ 3008.187707][T23990] ? __alloc_fd+0x487/0x620 [ 3008.192224][T23990] do_sys_open+0x3fe/0x5d0 [ 3008.196639][T23990] ? filp_open+0x80/0x80 [ 3008.200872][T23990] ? __detach_mounts+0x2a0/0x2a0 [ 3008.205810][T23990] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3008.211265][T23990] ? do_syscall_64+0x26/0x760 [ 3008.215938][T23990] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3008.222000][T23990] ? do_syscall_64+0x26/0x760 [ 3008.226687][T23990] __x64_sys_open+0x7e/0xc0 [ 3008.231189][T23990] do_syscall_64+0xfa/0x760 [ 3008.235699][T23990] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3008.241587][T23990] RIP: 0033:0x4579a0 [ 3008.245479][T23990] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 3008.265078][T23990] RSP: 002b:00007ffcac839810 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 3008.273488][T23990] RAX: ffffffffffffffda RBX: 00000000002de497 RCX: 00000000004579a0 [ 3008.281453][T23990] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffcac83a9f0 [ 3008.289427][T23990] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001e61940 [ 3008.297396][T23990] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffcac83a9f0 [ 3008.305361][T23990] R13: 00007ffcac83a9e0 R14: 0000000000000000 R15: 00007ffcac83a9f0 [ 3008.332974][T23992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3008.340468][T23990] memory: usage 1080kB, limit 0kB, failcnt 1338 [ 3008.378841][T23990] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3008.398001][T23990] Memory cgroup stats for /syz2: [ 3008.398111][T23990] anon 53248 [ 3008.398111][T23990] file 20480 [ 3008.398111][T23990] kernel_stack 0 [ 3008.398111][T23990] slab 946176 [ 3008.398111][T23990] sock 0 [ 3008.398111][T23990] shmem 0 [ 3008.398111][T23990] file_mapped 0 [ 3008.398111][T23990] file_dirty 135168 [ 3008.398111][T23990] file_writeback 0 [ 3008.398111][T23990] anon_thp 0 [ 3008.398111][T23990] inactive_anon 0 [ 3008.398111][T23990] active_anon 53248 [ 3008.398111][T23990] inactive_file 0 [ 3008.398111][T23990] active_file 0 [ 3008.398111][T23990] unevictable 0 [ 3008.398111][T23990] slab_reclaimable 270336 [ 3008.398111][T23990] slab_unreclaimable 675840 [ 3008.398111][T23990] pgfault 18612 [ 3008.398111][T23990] pgmajfault 0 [ 3008.398111][T23990] workingset_refault 0 [ 3008.398111][T23990] workingset_activate 0 [ 3008.398111][T23990] workingset_nodereclaim 0 [ 3008.398111][T23990] pgrefill 99 [ 3008.398111][T23990] pgscan 99 [ 3008.398111][T23990] pgsteal 0 [ 3008.398111][T23990] pgactivate 66 [ 3008.504737][T24029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3008.520771][T24029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3008.544106][T23990] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23990,uid=0 [ 3008.560494][T23990] Memory cgroup out of memory: Killed process 23990 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3008.578830][ T1066] oom_reaper: reaped process 23990 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3008.620533][T23992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3008.652910][T24029] team0: Port device team_slave_0 added [ 3008.709896][T24029] team0: Port device team_slave_1 added [ 3009.203833][T24029] device hsr_slave_0 entered promiscuous mode [ 3009.273615][T24029] device hsr_slave_1 entered promiscuous mode [ 3009.291039][T24046] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3009.301848][T24046] CPU: 0 PID: 24046 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3009.309404][T24046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3009.319466][T24046] Call Trace: [ 3009.322778][T24046] dump_stack+0x172/0x1f0 [ 3009.327111][T24046] dump_header+0x10b/0x82d [ 3009.331530][T24046] oom_kill_process.cold+0x10/0x15 [ 3009.336644][T24046] out_of_memory+0x334/0x1340 [ 3009.341325][T24046] ? __sched_text_start+0x8/0x8 [ 3009.346177][T24046] ? oom_killer_disable+0x280/0x280 [ 3009.351381][T24046] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3009.356923][T24046] ? memcg_stat_show+0xc40/0xc40 [ 3009.361867][T24046] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3009.367672][T24046] ? cgroup_file_notify+0x140/0x1b0 [ 3009.372876][T24046] memory_max_write+0x262/0x3a0 [ 3009.377728][T24046] ? mem_cgroup_write+0x370/0x370 [ 3009.382755][T24046] ? lock_acquire+0x190/0x410 [ 3009.387429][T24046] ? kernfs_fop_write+0x227/0x480 [ 3009.392462][T24046] cgroup_file_write+0x241/0x790 [ 3009.397402][T24046] ? mem_cgroup_write+0x370/0x370 [ 3009.402427][T24046] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3009.408064][T24046] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3009.413697][T24046] kernfs_fop_write+0x2b8/0x480 [ 3009.418550][T24046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3009.424809][T24046] __vfs_write+0x8a/0x110 [ 3009.429145][T24046] ? kernfs_fop_open+0xd80/0xd80 [ 3009.434097][T24046] vfs_write+0x268/0x5d0 [ 3009.438365][T24046] ksys_write+0x14f/0x290 [ 3009.442710][T24046] ? __ia32_sys_read+0xb0/0xb0 [ 3009.447479][T24046] ? do_syscall_64+0x26/0x760 [ 3009.452165][T24046] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3009.458241][T24046] ? do_syscall_64+0x26/0x760 [ 3009.462935][T24046] __x64_sys_write+0x73/0xb0 [ 3009.467529][T24046] do_syscall_64+0xfa/0x760 [ 3009.472040][T24046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3009.477929][T24046] RIP: 0033:0x459a29 [ 3009.481825][T24046] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3009.501438][T24046] RSP: 002b:00007f316829dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3009.509860][T24046] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3009.517834][T24046] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3009.525807][T24046] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3009.533774][T24046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f316829e6d4 [ 3009.541741][T24046] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3009.555733][T24046] memory: usage 3164kB, limit 0kB, failcnt 1330 [ 3009.562216][T24029] debugfs: Directory 'hsr0' with parent '/' already present! [ 3009.580537][T24046] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3009.588236][T24046] Memory cgroup stats for /syz5: [ 3009.588360][T24046] anon 2162688 [ 3009.588360][T24046] file 0 [ 3009.588360][T24046] kernel_stack 65536 [ 3009.588360][T24046] slab 806912 [ 3009.588360][T24046] sock 4096 [ 3009.588360][T24046] shmem 77824 [ 3009.588360][T24046] file_mapped 0 [ 3009.588360][T24046] file_dirty 0 [ 3009.588360][T24046] file_writeback 0 [ 3009.588360][T24046] anon_thp 2097152 [ 3009.588360][T24046] inactive_anon 135168 [ 3009.588360][T24046] active_anon 2162688 [ 3009.588360][T24046] inactive_file 0 [ 3009.588360][T24046] active_file 0 [ 3009.588360][T24046] unevictable 0 [ 3009.588360][T24046] slab_reclaimable 270336 [ 3009.588360][T24046] slab_unreclaimable 536576 [ 3009.588360][T24046] pgfault 21483 [ 3009.588360][T24046] pgmajfault 0 [ 3009.588360][T24046] workingset_refault 0 [ 3009.588360][T24046] workingset_activate 0 [ 3009.588360][T24046] workingset_nodereclaim 0 [ 3009.588360][T24046] pgrefill 165 [ 3009.588360][T24046] pgscan 253 [ 3009.588360][T24046] pgsteal 69 [ 3009.588360][T24046] pgactivate 66 [ 3009.685130][T24046] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24044,uid=0 [ 3009.711885][T24046] Memory cgroup out of memory: Killed process 24044 (syz-executor.5) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 20:14:39 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x6c00000000000000}, 0x0) 20:14:39 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r2, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) 20:14:39 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:39 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x0, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3009.737654][ T1066] oom_reaper: reaped process 24044 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3009.825655][T23992] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3009.841219][T23992] CPU: 0 PID: 23992 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3009.848778][T23992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3009.858837][T23992] Call Trace: [ 3009.862133][T23992] dump_stack+0x172/0x1f0 [ 3009.866472][T23992] dump_header+0x10b/0x82d [ 3009.870886][T23992] ? oom_kill_process+0x94/0x3f0 [ 3009.875822][T23992] oom_kill_process.cold+0x10/0x15 [ 3009.880931][T23992] out_of_memory+0x334/0x1340 [ 3009.885610][T23992] ? lock_downgrade+0x920/0x920 [ 3009.890459][T23992] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3009.896263][T23992] ? oom_killer_disable+0x280/0x280 [ 3009.901467][T23992] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3009.907010][T23992] ? memcg_stat_show+0xc40/0xc40 [ 3009.911950][T23992] ? do_raw_spin_unlock+0x57/0x270 [ 3009.917064][T23992] ? _raw_spin_unlock+0x2d/0x50 [ 3009.921920][T23992] try_charge+0xf4b/0x1440 [ 3009.926353][T23992] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3009.931893][T23992] ? percpu_ref_tryget_live+0x111/0x290 [ 3009.937477][T23992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3009.943714][T23992] ? __kasan_check_read+0x11/0x20 [ 3009.948740][T23992] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3009.954291][T23992] mem_cgroup_try_charge+0x136/0x590 [ 3009.959585][T23992] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3009.965220][T23992] wp_page_copy+0x407/0x1860 [ 3009.969808][T23992] ? find_held_lock+0x35/0x130 [ 3009.974571][T23992] ? do_wp_page+0x53b/0x15c0 [ 3009.979162][T23992] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3009.984973][T23992] ? lock_downgrade+0x920/0x920 [ 3009.989823][T23992] ? swp_swapcount+0x540/0x540 [ 3009.994583][T23992] ? __kasan_check_read+0x11/0x20 [ 3009.998121][T24029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3009.999604][T23992] ? do_raw_spin_unlock+0x57/0x270 [ 3010.011265][T23992] do_wp_page+0x543/0x15c0 [ 3010.015684][T23992] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3010.021057][T23992] __handle_mm_fault+0x23ec/0x4040 [ 3010.026176][T23992] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3010.031717][T23992] ? handle_mm_fault+0x292/0xaa0 [ 3010.036665][T23992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3010.042913][T23992] ? __kasan_check_read+0x11/0x20 [ 3010.047941][T23992] handle_mm_fault+0x3b7/0xaa0 [ 3010.052707][T23992] ? __do_page_fault+0x970/0xdd0 [ 3010.057643][T23992] __do_page_fault+0x536/0xdd0 [ 3010.062413][T23992] do_page_fault+0x38/0x590 [ 3010.066605][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3010.066917][T23992] page_fault+0x39/0x40 [ 3010.078222][T23992] RIP: 0033:0x430b06 [ 3010.082108][T23992] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3010.083055][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3010.101703][T23992] RSP: 002b:00007ffd414353e0 EFLAGS: 00010206 [ 3010.101715][T23992] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 20:14:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x7400000000000000}, 0x0) [ 3010.101721][T23992] RDX: 00000000011bb930 RSI: 00000000011c3970 RDI: 0000000000000003 [ 3010.101728][T23992] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000011ba940 [ 3010.101735][T23992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3010.101742][T23992] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3010.120106][T23992] memory: usage 788kB, limit 0kB, failcnt 1338 [ 3010.228056][T24029] 8021q: adding VLAN 0 to HW filter on device team0 [ 3010.275517][T23992] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3010.290295][T23992] Memory cgroup stats for /syz5: [ 3010.290398][T23992] anon 81920 [ 3010.290398][T23992] file 0 [ 3010.290398][T23992] kernel_stack 65536 [ 3010.290398][T23992] slab 806912 [ 3010.290398][T23992] sock 4096 [ 3010.290398][T23992] shmem 77824 [ 3010.290398][T23992] file_mapped 0 [ 3010.290398][T23992] file_dirty 0 [ 3010.290398][T23992] file_writeback 0 [ 3010.290398][T23992] anon_thp 0 [ 3010.290398][T23992] inactive_anon 135168 [ 3010.290398][T23992] active_anon 81920 [ 3010.290398][T23992] inactive_file 0 [ 3010.290398][T23992] active_file 0 [ 3010.290398][T23992] unevictable 0 [ 3010.290398][T23992] slab_reclaimable 270336 [ 3010.290398][T23992] slab_unreclaimable 536576 [ 3010.290398][T23992] pgfault 21483 [ 3010.290398][T23992] pgmajfault 0 [ 3010.290398][T23992] workingset_refault 0 [ 3010.290398][T23992] workingset_activate 0 [ 3010.290398][T23992] workingset_nodereclaim 0 [ 3010.290398][T23992] pgrefill 165 [ 3010.290398][T23992] pgscan 253 [ 3010.290398][T23992] pgsteal 69 [ 3010.290398][T23992] pgactivate 66 [ 3010.422276][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3010.428671][T23992] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23992,uid=0 [ 3010.446774][T23992] Memory cgroup out of memory: Killed process 23992 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3010.452771][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3010.465312][ T1066] oom_reaper: reaped process 23992 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3010.522253][T16062] bridge0: port 1(bridge_slave_0) entered blocking state [ 3010.529341][T16062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3010.552388][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3010.561334][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3010.592204][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3010.599283][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3010.967275][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3010.976094][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3011.028152][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3011.037112][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3011.048263][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3011.056982][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3011.066638][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3011.076144][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3011.157879][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3011.169066][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3011.178241][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3011.187917][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3011.201163][T24029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3011.285700][T24029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3011.620780][T24060] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3011.623783][T24061] IPVS: ftp: loaded support on port[0] = 21 [ 3011.632543][T24060] CPU: 1 PID: 24060 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3011.644531][T24060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3011.654589][T24060] Call Trace: [ 3011.657882][T24060] dump_stack+0x172/0x1f0 [ 3011.662209][T24060] dump_header+0x10b/0x82d [ 3011.662225][T24060] oom_kill_process.cold+0x10/0x15 [ 3011.662238][T24060] out_of_memory+0x334/0x1340 [ 3011.662254][T24060] ? __this_cpu_preempt_check+0x3a/0x210 [ 3011.662271][T24060] ? retint_kernel+0x2b/0x2b [ 3011.662288][T24060] ? oom_killer_disable+0x280/0x280 [ 3011.682045][T24060] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3011.691805][T24060] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3011.691818][T24060] ? memcg_stat_show+0xc40/0xc40 [ 3011.691847][T24060] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3011.713760][T24060] ? cgroup_file_notify+0x140/0x1b0 [ 3011.713779][T24060] memory_max_write+0x262/0x3a0 [ 3011.713797][T24060] ? mem_cgroup_write+0x370/0x370 [ 3011.728821][T24060] ? cgroup_file_write+0x86/0x790 [ 3011.733844][T24060] cgroup_file_write+0x241/0x790 [ 3011.733863][T24060] ? mem_cgroup_write+0x370/0x370 [ 3011.733881][T24060] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3011.749448][T24060] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3011.755095][T24060] kernfs_fop_write+0x2b8/0x480 [ 3011.759954][T24060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3011.766208][T24060] __vfs_write+0x8a/0x110 [ 3011.770549][T24060] ? kernfs_fop_open+0xd80/0xd80 [ 3011.775489][T24060] vfs_write+0x268/0x5d0 [ 3011.779735][T24060] ksys_write+0x14f/0x290 [ 3011.784059][T24060] ? __ia32_sys_read+0xb0/0xb0 [ 3011.788821][T24060] __x64_sys_write+0x73/0xb0 [ 3011.793402][T24060] ? do_syscall_64+0x5b/0x760 [ 3011.793418][T24060] do_syscall_64+0xfa/0x760 [ 3011.793440][T24060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3011.808459][T24060] RIP: 0033:0x459a29 [ 3011.812355][T24060] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3011.831946][T24060] RSP: 002b:00007fed23b06c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3011.831960][T24060] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3011.831967][T24060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3011.831975][T24060] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3011.831989][T24060] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fed23b076d4 [ 3011.872209][T24060] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3011.908090][T24060] memory: usage 28292kB, limit 0kB, failcnt 109 [ 3011.915521][T24060] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3011.922946][T24060] Memory cgroup stats for /syz3: [ 3011.923983][T24060] anon 2191360 [ 3011.923983][T24060] file 90112 [ 3011.923983][T24060] kernel_stack 65536 [ 3011.923983][T24060] slab 26746880 [ 3011.923983][T24060] sock 0 [ 3011.923983][T24060] shmem 0 [ 3011.923983][T24060] file_mapped 0 [ 3011.923983][T24060] file_dirty 0 [ 3011.923983][T24060] file_writeback 0 [ 3011.923983][T24060] anon_thp 2097152 [ 3011.923983][T24060] inactive_anon 0 [ 3011.923983][T24060] active_anon 2117632 [ 3011.923983][T24060] inactive_file 135168 [ 3011.923983][T24060] active_file 0 [ 3011.923983][T24060] unevictable 0 [ 3011.923983][T24060] slab_reclaimable 26087424 [ 3011.923983][T24060] slab_unreclaimable 659456 [ 3011.923983][T24060] pgfault 46002 [ 3011.923983][T24060] pgmajfault 0 [ 3011.923983][T24060] workingset_refault 0 [ 3011.923983][T24060] workingset_activate 0 [ 3011.923983][T24060] workingset_nodereclaim 0 [ 3011.923983][T24060] pgrefill 349 [ 3011.923983][T24060] pgscan 343 [ 3011.923983][T24060] pgsteal 33 [ 3011.923983][T24060] pgactivate 297 [ 3012.023700][T24060] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24058,uid=0 [ 3012.041020][T24060] Memory cgroup out of memory: Killed process 24058 (syz-executor.3) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3012.063233][ T1066] oom_reaper: reaped process 24058 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3012.131173][T24064] IPVS: ftp: loaded support on port[0] = 21 [ 3012.154575][T24065] IPVS: ftp: loaded support on port[0] = 21 20:14:41 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r4, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r6 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r6, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 20:14:41 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x7a00000000000000}, 0x0) 20:14:41 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3012.310489][T24029] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3012.340186][T24029] CPU: 0 PID: 24029 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3012.347750][T24029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3012.347757][T24029] Call Trace: [ 3012.347778][T24029] dump_stack+0x172/0x1f0 [ 3012.347799][T24029] dump_header+0x10b/0x82d [ 3012.347811][T24029] ? oom_kill_process+0x94/0x3f0 [ 3012.347825][T24029] oom_kill_process.cold+0x10/0x15 [ 3012.347841][T24029] out_of_memory+0x334/0x1340 [ 3012.347856][T24029] ? lock_downgrade+0x920/0x920 [ 3012.347876][T24029] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3012.347891][T24029] ? oom_killer_disable+0x280/0x280 [ 3012.347913][T24029] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3012.347927][T24029] ? memcg_stat_show+0xc40/0xc40 [ 3012.347944][T24029] ? do_raw_spin_unlock+0x57/0x270 [ 3012.347962][T24029] ? _raw_spin_unlock+0x2d/0x50 [ 3012.347978][T24029] try_charge+0xf4b/0x1440 [ 3012.348001][T24029] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3012.430616][T24029] ? percpu_ref_tryget_live+0x111/0x290 [ 3012.436155][T24029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3012.442376][T24029] ? __kasan_check_read+0x11/0x20 [ 3012.447391][T24029] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3012.452919][T24029] mem_cgroup_try_charge+0x136/0x590 [ 3012.458214][T24029] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3012.463834][T24029] wp_page_copy+0x407/0x1860 [ 3012.468416][T24029] ? find_held_lock+0x35/0x130 [ 3012.473168][T24029] ? do_wp_page+0x53b/0x15c0 [ 3012.477761][T24029] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3012.483557][T24029] ? lock_downgrade+0x920/0x920 [ 3012.488415][T24029] ? swp_swapcount+0x540/0x540 [ 3012.493181][T24029] ? __kasan_check_read+0x11/0x20 [ 3012.498192][T24029] ? do_raw_spin_unlock+0x57/0x270 [ 3012.503294][T24029] do_wp_page+0x543/0x15c0 [ 3012.507708][T24029] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3012.513079][T24029] __handle_mm_fault+0x23ec/0x4040 [ 3012.518185][T24029] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3012.523717][T24029] ? handle_mm_fault+0x292/0xaa0 [ 3012.528648][T24029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3012.534870][T24029] ? __kasan_check_read+0x11/0x20 [ 3012.539876][T24029] handle_mm_fault+0x3b7/0xaa0 [ 3012.544628][T24029] __do_page_fault+0x536/0xdd0 [ 3012.549377][T24029] do_page_fault+0x38/0x590 [ 3012.553872][T24029] page_fault+0x39/0x40 [ 3012.558006][T24029] RIP: 0033:0x430b06 [ 3012.561883][T24029] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3012.581482][T24029] RSP: 002b:00007ffd48eab8a0 EFLAGS: 00010206 [ 3012.587528][T24029] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3012.595490][T24029] RDX: 000000000224a930 RSI: 0000000002252970 RDI: 0000000000000003 [ 3012.603454][T24029] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002249940 20:14:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x9effffff00000000}, 0x0) [ 3012.611405][T24029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3012.619360][T24029] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3012.664415][T24029] memory: usage 25752kB, limit 0kB, failcnt 117 [ 3012.670681][T24029] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3012.678017][T24029] Memory cgroup stats for /syz3: [ 3012.678131][T24029] anon 0 [ 3012.678131][T24029] file 90112 [ 3012.678131][T24029] kernel_stack 0 [ 3012.678131][T24029] slab 26476544 [ 3012.678131][T24029] sock 0 [ 3012.678131][T24029] shmem 0 [ 3012.678131][T24029] file_mapped 0 [ 3012.678131][T24029] file_dirty 0 [ 3012.678131][T24029] file_writeback 0 [ 3012.678131][T24029] anon_thp 0 [ 3012.678131][T24029] inactive_anon 0 [ 3012.678131][T24029] active_anon 0 [ 3012.678131][T24029] inactive_file 135168 [ 3012.678131][T24029] active_file 0 [ 3012.678131][T24029] unevictable 0 [ 3012.678131][T24029] slab_reclaimable 25817088 [ 3012.678131][T24029] slab_unreclaimable 659456 [ 3012.678131][T24029] pgfault 46002 [ 3012.678131][T24029] pgmajfault 0 [ 3012.678131][T24029] workingset_refault 0 [ 3012.678131][T24029] workingset_activate 0 [ 3012.678131][T24029] workingset_nodereclaim 0 [ 3012.678131][T24029] pgrefill 349 [ 3012.678131][T24029] pgscan 343 [ 3012.678131][T24029] pgsteal 33 [ 3012.678131][T24029] pgactivate 297 20:14:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xf0ffffff00000000}, 0x0) 20:14:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xffffff7f00000000}, 0x0) [ 3013.013830][T24029] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24029,uid=0 [ 3013.054368][T24029] Memory cgroup out of memory: Killed process 24029 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 20:14:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0xfffffffffffff000}, 0x0) 20:14:42 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x2}, 0x0) [ 3013.248968][T24061] chnl_net:caif_netlink_parms(): no params data found [ 3013.263928][T24064] chnl_net:caif_netlink_parms(): no params data found [ 3013.301124][T24084] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3013.321870][T24084] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3013.706372][T24064] bridge0: port 1(bridge_slave_0) entered blocking state [ 3013.721747][T24064] bridge0: port 1(bridge_slave_0) entered disabled state [ 3013.730164][T24064] device bridge_slave_0 entered promiscuous mode [ 3013.759251][T24064] bridge0: port 2(bridge_slave_1) entered blocking state [ 3013.782371][T24064] bridge0: port 2(bridge_slave_1) entered disabled state [ 3013.800368][T24064] device bridge_slave_1 entered promiscuous mode [ 3014.040351][T24064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3014.064984][T24065] chnl_net:caif_netlink_parms(): no params data found [ 3014.130365][T24064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3014.151873][T24061] bridge0: port 1(bridge_slave_0) entered blocking state [ 3014.158959][T24061] bridge0: port 1(bridge_slave_0) entered disabled state [ 3014.174128][T24061] device bridge_slave_0 entered promiscuous mode [ 3014.259504][T24061] bridge0: port 2(bridge_slave_1) entered blocking state [ 3014.275070][T24061] bridge0: port 2(bridge_slave_1) entered disabled state [ 3014.284098][T24061] device bridge_slave_1 entered promiscuous mode [ 3014.382303][T24064] team0: Port device team_slave_0 added [ 3014.389726][T24065] bridge0: port 1(bridge_slave_0) entered blocking state [ 3014.397436][T24065] bridge0: port 1(bridge_slave_0) entered disabled state [ 3014.406856][T24065] device bridge_slave_0 entered promiscuous mode [ 3014.422783][T24064] team0: Port device team_slave_1 added [ 3014.436539][T24088] IPVS: ftp: loaded support on port[0] = 21 [ 3014.467656][T24061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3014.478777][T24065] bridge0: port 2(bridge_slave_1) entered blocking state [ 3014.486313][T24065] bridge0: port 2(bridge_slave_1) entered disabled state [ 3014.503375][T24065] device bridge_slave_1 entered promiscuous mode [ 3014.525983][T24061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3014.628942][T24065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3014.684643][T24064] device hsr_slave_0 entered promiscuous mode [ 3014.712379][T24064] device hsr_slave_1 entered promiscuous mode [ 3014.742553][T24064] debugfs: Directory 'hsr0' with parent '/' already present! [ 3014.769892][T24065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3014.819332][T24061] team0: Port device team_slave_0 added [ 3014.830566][T24061] team0: Port device team_slave_1 added [ 3014.926540][T24065] team0: Port device team_slave_0 added [ 3014.934849][T24065] team0: Port device team_slave_1 added [ 3015.015398][T24061] device hsr_slave_0 entered promiscuous mode [ 3015.092739][T24061] device hsr_slave_1 entered promiscuous mode [ 3015.151776][T24061] debugfs: Directory 'hsr0' with parent '/' already present! [ 3015.317781][T24065] device hsr_slave_0 entered promiscuous mode [ 3015.382850][T24065] device hsr_slave_1 entered promiscuous mode [ 3015.431838][T24065] debugfs: Directory 'hsr0' with parent '/' already present! [ 3015.561224][T24088] chnl_net:caif_netlink_parms(): no params data found [ 3015.704938][T24064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3015.824050][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3015.833525][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3015.860538][T24064] 8021q: adding VLAN 0 to HW filter on device team0 [ 3015.904669][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3015.915422][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3015.925092][T13425] bridge0: port 1(bridge_slave_0) entered blocking state [ 3015.932207][T13425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3015.940735][T24088] bridge0: port 1(bridge_slave_0) entered blocking state [ 3015.954087][T24088] bridge0: port 1(bridge_slave_0) entered disabled state [ 3015.963243][T24088] device bridge_slave_0 entered promiscuous mode [ 3015.973600][T24088] bridge0: port 2(bridge_slave_1) entered blocking state [ 3015.980642][T24088] bridge0: port 2(bridge_slave_1) entered disabled state [ 3015.989571][T24088] device bridge_slave_1 entered promiscuous mode [ 3016.096516][T24061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3016.104994][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3016.116938][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3016.126857][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3016.135454][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3016.142528][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3016.154219][T24088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3016.166824][T24088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3016.198376][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3016.265554][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3016.275757][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3016.285032][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3016.309462][T24065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3016.317303][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3016.326209][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3016.334212][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3016.356320][T24088] team0: Port device team_slave_0 added [ 3016.373978][T24088] team0: Port device team_slave_1 added [ 3016.394325][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3016.403554][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3016.412975][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3016.422685][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3016.439065][T24064] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3016.452297][T24064] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3016.510978][T24061] 8021q: adding VLAN 0 to HW filter on device team0 [ 3016.527610][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3016.537248][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3016.647221][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3016.656500][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3016.665234][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3016.672343][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3016.680640][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3016.689962][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3016.698594][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3016.705681][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3016.713831][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3016.722185][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3016.739198][T24065] 8021q: adding VLAN 0 to HW filter on device team0 [ 3016.795432][T24088] device hsr_slave_0 entered promiscuous mode [ 3016.842823][T24088] device hsr_slave_1 entered promiscuous mode [ 3016.881862][T24088] debugfs: Directory 'hsr0' with parent '/' already present! [ 3016.943954][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3016.953158][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3016.962948][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3016.987270][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3016.996483][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3017.006193][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3017.013297][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3017.048052][T24064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3017.086963][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3017.096904][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3017.113225][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3017.126618][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3017.135850][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3017.145915][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3017.155256][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3017.164464][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3017.171516][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3017.179861][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3017.261201][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3017.282767][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3017.292928][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3017.302714][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3017.311426][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3017.320595][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3017.349880][T24061] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3017.363125][T24061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3017.394672][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3017.412955][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3017.439664][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3017.449692][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3017.461467][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3017.471310][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3017.480890][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3017.510410][T24065] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3017.545143][T24065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3017.585474][T24096] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3017.596150][T24096] CPU: 0 PID: 24096 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3017.603702][T24096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3017.613754][T24096] Call Trace: [ 3017.617052][T24096] dump_stack+0x172/0x1f0 [ 3017.621384][T24096] dump_header+0x10b/0x82d [ 3017.625808][T24096] oom_kill_process.cold+0x10/0x15 [ 3017.630920][T24096] out_of_memory+0x334/0x1340 [ 3017.635603][T24096] ? retint_kernel+0x2b/0x2b [ 3017.640202][T24096] ? oom_killer_disable+0x280/0x280 [ 3017.645418][T24096] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3017.651155][T24096] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3017.656723][T24096] ? memcg_stat_show+0xc40/0xc40 [ 3017.661685][T24096] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3017.667507][T24096] ? cgroup_file_notify+0x140/0x1b0 [ 3017.672722][T24096] memory_max_write+0x262/0x3a0 [ 3017.677582][T24096] ? mem_cgroup_write+0x370/0x370 [ 3017.682613][T24096] ? mem_cgroup_write+0x370/0x370 [ 3017.687639][T24096] ? cgroup_file_write+0x1e2/0x790 [ 3017.692752][T24096] cgroup_file_write+0x241/0x790 [ 3017.697691][T24096] ? mem_cgroup_write+0x370/0x370 [ 3017.702719][T24096] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3017.708357][T24096] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3017.713990][T24096] kernfs_fop_write+0x2b8/0x480 [ 3017.718852][T24096] __vfs_write+0x8a/0x110 [ 3017.723181][T24096] ? kernfs_fop_open+0xd80/0xd80 [ 3017.728122][T24096] vfs_write+0x268/0x5d0 [ 3017.732366][T24096] ksys_write+0x14f/0x290 [ 3017.736696][T24096] ? __ia32_sys_read+0xb0/0xb0 [ 3017.741464][T24096] __x64_sys_write+0x73/0xb0 [ 3017.746064][T24096] do_syscall_64+0xfa/0x760 [ 3017.750580][T24096] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3017.756469][T24096] RIP: 0033:0x459a29 [ 3017.760363][T24096] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3017.779963][T24096] RSP: 002b:00007fdbb1d4ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3017.788381][T24096] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3017.796350][T24096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 3017.804319][T24096] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3017.812290][T24096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbb1d4b6d4 [ 3017.820255][T24096] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3017.838783][T24096] memory: usage 3044kB, limit 0kB, failcnt 1263 [ 3017.845228][T24096] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3017.852352][T24096] Memory cgroup stats for /syz4: [ 3017.853822][T24096] anon 2162688 [ 3017.853822][T24096] file 28672 [ 3017.853822][T24096] kernel_stack 0 [ 3017.853822][T24096] slab 692224 [ 3017.853822][T24096] sock 0 [ 3017.853822][T24096] shmem 0 [ 3017.853822][T24096] file_mapped 0 [ 3017.853822][T24096] file_dirty 135168 [ 3017.853822][T24096] file_writeback 0 [ 3017.853822][T24096] anon_thp 2097152 [ 3017.853822][T24096] inactive_anon 0 [ 3017.853822][T24096] active_anon 2162688 [ 3017.853822][T24096] inactive_file 135168 [ 3017.853822][T24096] active_file 0 [ 3017.853822][T24096] unevictable 0 [ 3017.853822][T24096] slab_reclaimable 270336 [ 3017.853822][T24096] slab_unreclaimable 421888 [ 3017.853822][T24096] pgfault 19734 [ 3017.853822][T24096] pgmajfault 0 [ 3017.853822][T24096] workingset_refault 0 [ 3017.853822][T24096] workingset_activate 0 [ 3017.853822][T24096] workingset_nodereclaim 0 [ 3017.853822][T24096] pgrefill 67 [ 3017.853822][T24096] pgscan 110 [ 3017.853822][T24096] pgsteal 70 [ 3017.853822][T24096] pgactivate 33 [ 3017.858947][T24096] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24095,uid=0 [ 3017.987987][T24096] Memory cgroup out of memory: Killed process 24095 (syz-executor.4) total-vm:72576kB, anon-rss:2184kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3018.010388][ T1066] oom_reaper: reaped process 24095 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 20:14:47 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r2, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) [ 3018.039756][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3018.048690][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3018.096676][T24064] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3018.107467][T24064] CPU: 0 PID: 24064 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3018.115013][T24064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3018.125064][T24064] Call Trace: [ 3018.128354][T24064] dump_stack+0x172/0x1f0 [ 3018.132683][T24064] dump_header+0x10b/0x82d [ 3018.137091][T24064] ? oom_kill_process+0x94/0x3f0 [ 3018.142029][T24064] oom_kill_process.cold+0x10/0x15 [ 3018.147135][T24064] out_of_memory+0x334/0x1340 [ 3018.151808][T24064] ? lock_downgrade+0x920/0x920 [ 3018.156658][T24064] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3018.162480][T24064] ? oom_killer_disable+0x280/0x280 [ 3018.167682][T24064] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3018.173221][T24064] ? memcg_stat_show+0xc40/0xc40 [ 3018.178157][T24064] ? do_raw_spin_unlock+0x57/0x270 [ 3018.183275][T24064] ? _raw_spin_unlock+0x2d/0x50 [ 3018.188122][T24064] try_charge+0xf4b/0x1440 [ 3018.192546][T24064] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3018.198086][T24064] ? percpu_ref_tryget_live+0x111/0x290 [ 3018.203629][T24064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3018.209867][T24064] ? __kasan_check_read+0x11/0x20 [ 3018.214897][T24064] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3018.220444][T24064] mem_cgroup_try_charge+0x136/0x590 [ 3018.225733][T24064] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3018.231364][T24064] wp_page_copy+0x407/0x1860 [ 3018.235950][T24064] ? find_held_lock+0x35/0x130 [ 3018.240709][T24064] ? do_wp_page+0x53b/0x15c0 [ 3018.245300][T24064] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3018.251100][T24064] ? lock_downgrade+0x920/0x920 [ 3018.255950][T24064] ? swp_swapcount+0x540/0x540 [ 3018.260719][T24064] ? __kasan_check_read+0x11/0x20 [ 3018.265740][T24064] ? do_raw_spin_unlock+0x57/0x270 [ 3018.270845][T24064] do_wp_page+0x543/0x15c0 [ 3018.275260][T24064] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3018.280637][T24064] __handle_mm_fault+0x23ec/0x4040 [ 3018.285753][T24064] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3018.291310][T24064] ? handle_mm_fault+0x292/0xaa0 [ 3018.296281][T24064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3018.302531][T24064] ? __kasan_check_read+0x11/0x20 [ 3018.307569][T24064] handle_mm_fault+0x3b7/0xaa0 [ 3018.312345][T24064] __do_page_fault+0x536/0xdd0 [ 3018.317117][T24064] do_page_fault+0x38/0x590 [ 3018.321621][T24064] page_fault+0x39/0x40 [ 3018.325767][T24064] RIP: 0033:0x430b06 [ 3018.329660][T24064] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3018.349269][T24064] RSP: 002b:00007fffa6be2300 EFLAGS: 00010206 [ 3018.355333][T24064] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3018.363296][T24064] RDX: 0000000001ed5930 RSI: 0000000001edd970 RDI: 0000000000000003 [ 3018.371259][T24064] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001ed4940 [ 3018.379223][T24064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3018.387187][T24064] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3018.399981][T24064] memory: usage 720kB, limit 0kB, failcnt 1275 [ 3018.445657][T24064] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3018.470146][T24064] Memory cgroup stats for /syz4: [ 3018.470251][T24064] anon 0 [ 3018.470251][T24064] file 28672 [ 3018.470251][T24064] kernel_stack 0 [ 3018.470251][T24064] slab 692224 [ 3018.470251][T24064] sock 0 [ 3018.470251][T24064] shmem 0 [ 3018.470251][T24064] file_mapped 0 [ 3018.470251][T24064] file_dirty 135168 [ 3018.470251][T24064] file_writeback 0 [ 3018.470251][T24064] anon_thp 0 [ 3018.470251][T24064] inactive_anon 0 [ 3018.470251][T24064] active_anon 0 [ 3018.470251][T24064] inactive_file 135168 [ 3018.470251][T24064] active_file 0 [ 3018.470251][T24064] unevictable 0 [ 3018.470251][T24064] slab_reclaimable 270336 [ 3018.470251][T24064] slab_unreclaimable 421888 [ 3018.470251][T24064] pgfault 19734 [ 3018.470251][T24064] pgmajfault 0 [ 3018.470251][T24064] workingset_refault 0 [ 3018.470251][T24064] workingset_activate 0 [ 3018.470251][T24064] workingset_nodereclaim 0 [ 3018.470251][T24064] pgrefill 67 [ 3018.470251][T24064] pgscan 110 [ 3018.470251][T24064] pgsteal 70 [ 3018.470251][T24064] pgactivate 33 [ 3018.568081][T24064] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24064,uid=0 [ 3018.584484][T24064] Memory cgroup out of memory: Killed process 24064 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3018.603035][ T1066] oom_reaper: reaped process 24064 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3018.623325][T24065] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3018.646597][T24061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3019.100060][T24088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3019.162485][T24088] 8021q: adding VLAN 0 to HW filter on device team0 [ 3019.169837][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3019.183286][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3019.251985][T24111] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3019.258185][T24110] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3019.324264][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3019.362272][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3019.376463][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3019.383604][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3019.407324][T24108] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3019.422452][T24108] CPU: 1 PID: 24108 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3019.430015][T24108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3019.440079][T24108] Call Trace: [ 3019.443380][T24108] dump_stack+0x172/0x1f0 [ 3019.447718][T24108] dump_header+0x10b/0x82d [ 3019.452140][T24108] oom_kill_process.cold+0x10/0x15 [ 3019.457253][T24108] out_of_memory+0x334/0x1340 [ 3019.461928][T24108] ? trace_hardirqs_on_caller+0x6a/0x240 [ 3019.467571][T24108] ? cgroup_file_notify+0x140/0x1b0 [ 3019.472787][T24108] ? oom_killer_disable+0x280/0x280 [ 3019.478006][T24108] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3019.483560][T24108] ? memcg_stat_show+0xc40/0xc40 [ 3019.488526][T24108] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3019.494335][T24108] ? cgroup_file_notify+0x140/0x1b0 [ 3019.499519][T24108] memory_max_write+0x262/0x3a0 [ 3019.504357][T24108] ? mem_cgroup_write+0x370/0x370 [ 3019.509371][T24108] ? lock_acquire+0x190/0x410 [ 3019.514029][T24108] ? kernfs_fop_write+0x227/0x480 [ 3019.519049][T24108] cgroup_file_write+0x241/0x790 [ 3019.523969][T24108] ? mem_cgroup_write+0x370/0x370 [ 3019.528976][T24108] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3019.534592][T24108] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3019.540203][T24108] kernfs_fop_write+0x2b8/0x480 [ 3019.545046][T24108] __vfs_write+0x8a/0x110 [ 3019.549353][T24108] ? kernfs_fop_open+0xd80/0xd80 [ 3019.554282][T24108] vfs_write+0x268/0x5d0 [ 3019.558503][T24108] ksys_write+0x14f/0x290 [ 3019.562813][T24108] ? __ia32_sys_read+0xb0/0xb0 [ 3019.567585][T24108] __x64_sys_write+0x73/0xb0 [ 3019.572159][T24108] ? do_syscall_64+0x5b/0x760 [ 3019.576815][T24108] do_syscall_64+0xfa/0x760 [ 3019.581302][T24108] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3019.587172][T24108] RIP: 0033:0x459a29 [ 3019.591046][T24108] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3019.610632][T24108] RSP: 002b:00007ffb4410dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3019.619024][T24108] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3019.626986][T24108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3019.634934][T24108] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3019.642882][T24108] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb4410e6d4 [ 3019.650831][T24108] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3019.666486][T24108] memory: usage 3476kB, limit 0kB, failcnt 1339 [ 3019.675623][T24108] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3019.682970][T24108] Memory cgroup stats for /syz2: [ 3019.683934][T24108] anon 2117632 [ 3019.683934][T24108] file 20480 [ 3019.683934][T24108] kernel_stack 65536 [ 3019.683934][T24108] slab 946176 [ 3019.683934][T24108] sock 0 [ 3019.683934][T24108] shmem 0 [ 3019.683934][T24108] file_mapped 0 [ 3019.683934][T24108] file_dirty 135168 [ 3019.683934][T24108] file_writeback 0 [ 3019.683934][T24108] anon_thp 2097152 [ 3019.683934][T24108] inactive_anon 0 [ 3019.683934][T24108] active_anon 2117632 [ 3019.683934][T24108] inactive_file 0 [ 3019.683934][T24108] active_file 0 [ 3019.683934][T24108] unevictable 0 [ 3019.683934][T24108] slab_reclaimable 270336 [ 3019.683934][T24108] slab_unreclaimable 675840 [ 3019.683934][T24108] pgfault 18711 [ 3019.683934][T24108] pgmajfault 0 [ 3019.683934][T24108] workingset_refault 0 [ 3019.683934][T24108] workingset_activate 0 [ 3019.683934][T24108] workingset_nodereclaim 0 [ 3019.683934][T24108] pgrefill 99 [ 3019.683934][T24108] pgscan 99 [ 3019.683934][T24108] pgsteal 0 [ 3019.683934][T24108] pgactivate 66 [ 3019.780857][T24108] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24107,uid=0 [ 3019.810517][T24108] Memory cgroup out of memory: Killed process 24107 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3019.831351][T24110] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3019.833156][ T1066] oom_reaper: reaped process 24107 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 3019.843523][T24110] CPU: 1 PID: 24110 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3019.860092][T24110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3019.870143][T24110] Call Trace: [ 3019.873438][T24110] dump_stack+0x172/0x1f0 [ 3019.877778][T24110] dump_header+0x10b/0x82d [ 3019.882199][T24110] oom_kill_process.cold+0x10/0x15 [ 3019.887316][T24110] out_of_memory+0x334/0x1340 [ 3019.891992][T24110] ? trace_hardirqs_on_caller+0x6a/0x240 [ 3019.897622][T24110] ? cgroup_file_notify+0x140/0x1b0 [ 3019.902826][T24110] ? oom_killer_disable+0x280/0x280 [ 3019.908060][T24110] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3019.913606][T24110] ? memcg_stat_show+0xc40/0xc40 [ 3019.918555][T24110] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3019.924368][T24110] ? cgroup_file_notify+0x140/0x1b0 [ 3019.929571][T24110] memory_max_write+0x262/0x3a0 [ 3019.934414][T24110] ? mem_cgroup_write+0x370/0x370 [ 3019.939424][T24110] ? lock_acquire+0x190/0x410 [ 3019.944084][T24110] ? kernfs_fop_write+0x227/0x480 [ 3019.949095][T24110] cgroup_file_write+0x241/0x790 [ 3019.954014][T24110] ? mem_cgroup_write+0x370/0x370 [ 3019.959057][T24110] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3019.964678][T24110] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3019.970288][T24110] kernfs_fop_write+0x2b8/0x480 [ 3019.975123][T24110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3019.981348][T24110] __vfs_write+0x8a/0x110 [ 3019.985658][T24110] ? kernfs_fop_open+0xd80/0xd80 [ 3019.990575][T24110] vfs_write+0x268/0x5d0 [ 3019.994800][T24110] ksys_write+0x14f/0x290 [ 3019.999109][T24110] ? __ia32_sys_read+0xb0/0xb0 [ 3020.003867][T24110] ? do_syscall_64+0x26/0x760 [ 3020.008550][T24110] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3020.014605][T24110] ? do_syscall_64+0x26/0x760 [ 3020.019263][T24110] __x64_sys_write+0x73/0xb0 [ 3020.023865][T24110] do_syscall_64+0xfa/0x760 [ 3020.028388][T24110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3020.034271][T24110] RIP: 0033:0x459a29 [ 3020.038171][T24110] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3020.057753][T24110] RSP: 002b:00007f017c8dac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3020.066142][T24110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3020.074106][T24110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3020.082067][T24110] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3020.090028][T24110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f017c8db6d4 [ 3020.097994][T24110] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3020.108447][T24110] memory: usage 3152kB, limit 0kB, failcnt 1297 [ 3020.114819][T24110] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3020.122821][T24110] Memory cgroup stats for /syz0: [ 3020.122920][T24110] anon 2191360 [ 3020.122920][T24110] file 20480 [ 3020.122920][T24110] kernel_stack 0 [ 3020.122920][T24110] slab 823296 [ 3020.122920][T24110] sock 0 [ 3020.122920][T24110] shmem 0 [ 3020.122920][T24110] file_mapped 0 [ 3020.122920][T24110] file_dirty 0 [ 3020.122920][T24110] file_writeback 0 [ 3020.122920][T24110] anon_thp 2097152 [ 3020.122920][T24110] inactive_anon 0 [ 3020.122920][T24110] active_anon 2191360 [ 3020.122920][T24110] inactive_file 0 [ 3020.122920][T24110] active_file 0 [ 3020.122920][T24110] unevictable 0 [ 3020.122920][T24110] slab_reclaimable 270336 [ 3020.122920][T24110] slab_unreclaimable 552960 [ 3020.122920][T24110] pgfault 18975 [ 3020.122920][T24110] pgmajfault 0 [ 3020.122920][T24110] workingset_refault 0 [ 3020.122920][T24110] workingset_activate 0 [ 3020.122920][T24110] workingset_nodereclaim 0 [ 3020.122920][T24110] pgrefill 66 [ 3020.122920][T24110] pgscan 66 [ 3020.122920][T24110] pgsteal 0 [ 3020.122920][T24110] pgactivate 33 [ 3020.127871][T24110] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24109,uid=0 [ 3020.243106][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3020.252566][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3020.261975][T24110] Memory cgroup out of memory: Killed process 24110 (syz-executor.0) total-vm:72576kB, anon-rss:2184kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3020.262788][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3020.292665][ T1066] oom_reaper: reaped process 24110 (syz-executor.0), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 3020.303930][T24065] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3020.314240][T22393] bridge0: port 2(bridge_slave_1) entered blocking state [ 3020.321294][T22393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3020.328890][T24065] CPU: 0 PID: 24065 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3020.336429][T24065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3020.346474][T24065] Call Trace: [ 3020.349769][T24065] dump_stack+0x172/0x1f0 [ 3020.354106][T24065] dump_header+0x10b/0x82d [ 3020.358532][T24065] ? oom_kill_process+0x94/0x3f0 [ 3020.363472][T24065] oom_kill_process.cold+0x10/0x15 [ 3020.368585][T24065] out_of_memory+0x334/0x1340 [ 3020.373257][T24065] ? lock_downgrade+0x920/0x920 [ 3020.378109][T24065] ? oom_killer_disable+0x280/0x280 20:14:50 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3020.383314][T24065] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3020.388857][T24065] ? memcg_stat_show+0xc40/0xc40 [ 3020.393796][T24065] ? do_raw_spin_unlock+0x57/0x270 [ 3020.398903][T24065] ? _raw_spin_unlock+0x2d/0x50 [ 3020.403751][T24065] try_charge+0xf4b/0x1440 [ 3020.408175][T24065] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3020.413718][T24065] ? percpu_ref_tryget_live+0x111/0x290 [ 3020.419272][T24065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3020.425514][T24065] ? __kasan_check_read+0x11/0x20 20:14:50 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x3}, 0x0) 20:14:50 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x0, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:50 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:50 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 3020.430554][T24065] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3020.436097][T24065] mem_cgroup_try_charge+0x136/0x590 [ 3020.441389][T24065] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3020.447020][T24065] __handle_mm_fault+0x1f0d/0x4040 [ 3020.452130][T24065] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3020.457685][T24065] ? handle_mm_fault+0x292/0xaa0 [ 3020.462641][T24065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3020.468884][T24065] ? __kasan_check_read+0x11/0x20 [ 3020.473913][T24065] handle_mm_fault+0x3b7/0xaa0 [ 3020.478685][T24065] __do_page_fault+0x536/0xdd0 [ 3020.483488][T24065] do_page_fault+0x38/0x590 [ 3020.488000][T24065] page_fault+0x39/0x40 [ 3020.492148][T24065] RIP: 0033:0x4034f2 [ 3020.496037][T24065] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3020.515642][T24065] RSP: 002b:00007ffdf6a90ff0 EFLAGS: 00010246 [ 3020.521712][T24065] RAX: 0000000000000000 RBX: 00000000002e1253 RCX: 0000000000413630 [ 3020.529679][T24065] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdf6a92120 [ 3020.537648][T24065] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002064940 [ 3020.545617][T24065] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf6a92120 [ 3020.553586][T24065] R13: 00007ffdf6a92110 R14: 0000000000000000 R15: 00007ffdf6a92120 [ 3020.572464][T24113] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3020.580563][T24113] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3020.590703][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3020.600917][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3020.633477][T24065] memory: usage 1108kB, limit 0kB, failcnt 1351 [ 3020.639747][T24065] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3020.646736][T24065] Memory cgroup stats for /syz2: [ 3020.646841][T24065] anon 20480 [ 3020.646841][T24065] file 20480 [ 3020.646841][T24065] kernel_stack 0 [ 3020.646841][T24065] slab 946176 [ 3020.646841][T24065] sock 0 [ 3020.646841][T24065] shmem 0 [ 3020.646841][T24065] file_mapped 0 [ 3020.646841][T24065] file_dirty 135168 [ 3020.646841][T24065] file_writeback 0 [ 3020.646841][T24065] anon_thp 0 [ 3020.646841][T24065] inactive_anon 0 [ 3020.646841][T24065] active_anon 20480 [ 3020.646841][T24065] inactive_file 0 [ 3020.646841][T24065] active_file 0 [ 3020.646841][T24065] unevictable 0 [ 3020.646841][T24065] slab_reclaimable 270336 [ 3020.646841][T24065] slab_unreclaimable 675840 [ 3020.646841][T24065] pgfault 18711 [ 3020.646841][T24065] pgmajfault 0 [ 3020.646841][T24065] workingset_refault 0 [ 3020.646841][T24065] workingset_activate 0 [ 3020.646841][T24065] workingset_nodereclaim 0 [ 3020.646841][T24065] pgrefill 99 [ 3020.646841][T24065] pgscan 99 [ 3020.646841][T24065] pgsteal 0 [ 3020.646841][T24065] pgactivate 66 [ 3020.754939][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3020.773489][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3020.792599][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3020.821562][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3020.910667][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3020.922815][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3020.942602][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3020.950682][T24065] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24065,uid=0 [ 3020.983367][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3020.987631][T24065] Memory cgroup out of memory: Killed process 24065 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3020.992768][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3021.028979][ T1066] oom_reaper: reaped process 24065 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3021.040452][T24061] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3021.057106][T24061] CPU: 1 PID: 24061 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3021.064672][T24061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3021.074728][T24061] Call Trace: [ 3021.078027][T24061] dump_stack+0x172/0x1f0 [ 3021.082366][T24061] dump_header+0x10b/0x82d [ 3021.086739][T24088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3021.086775][T24061] ? oom_kill_process+0x94/0x3f0 [ 3021.098780][T24061] oom_kill_process.cold+0x10/0x15 [ 3021.103892][T24061] out_of_memory+0x334/0x1340 [ 3021.103915][T24061] ? lock_downgrade+0x920/0x920 [ 3021.113390][T24061] ? oom_killer_disable+0x280/0x280 [ 3021.113417][T24061] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3021.113430][T24061] ? memcg_stat_show+0xc40/0xc40 [ 3021.113449][T24061] ? do_raw_spin_unlock+0x57/0x270 [ 3021.134180][T24061] ? _raw_spin_unlock+0x2d/0x50 [ 3021.139039][T24061] try_charge+0xf4b/0x1440 [ 3021.143459][T24061] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3021.148995][T24061] ? percpu_ref_tryget_live+0x111/0x290 [ 3021.154535][T24061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3021.154553][T24061] ? __kasan_check_read+0x11/0x20 [ 3021.154571][T24061] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3021.154589][T24061] mem_cgroup_try_charge+0x136/0x590 [ 3021.176598][T24061] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3021.182231][T24061] wp_page_copy+0x407/0x1860 [ 3021.186156][T24088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3021.186816][T24061] ? find_held_lock+0x35/0x130 [ 3021.198300][T24061] ? do_wp_page+0x53b/0x15c0 [ 3021.202897][T24061] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3021.208701][T24061] ? lock_downgrade+0x920/0x920 [ 3021.213550][T24061] ? swp_swapcount+0x540/0x540 [ 3021.218311][T24061] ? __kasan_check_read+0x11/0x20 [ 3021.223330][T24061] ? do_raw_spin_unlock+0x57/0x270 [ 3021.228443][T24061] do_wp_page+0x543/0x15c0 [ 3021.232866][T24061] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3021.238249][T24061] __handle_mm_fault+0x23ec/0x4040 [ 3021.243366][T24061] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3021.248909][T24061] ? handle_mm_fault+0x292/0xaa0 [ 3021.253859][T24061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3021.260101][T24061] ? __kasan_check_read+0x11/0x20 [ 3021.265124][T24061] handle_mm_fault+0x3b7/0xaa0 [ 3021.269899][T24061] __do_page_fault+0x536/0xdd0 [ 3021.274670][T24061] do_page_fault+0x38/0x590 [ 3021.279174][T24061] page_fault+0x39/0x40 [ 3021.283321][T24061] RIP: 0033:0x430b06 [ 3021.287209][T24061] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3021.306809][T24061] RSP: 002b:00007ffded5413e0 EFLAGS: 00010206 [ 3021.312872][T24061] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3021.320846][T24061] RDX: 0000000002496930 RSI: 000000000249e970 RDI: 0000000000000003 [ 3021.328815][T24061] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002495940 [ 3021.336782][T24061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3021.344752][T24061] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3021.380167][T24061] memory: usage 820kB, limit 0kB, failcnt 1305 [ 3021.387075][T24061] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3021.395271][T24061] Memory cgroup stats for /syz0: [ 3021.395371][T24061] anon 102400 [ 3021.395371][T24061] file 20480 [ 3021.395371][T24061] kernel_stack 0 [ 3021.395371][T24061] slab 823296 [ 3021.395371][T24061] sock 0 [ 3021.395371][T24061] shmem 0 [ 3021.395371][T24061] file_mapped 0 [ 3021.395371][T24061] file_dirty 0 [ 3021.395371][T24061] file_writeback 0 [ 3021.395371][T24061] anon_thp 0 [ 3021.395371][T24061] inactive_anon 0 [ 3021.395371][T24061] active_anon 102400 [ 3021.395371][T24061] inactive_file 0 [ 3021.395371][T24061] active_file 0 [ 3021.395371][T24061] unevictable 0 [ 3021.395371][T24061] slab_reclaimable 270336 [ 3021.395371][T24061] slab_unreclaimable 552960 [ 3021.395371][T24061] pgfault 19008 [ 3021.395371][T24061] pgmajfault 0 [ 3021.395371][T24061] workingset_refault 0 [ 3021.395371][T24061] workingset_activate 0 [ 3021.395371][T24061] workingset_nodereclaim 0 [ 3021.395371][T24061] pgrefill 66 [ 3021.395371][T24061] pgscan 66 [ 3021.395371][T24061] pgsteal 0 [ 3021.395371][T24061] pgactivate 33 [ 3021.549813][T24061] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24061,uid=0 [ 3021.567391][T24061] Memory cgroup out of memory: Killed process 24061 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3021.587063][ T1066] oom_reaper: reaped process 24061 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3022.092675][T24121] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3022.123560][T24121] CPU: 0 PID: 24121 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3022.131141][T24121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3022.141197][T24121] Call Trace: [ 3022.144499][T24121] dump_stack+0x172/0x1f0 [ 3022.148833][T24121] dump_header+0x10b/0x82d [ 3022.153252][T24121] oom_kill_process.cold+0x10/0x15 [ 3022.158361][T24121] out_of_memory+0x334/0x1340 [ 3022.163043][T24121] ? trace_hardirqs_on_caller+0x6a/0x240 [ 3022.168682][T24121] ? cgroup_file_notify+0x140/0x1b0 [ 3022.173888][T24121] ? oom_killer_disable+0x280/0x280 [ 3022.179099][T24121] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3022.184648][T24121] ? memcg_stat_show+0xc40/0xc40 [ 3022.189592][T24121] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3022.195401][T24121] ? cgroup_file_notify+0x140/0x1b0 [ 3022.200600][T24121] memory_max_write+0x262/0x3a0 [ 3022.205458][T24121] ? mem_cgroup_write+0x370/0x370 [ 3022.210478][T24121] ? lock_acquire+0x190/0x410 [ 3022.215152][T24121] ? kernfs_fop_write+0x227/0x480 [ 3022.220180][T24121] cgroup_file_write+0x241/0x790 [ 3022.225118][T24121] ? mem_cgroup_write+0x370/0x370 [ 3022.230141][T24121] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3022.235780][T24121] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3022.241409][T24121] kernfs_fop_write+0x2b8/0x480 [ 3022.246257][T24121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3022.252504][T24121] __vfs_write+0x8a/0x110 [ 3022.256827][T24121] ? kernfs_fop_open+0xd80/0xd80 [ 3022.261760][T24121] vfs_write+0x268/0x5d0 [ 3022.266009][T24121] ksys_write+0x14f/0x290 [ 3022.270333][T24121] ? __ia32_sys_read+0xb0/0xb0 [ 3022.275099][T24121] ? do_syscall_64+0x26/0x760 [ 3022.279774][T24121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3022.285836][T24121] ? do_syscall_64+0x26/0x760 [ 3022.290515][T24121] __x64_sys_write+0x73/0xb0 [ 3022.295104][T24121] do_syscall_64+0xfa/0x760 [ 3022.299609][T24121] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3022.305491][T24121] RIP: 0033:0x459a29 [ 3022.309380][T24121] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3022.328976][T24121] RSP: 002b:00007f74d6435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3022.337383][T24121] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3022.345351][T24121] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3022.353320][T24121] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3022.361292][T24121] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74d64366d4 [ 3022.369257][T24121] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3022.471907][T24121] memory: usage 3104kB, limit 0kB, failcnt 1339 [ 3022.478513][T24121] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3022.502588][T24121] Memory cgroup stats for /syz5: [ 3022.504187][T24121] anon 2183168 [ 3022.504187][T24121] file 0 [ 3022.504187][T24121] kernel_stack 65536 [ 3022.504187][T24121] slab 946176 [ 3022.504187][T24121] sock 4096 [ 3022.504187][T24121] shmem 77824 [ 3022.504187][T24121] file_mapped 0 [ 3022.504187][T24121] file_dirty 0 [ 3022.504187][T24121] file_writeback 0 [ 3022.504187][T24121] anon_thp 2097152 [ 3022.504187][T24121] inactive_anon 135168 [ 3022.504187][T24121] active_anon 2183168 [ 3022.504187][T24121] inactive_file 0 [ 3022.504187][T24121] active_file 0 [ 3022.504187][T24121] unevictable 0 [ 3022.504187][T24121] slab_reclaimable 270336 [ 3022.504187][T24121] slab_unreclaimable 675840 [ 3022.504187][T24121] pgfault 21549 [ 3022.504187][T24121] pgmajfault 0 [ 3022.504187][T24121] workingset_refault 0 [ 3022.504187][T24121] workingset_activate 0 [ 3022.504187][T24121] workingset_nodereclaim 0 [ 3022.504187][T24121] pgrefill 165 [ 3022.504187][T24121] pgscan 253 [ 3022.504187][T24121] pgsteal 69 [ 3022.504187][T24121] pgactivate 66 [ 3022.630879][T24123] IPVS: ftp: loaded support on port[0] = 21 [ 3022.662216][T24121] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24120,uid=0 [ 3022.832441][T24121] Memory cgroup out of memory: Killed process 24120 (syz-executor.5) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3022.852149][T24125] IPVS: ftp: loaded support on port[0] = 21 [ 3022.864870][ T1066] oom_reaper: reaped process 24120 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 20:14:52 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:14:52 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4}, 0x0) 20:14:52 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:14:52 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3023.122377][T24088] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3023.147119][T24128] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3023.185043][T24088] CPU: 1 PID: 24088 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3023.192614][T24088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3023.202662][T24088] Call Trace: [ 3023.205958][T24088] dump_stack+0x172/0x1f0 [ 3023.210291][T24088] dump_header+0x10b/0x82d [ 3023.214699][T24088] ? oom_kill_process+0x94/0x3f0 [ 3023.219634][T24088] oom_kill_process.cold+0x10/0x15 [ 3023.224749][T24088] out_of_memory+0x334/0x1340 [ 3023.229427][T24088] ? lock_downgrade+0x920/0x920 [ 3023.234282][T24088] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3023.240091][T24088] ? oom_killer_disable+0x280/0x280 [ 3023.245299][T24088] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3023.250845][T24088] ? memcg_stat_show+0xc40/0xc40 [ 3023.255788][T24088] ? do_raw_spin_unlock+0x57/0x270 [ 3023.260900][T24088] ? _raw_spin_unlock+0x2d/0x50 [ 3023.265843][T24088] try_charge+0xf4b/0x1440 [ 3023.270272][T24088] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3023.275815][T24088] ? percpu_ref_tryget_live+0x111/0x290 [ 3023.281367][T24088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3023.287614][T24088] ? __kasan_check_read+0x11/0x20 [ 3023.292636][T24088] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3023.298184][T24088] mem_cgroup_try_charge+0x136/0x590 [ 3023.303473][T24088] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3023.309110][T24088] wp_page_copy+0x407/0x1860 [ 3023.313705][T24088] ? find_held_lock+0x35/0x130 [ 3023.318469][T24088] ? do_wp_page+0x53b/0x15c0 [ 3023.323055][T24088] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3023.328859][T24088] ? lock_downgrade+0x920/0x920 [ 3023.333717][T24088] ? swp_swapcount+0x540/0x540 [ 3023.338474][T24088] ? __kasan_check_read+0x11/0x20 [ 3023.343505][T24088] ? do_raw_spin_unlock+0x57/0x270 [ 3023.348621][T24088] do_wp_page+0x543/0x15c0 [ 3023.353058][T24088] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3023.358434][T24088] __handle_mm_fault+0x23ec/0x4040 [ 3023.363549][T24088] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3023.369089][T24088] ? handle_mm_fault+0x292/0xaa0 [ 3023.374032][T24088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3023.380267][T24088] ? __kasan_check_read+0x11/0x20 [ 3023.385288][T24088] handle_mm_fault+0x3b7/0xaa0 [ 3023.390053][T24088] __do_page_fault+0x536/0xdd0 [ 3023.394814][T24088] do_page_fault+0x38/0x590 [ 3023.399317][T24088] page_fault+0x39/0x40 [ 3023.403466][T24088] RIP: 0033:0x430b06 [ 3023.407372][T24088] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3023.426973][T24088] RSP: 002b:00007ffca3c5e280 EFLAGS: 00010206 [ 3023.433042][T24088] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3023.441010][T24088] RDX: 0000000000e8f930 RSI: 0000000000e97970 RDI: 0000000000000003 [ 3023.445991][T24128] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3023.448980][T24088] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000e8e940 [ 3023.448990][T24088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3023.448997][T24088] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3023.452891][T24088] memory: usage 776kB, limit 0kB, failcnt 1347 [ 3023.493929][T24088] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3023.500949][T24088] Memory cgroup stats for /syz5: [ 3023.501124][T24088] anon 0 [ 3023.501124][T24088] file 0 [ 3023.501124][T24088] kernel_stack 0 [ 3023.501124][T24088] slab 946176 [ 3023.501124][T24088] sock 4096 [ 3023.501124][T24088] shmem 77824 [ 3023.501124][T24088] file_mapped 0 [ 3023.501124][T24088] file_dirty 0 [ 3023.501124][T24088] file_writeback 0 [ 3023.501124][T24088] anon_thp 0 [ 3023.501124][T24088] inactive_anon 135168 [ 3023.501124][T24088] active_anon 0 [ 3023.501124][T24088] inactive_file 0 [ 3023.501124][T24088] active_file 0 [ 3023.501124][T24088] unevictable 0 [ 3023.501124][T24088] slab_reclaimable 270336 [ 3023.501124][T24088] slab_unreclaimable 675840 [ 3023.501124][T24088] pgfault 21549 [ 3023.501124][T24088] pgmajfault 0 [ 3023.501124][T24088] workingset_refault 0 [ 3023.501124][T24088] workingset_activate 0 [ 3023.501124][T24088] workingset_nodereclaim 0 [ 3023.501124][T24088] pgrefill 165 [ 3023.501124][T24088] pgscan 253 [ 3023.501124][T24088] pgsteal 69 [ 3023.501124][T24088] pgactivate 66 [ 3023.518411][T24088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24088,uid=0 [ 3023.736378][T24088] Memory cgroup out of memory: Killed process 24088 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3023.775412][ T1066] oom_reaper: reaped process 24088 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 20:14:53 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x5}, 0x0) [ 3023.826723][T24123] chnl_net:caif_netlink_parms(): no params data found [ 3023.925336][T24131] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3023.933505][T24131] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:14:53 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6}, 0x0) 20:14:53 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3024.283899][T24134] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3024.306152][T24134] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:14:53 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7}, 0x0) [ 3024.431767][T24138] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3024.441795][T24138] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3024.461234][T24123] bridge0: port 1(bridge_slave_0) entered blocking state [ 3024.468641][T24123] bridge0: port 1(bridge_slave_0) entered disabled state [ 3024.478974][T24123] device bridge_slave_0 entered promiscuous mode [ 3024.551042][T24123] bridge0: port 2(bridge_slave_1) entered blocking state [ 3024.562055][T24123] bridge0: port 2(bridge_slave_1) entered disabled state [ 3024.570450][T24123] device bridge_slave_1 entered promiscuous mode [ 3024.578677][T24125] chnl_net:caif_netlink_parms(): no params data found [ 3024.667889][T24123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3024.730556][T24123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3024.750009][T24141] IPVS: ftp: loaded support on port[0] = 21 [ 3024.858856][T24125] bridge0: port 1(bridge_slave_0) entered blocking state [ 3024.866638][T24125] bridge0: port 1(bridge_slave_0) entered disabled state [ 3024.875319][T24125] device bridge_slave_0 entered promiscuous mode [ 3024.888866][T24125] bridge0: port 2(bridge_slave_1) entered blocking state [ 3024.896429][T24125] bridge0: port 2(bridge_slave_1) entered disabled state [ 3024.922809][T24125] device bridge_slave_1 entered promiscuous mode [ 3024.979896][T24123] team0: Port device team_slave_0 added [ 3025.012472][T24123] team0: Port device team_slave_1 added [ 3025.022011][T24125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3025.081193][T24143] IPVS: ftp: loaded support on port[0] = 21 [ 3025.109991][T24125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3025.175717][T24123] device hsr_slave_0 entered promiscuous mode [ 3025.222776][T24123] device hsr_slave_1 entered promiscuous mode [ 3025.261750][T24123] debugfs: Directory 'hsr0' with parent '/' already present! [ 3025.410522][T24125] team0: Port device team_slave_0 added [ 3025.477601][T24125] team0: Port device team_slave_1 added [ 3025.675622][T24125] device hsr_slave_0 entered promiscuous mode [ 3025.762838][T24125] device hsr_slave_1 entered promiscuous mode [ 3025.822042][T24125] debugfs: Directory 'hsr0' with parent '/' already present! [ 3025.971384][T24141] chnl_net:caif_netlink_parms(): no params data found [ 3026.097145][T24123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3026.218963][T24143] chnl_net:caif_netlink_parms(): no params data found [ 3026.235796][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3026.252413][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3026.373528][T24141] bridge0: port 1(bridge_slave_0) entered blocking state [ 3026.380682][T24141] bridge0: port 1(bridge_slave_0) entered disabled state [ 3026.389646][T24141] device bridge_slave_0 entered promiscuous mode [ 3026.403370][T24123] 8021q: adding VLAN 0 to HW filter on device team0 [ 3026.504715][T24141] bridge0: port 2(bridge_slave_1) entered blocking state [ 3026.517076][T24141] bridge0: port 2(bridge_slave_1) entered disabled state [ 3026.526762][T24141] device bridge_slave_1 entered promiscuous mode [ 3026.559337][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3026.569508][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3026.578866][T16202] bridge0: port 1(bridge_slave_0) entered blocking state [ 3026.585970][T16202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3026.594569][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3026.603825][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3026.612856][T16202] bridge0: port 2(bridge_slave_1) entered blocking state [ 3026.619909][T16202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3026.643790][T24143] bridge0: port 1(bridge_slave_0) entered blocking state [ 3026.650863][T24143] bridge0: port 1(bridge_slave_0) entered disabled state [ 3026.663704][T24143] device bridge_slave_0 entered promiscuous mode [ 3026.762735][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3026.770905][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3026.780854][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3026.798874][T24143] bridge0: port 2(bridge_slave_1) entered blocking state [ 3026.808816][T24143] bridge0: port 2(bridge_slave_1) entered disabled state [ 3026.817588][T24143] device bridge_slave_1 entered promiscuous mode [ 3026.876148][T24141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3026.889247][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3026.900438][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3026.913790][T24125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3026.935914][T24141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3026.947540][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3026.956284][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3026.965563][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3027.068438][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3027.079520][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3027.098538][T24123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3027.111561][T24123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3027.133051][T24143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3027.245193][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3027.262810][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3027.282737][T24125] 8021q: adding VLAN 0 to HW filter on device team0 [ 3027.291326][T24141] team0: Port device team_slave_0 added [ 3027.302072][T24141] team0: Port device team_slave_1 added [ 3027.310665][T24143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3027.410610][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3027.420984][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3027.468578][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3027.477969][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3027.487147][T13425] bridge0: port 1(bridge_slave_0) entered blocking state [ 3027.494278][T13425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3027.555400][T24143] team0: Port device team_slave_0 added [ 3027.581009][T24123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3027.591297][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3027.602801][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3027.612467][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3027.620936][T13510] bridge0: port 2(bridge_slave_1) entered blocking state [ 3027.628041][T13510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3027.637426][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3027.715392][T24141] device hsr_slave_0 entered promiscuous mode [ 3027.772633][T24141] device hsr_slave_1 entered promiscuous mode [ 3027.811820][T24141] debugfs: Directory 'hsr0' with parent '/' already present! [ 3027.822280][T24143] team0: Port device team_slave_1 added [ 3027.880335][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3027.926122][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3027.935447][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3027.945035][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3027.954522][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3028.041329][T24152] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3028.086539][T24143] device hsr_slave_0 entered promiscuous mode [ 3028.129905][T24153] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3028.140591][T24153] CPU: 1 PID: 24153 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3028.148139][T24153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3028.158191][T24153] Call Trace: [ 3028.161489][T24153] dump_stack+0x172/0x1f0 [ 3028.165839][T24153] dump_header+0x10b/0x82d [ 3028.170262][T24153] oom_kill_process.cold+0x10/0x15 [ 3028.175364][T24153] out_of_memory+0x334/0x1340 [ 3028.180066][T24153] ? __sched_text_start+0x8/0x8 [ 3028.184901][T24153] ? oom_killer_disable+0x280/0x280 [ 3028.190080][T24153] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3028.195632][T24153] ? memcg_stat_show+0xc40/0xc40 [ 3028.200580][T24153] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3028.206364][T24153] ? cgroup_file_notify+0x140/0x1b0 [ 3028.211541][T24153] memory_max_write+0x262/0x3a0 [ 3028.216402][T24153] ? mem_cgroup_write+0x370/0x370 [ 3028.221403][T24153] ? lock_acquire+0x190/0x410 [ 3028.226080][T24153] ? kernfs_fop_write+0x227/0x480 [ 3028.231088][T24153] cgroup_file_write+0x241/0x790 [ 3028.236003][T24153] ? mem_cgroup_write+0x370/0x370 [ 3028.241004][T24153] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3028.246618][T24153] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3028.252229][T24153] kernfs_fop_write+0x2b8/0x480 [ 3028.257078][T24153] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3028.263298][T24153] __vfs_write+0x8a/0x110 [ 3028.267603][T24153] ? kernfs_fop_open+0xd80/0xd80 [ 3028.272519][T24153] vfs_write+0x268/0x5d0 [ 3028.276740][T24153] ksys_write+0x14f/0x290 [ 3028.281043][T24153] ? __ia32_sys_read+0xb0/0xb0 [ 3028.285789][T24153] ? do_syscall_64+0x26/0x760 [ 3028.290450][T24153] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3028.296502][T24153] ? do_syscall_64+0x26/0x760 [ 3028.301158][T24153] __x64_sys_write+0x73/0xb0 [ 3028.305725][T24153] do_syscall_64+0xfa/0x760 [ 3028.310208][T24153] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3028.316074][T24153] RIP: 0033:0x459a29 [ 3028.319945][T24153] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3028.339529][T24153] RSP: 002b:00007f4961b6ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3028.347918][T24153] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3028.355863][T24153] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3028.363814][T24153] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3028.371761][T24153] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4961b6b6d4 [ 3028.379706][T24153] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3028.389923][T24143] device hsr_slave_1 entered promiscuous mode [ 3028.396775][T24153] memory: usage 24900kB, limit 0kB, failcnt 118 [ 3028.403404][T24153] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3028.410318][T24153] Memory cgroup stats for /syz3: [ 3028.410445][T24153] anon 2158592 [ 3028.410445][T24153] file 90112 [ 3028.410445][T24153] kernel_stack 65536 [ 3028.410445][T24153] slab 23097344 [ 3028.410445][T24153] sock 0 [ 3028.410445][T24153] shmem 0 [ 3028.410445][T24153] file_mapped 0 [ 3028.410445][T24153] file_dirty 0 [ 3028.410445][T24153] file_writeback 0 [ 3028.410445][T24153] anon_thp 2097152 [ 3028.410445][T24153] inactive_anon 0 [ 3028.410445][T24153] active_anon 2158592 [ 3028.410445][T24153] inactive_file 135168 [ 3028.410445][T24153] active_file 0 [ 3028.410445][T24153] unevictable 0 [ 3028.410445][T24153] slab_reclaimable 22573056 [ 3028.410445][T24153] slab_unreclaimable 524288 [ 3028.410445][T24153] pgfault 46101 [ 3028.410445][T24153] pgmajfault 0 [ 3028.410445][T24153] workingset_refault 0 [ 3028.410445][T24153] workingset_activate 0 [ 3028.410445][T24153] workingset_nodereclaim 0 [ 3028.410445][T24153] pgrefill 349 [ 3028.410445][T24153] pgscan 343 [ 3028.410445][T24153] pgsteal 33 [ 3028.410445][T24153] pgactivate 297 [ 3028.507499][T24153] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24150,uid=0 [ 3028.523114][T24153] Memory cgroup out of memory: Killed process 24150 (syz-executor.3) total-vm:72708kB, anon-rss:2188kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3028.540980][T24143] debugfs: Directory 'hsr0' with parent '/' already present! [ 3028.564282][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3028.573066][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 20:14:58 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r4, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r6 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r6, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 20:14:58 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xa}, 0x0) [ 3028.582293][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3028.606978][ T1066] oom_reaper: reaped process 24150 (syz-executor.3), now anon-rss:0kB, file-rss:34896kB, shmem-rss:0kB [ 3028.645797][T24123] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3028.653939][T24155] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3028.679039][T24125] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3028.689712][T24123] CPU: 1 PID: 24123 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3028.697259][T24123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3028.707307][T24123] Call Trace: [ 3028.710601][T24123] dump_stack+0x172/0x1f0 [ 3028.714933][T24123] dump_header+0x10b/0x82d [ 3028.719345][T24123] ? oom_kill_process+0x94/0x3f0 [ 3028.724284][T24123] oom_kill_process.cold+0x10/0x15 [ 3028.729397][T24123] out_of_memory+0x334/0x1340 [ 3028.734070][T24123] ? lock_downgrade+0x920/0x920 [ 3028.738927][T24123] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3028.744065][T24155] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3028.744738][T24123] ? oom_killer_disable+0x280/0x280 [ 3028.759185][T24123] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3028.764716][T24123] ? memcg_stat_show+0xc40/0xc40 [ 3028.769639][T24123] ? do_raw_spin_unlock+0x57/0x270 [ 3028.774731][T24123] ? _raw_spin_unlock+0x2d/0x50 [ 3028.779563][T24123] try_charge+0xf4b/0x1440 [ 3028.783968][T24123] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3028.789490][T24123] ? percpu_ref_tryget_live+0x111/0x290 [ 3028.795028][T24123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3028.801248][T24123] ? __kasan_check_read+0x11/0x20 [ 3028.806256][T24123] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3028.811783][T24123] mem_cgroup_try_charge+0x136/0x590 [ 3028.817067][T24123] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3028.822685][T24123] wp_page_copy+0x407/0x1860 [ 3028.827264][T24123] ? find_held_lock+0x35/0x130 [ 3028.832016][T24123] ? do_wp_page+0x53b/0x15c0 [ 3028.836594][T24123] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3028.842385][T24123] ? lock_downgrade+0x920/0x920 [ 3028.847219][T24123] ? swp_swapcount+0x540/0x540 [ 3028.851963][T24123] ? __kasan_check_read+0x11/0x20 [ 3028.856968][T24123] ? do_raw_spin_unlock+0x57/0x270 [ 3028.862078][T24123] do_wp_page+0x543/0x15c0 [ 3028.866477][T24123] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3028.871836][T24123] __handle_mm_fault+0x23ec/0x4040 [ 3028.876931][T24123] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3028.882458][T24123] ? handle_mm_fault+0x292/0xaa0 [ 3028.887388][T24123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3028.893606][T24123] ? __kasan_check_read+0x11/0x20 [ 3028.898614][T24123] handle_mm_fault+0x3b7/0xaa0 [ 3028.903363][T24123] __do_page_fault+0x536/0xdd0 [ 3028.908113][T24123] do_page_fault+0x38/0x590 [ 3028.912600][T24123] page_fault+0x39/0x40 [ 3028.916732][T24123] RIP: 0033:0x430b06 [ 3028.920608][T24123] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3028.940199][T24123] RSP: 002b:00007fffb8e3c290 EFLAGS: 00010206 [ 3028.946242][T24123] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3028.954191][T24123] RDX: 0000000001b05930 RSI: 0000000001b0d970 RDI: 0000000000000003 [ 3028.962139][T24123] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001b04940 [ 3028.970087][T24123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3028.978037][T24123] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3028.989182][T24125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3029.007206][T24123] memory: usage 22484kB, limit 0kB, failcnt 126 [ 3029.014194][T24123] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3029.021164][T24123] Memory cgroup stats for /syz3: [ 3029.021275][T24123] anon 61440 [ 3029.021275][T24123] file 90112 [ 3029.021275][T24123] kernel_stack 65536 [ 3029.021275][T24123] slab 23097344 [ 3029.021275][T24123] sock 0 [ 3029.021275][T24123] shmem 0 [ 3029.021275][T24123] file_mapped 0 [ 3029.021275][T24123] file_dirty 0 [ 3029.021275][T24123] file_writeback 0 [ 3029.021275][T24123] anon_thp 0 [ 3029.021275][T24123] inactive_anon 0 [ 3029.021275][T24123] active_anon 61440 [ 3029.021275][T24123] inactive_file 135168 [ 3029.021275][T24123] active_file 0 [ 3029.021275][T24123] unevictable 0 [ 3029.021275][T24123] slab_reclaimable 22573056 [ 3029.021275][T24123] slab_unreclaimable 524288 [ 3029.021275][T24123] pgfault 46134 [ 3029.021275][T24123] pgmajfault 0 [ 3029.021275][T24123] workingset_refault 0 [ 3029.021275][T24123] workingset_activate 0 [ 3029.021275][T24123] workingset_nodereclaim 0 [ 3029.021275][T24123] pgrefill 349 [ 3029.021275][T24123] pgscan 343 [ 3029.021275][T24123] pgsteal 33 [ 3029.021275][T24123] pgactivate 297 [ 3029.122421][T24123] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24123,uid=0 [ 3029.138109][T24123] Memory cgroup out of memory: Killed process 24123 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3029.164191][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3029.173442][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3029.192901][ T1066] oom_reaper: reaped process 24123 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3029.639162][T24125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3029.780124][T24141] 8021q: adding VLAN 0 to HW filter on device bond0 20:14:59 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 20:14:59 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 20:14:59 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xe}, 0x0) 20:14:59 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r4, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r6 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r6, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r8 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3029.885435][T24141] 8021q: adding VLAN 0 to HW filter on device team0 [ 3029.923422][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3029.961924][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3029.969450][T24166] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3030.003335][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3030.031715][T24166] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3030.051951][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3030.060479][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 3030.067592][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3030.093312][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3030.113119][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3030.132409][T13492] bridge0: port 2(bridge_slave_1) entered blocking state [ 3030.139527][T13492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3030.218357][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3030.241960][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3030.374273][T24143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3030.402641][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3030.513377][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3030.533550][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3030.552885][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3030.569057][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3030.578689][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3030.589790][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3030.599475][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3030.608315][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3030.618835][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3030.698218][T24143] 8021q: adding VLAN 0 to HW filter on device team0 [ 3030.714911][T24141] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3030.729223][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3030.739419][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3030.815784][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3030.825715][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3030.835210][T16062] bridge0: port 1(bridge_slave_0) entered blocking state [ 3030.842346][T16062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3030.929045][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3030.937962][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3030.948093][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3030.957092][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3030.964198][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3030.987386][T24141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3031.029153][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3031.060025][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3031.073534][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3031.090232][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3031.186408][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3031.197195][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3031.206970][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3031.272542][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3031.294186][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3031.390756][T24177] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3031.459860][T24143] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3031.473421][T24143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3031.487745][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3031.497310][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3031.559963][T24180] IPVS: ftp: loaded support on port[0] = 21 [ 3031.586199][T24177] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3031.621066][T24177] CPU: 1 PID: 24177 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3031.628651][T24177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3031.628657][T24177] Call Trace: [ 3031.628681][T24177] dump_stack+0x172/0x1f0 [ 3031.628707][T24177] dump_header+0x10b/0x82d [ 3031.628729][T24177] oom_kill_process.cold+0x10/0x15 [ 3031.628747][T24177] out_of_memory+0x334/0x1340 [ 3031.628766][T24177] ? mark_held_locks+0xa4/0xf0 [ 3031.628783][T24177] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3031.628795][T24177] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3031.628814][T24177] ? oom_killer_disable+0x280/0x280 [ 3031.681442][T24177] ? trace_hardirqs_on_caller+0x6a/0x240 [ 3031.681472][T24177] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3031.692631][T24177] ? memcg_stat_show+0xc40/0xc40 [ 3031.697585][T24177] ? retint_kernel+0x2b/0x2b [ 3031.702209][T24177] memory_max_write+0x262/0x3a0 [ 3031.707063][T24177] ? mem_cgroup_write+0x370/0x370 [ 3031.712081][T24177] ? cgroup_file_write+0x86/0x790 [ 3031.712098][T24177] cgroup_file_write+0x241/0x790 [ 3031.712114][T24177] ? mem_cgroup_write+0x370/0x370 [ 3031.712130][T24177] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3031.712156][T24177] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3031.738361][T24177] kernfs_fop_write+0x2b8/0x480 [ 3031.743220][T24177] __vfs_write+0x8a/0x110 [ 3031.743237][T24177] ? kernfs_fop_open+0xd80/0xd80 [ 3031.743256][T24177] vfs_write+0x268/0x5d0 [ 3031.752486][T24177] ksys_write+0x14f/0x290 [ 3031.752501][T24177] ? __ia32_sys_read+0xb0/0xb0 [ 3031.752520][T24177] ? do_syscall_64+0x26/0x760 [ 3031.752546][T24177] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3031.770527][T24177] ? do_syscall_64+0x26/0x760 [ 3031.781253][T24177] __x64_sys_write+0x73/0xb0 [ 3031.785855][T24177] do_syscall_64+0xfa/0x760 [ 3031.790366][T24177] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3031.790382][T24177] RIP: 0033:0x459a29 [ 3031.800148][T24177] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3031.819773][T24177] RSP: 002b:00007f277e128c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3031.819788][T24177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3031.819794][T24177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3031.819801][T24177] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3031.819809][T24177] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f277e1296d4 [ 3031.819816][T24177] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3031.861894][T24177] memory: usage 3220kB, limit 0kB, failcnt 1306 [ 3031.891889][T24177] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3031.904219][T24177] Memory cgroup stats for /syz0: [ 3031.905528][T24177] anon 2199552 [ 3031.905528][T24177] file 20480 [ 3031.905528][T24177] kernel_stack 65536 [ 3031.905528][T24177] slab 823296 [ 3031.905528][T24177] sock 0 [ 3031.905528][T24177] shmem 0 [ 3031.905528][T24177] file_mapped 0 [ 3031.905528][T24177] file_dirty 0 [ 3031.905528][T24177] file_writeback 0 [ 3031.905528][T24177] anon_thp 2097152 [ 3031.905528][T24177] inactive_anon 0 [ 3031.905528][T24177] active_anon 2199552 [ 3031.905528][T24177] inactive_file 0 [ 3031.905528][T24177] active_file 0 [ 3031.905528][T24177] unevictable 0 [ 3031.905528][T24177] slab_reclaimable 270336 [ 3031.905528][T24177] slab_unreclaimable 552960 [ 3031.905528][T24177] pgfault 19041 [ 3031.905528][T24177] pgmajfault 0 [ 3031.905528][T24177] workingset_refault 0 [ 3031.905528][T24177] workingset_activate 0 [ 3031.905528][T24177] workingset_nodereclaim 0 [ 3031.905528][T24177] pgrefill 66 [ 3031.905528][T24177] pgscan 66 [ 3031.905528][T24177] pgsteal 0 [ 3031.905528][T24177] pgactivate 33 [ 3032.019588][T24177] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24176,uid=0 [ 3032.039274][T24177] Memory cgroup out of memory: Killed process 24176 (syz-executor.0) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 3032.062540][ T1066] oom_reaper: reaped process 24176 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 3032.200873][T24143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3032.214021][T24182] IPVS: ftp: loaded support on port[0] = 21 [ 3032.242339][T24141] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3032.279714][T24141] CPU: 0 PID: 24141 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3032.287286][T24141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3032.297339][T24141] Call Trace: [ 3032.300631][T24141] dump_stack+0x172/0x1f0 [ 3032.304965][T24141] dump_header+0x10b/0x82d [ 3032.309371][T24141] ? oom_kill_process+0x94/0x3f0 [ 3032.314306][T24141] oom_kill_process.cold+0x10/0x15 [ 3032.319414][T24141] out_of_memory+0x334/0x1340 [ 3032.324086][T24141] ? lock_downgrade+0x920/0x920 [ 3032.328934][T24141] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3032.334741][T24141] ? oom_killer_disable+0x280/0x280 [ 3032.339943][T24141] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3032.345484][T24141] ? memcg_stat_show+0xc40/0xc40 [ 3032.350429][T24141] ? do_raw_spin_unlock+0x57/0x270 [ 3032.355553][T24141] ? _raw_spin_unlock+0x2d/0x50 [ 3032.360416][T24141] try_charge+0xf4b/0x1440 [ 3032.364842][T24141] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3032.370382][T24141] ? percpu_ref_tryget_live+0x111/0x290 [ 3032.375931][T24141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3032.382169][T24141] ? __kasan_check_read+0x11/0x20 [ 3032.387196][T24141] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3032.392743][T24141] mem_cgroup_try_charge+0x136/0x590 [ 3032.398555][T24141] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3032.404197][T24141] wp_page_copy+0x407/0x1860 [ 3032.408784][T24141] ? find_held_lock+0x35/0x130 [ 3032.413542][T24141] ? do_wp_page+0x53b/0x15c0 [ 3032.418165][T24141] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3032.423972][T24141] ? lock_downgrade+0x920/0x920 [ 3032.428824][T24141] ? swp_swapcount+0x540/0x540 [ 3032.433591][T24141] ? __kasan_check_read+0x11/0x20 [ 3032.438605][T24141] ? do_raw_spin_unlock+0x57/0x270 [ 3032.443718][T24141] do_wp_page+0x543/0x15c0 [ 3032.448133][T24141] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3032.453506][T24141] __handle_mm_fault+0x23ec/0x4040 [ 3032.458615][T24141] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3032.464161][T24141] ? handle_mm_fault+0x292/0xaa0 [ 3032.469110][T24141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3032.475348][T24141] ? __kasan_check_read+0x11/0x20 [ 3032.480374][T24141] handle_mm_fault+0x3b7/0xaa0 [ 3032.485138][T24141] __do_page_fault+0x536/0xdd0 [ 3032.489904][T24141] do_page_fault+0x38/0x590 [ 3032.494406][T24141] page_fault+0x39/0x40 [ 3032.498553][T24141] RIP: 0033:0x430b06 [ 3032.502460][T24141] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3032.522064][T24141] RSP: 002b:00007ffeed801780 EFLAGS: 00010206 [ 3032.528132][T24141] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3032.536100][T24141] RDX: 00000000015cb930 RSI: 00000000015d3970 RDI: 0000000000000003 [ 3032.544070][T24141] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000015ca940 [ 3032.552039][T24141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3032.560005][T24141] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3032.572161][T24141] memory: usage 840kB, limit 0kB, failcnt 1314 [ 3032.578329][T24141] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3032.590668][T24141] Memory cgroup stats for /syz0: [ 3032.590779][T24141] anon 0 [ 3032.590779][T24141] file 20480 [ 3032.590779][T24141] kernel_stack 0 [ 3032.590779][T24141] slab 823296 [ 3032.590779][T24141] sock 0 [ 3032.590779][T24141] shmem 0 [ 3032.590779][T24141] file_mapped 0 [ 3032.590779][T24141] file_dirty 0 [ 3032.590779][T24141] file_writeback 0 [ 3032.590779][T24141] anon_thp 0 [ 3032.590779][T24141] inactive_anon 0 [ 3032.590779][T24141] active_anon 0 [ 3032.590779][T24141] inactive_file 0 [ 3032.590779][T24141] active_file 0 [ 3032.590779][T24141] unevictable 0 [ 3032.590779][T24141] slab_reclaimable 270336 [ 3032.590779][T24141] slab_unreclaimable 552960 [ 3032.590779][T24141] pgfault 19041 [ 3032.590779][T24141] pgmajfault 0 [ 3032.590779][T24141] workingset_refault 0 [ 3032.590779][T24141] workingset_activate 0 [ 3032.590779][T24141] workingset_nodereclaim 0 [ 3032.590779][T24141] pgrefill 66 [ 3032.590779][T24141] pgscan 66 [ 3032.590779][T24141] pgsteal 0 [ 3032.590779][T24141] pgactivate 33 [ 3032.590779][T24141] pgdeactivate 66 [ 3032.713209][T24141] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24141,uid=0 [ 3032.728744][T24141] Memory cgroup out of memory: Killed process 24141 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 3032.747591][ T1066] oom_reaper: reaped process 24141 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3032.997849][T24189] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3033.096800][T24190] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3033.112855][T24190] CPU: 0 PID: 24190 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3033.120412][T24190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3033.130465][T24190] Call Trace: [ 3033.133763][T24190] dump_stack+0x172/0x1f0 [ 3033.138100][T24190] dump_header+0x10b/0x82d [ 3033.142533][T24190] oom_kill_process.cold+0x10/0x15 [ 3033.147646][T24190] out_of_memory+0x334/0x1340 [ 3033.152327][T24190] ? cgroup_file_notify+0x140/0x1b0 [ 3033.157528][T24190] ? oom_killer_disable+0x280/0x280 [ 3033.162736][T24190] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3033.168284][T24190] ? memcg_stat_show+0xc40/0xc40 [ 3033.173228][T24190] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3033.179038][T24190] ? cgroup_file_notify+0x140/0x1b0 [ 3033.185194][T24190] memory_max_write+0x262/0x3a0 [ 3033.190049][T24190] ? mem_cgroup_write+0x370/0x370 [ 3033.195073][T24190] ? lock_acquire+0x190/0x410 [ 3033.199751][T24190] ? kernfs_fop_write+0x227/0x480 [ 3033.204785][T24190] cgroup_file_write+0x241/0x790 [ 3033.209723][T24190] ? mem_cgroup_write+0x370/0x370 [ 3033.214750][T24190] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3033.220393][T24190] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3033.226036][T24190] kernfs_fop_write+0x2b8/0x480 [ 3033.230890][T24190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3033.237154][T24190] __vfs_write+0x8a/0x110 [ 3033.241483][T24190] ? kernfs_fop_open+0xd80/0xd80 [ 3033.246418][T24190] vfs_write+0x268/0x5d0 [ 3033.250660][T24190] ksys_write+0x14f/0x290 [ 3033.254989][T24190] ? __ia32_sys_read+0xb0/0xb0 [ 3033.259752][T24190] ? do_syscall_64+0x26/0x760 [ 3033.264437][T24190] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3033.270502][T24190] ? do_syscall_64+0x26/0x760 [ 3033.275184][T24190] __x64_sys_write+0x73/0xb0 [ 3033.279775][T24190] do_syscall_64+0xfa/0x760 [ 3033.284284][T24190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3033.290169][T24190] RIP: 0033:0x459a29 [ 3033.294063][T24190] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3033.313666][T24190] RSP: 002b:00007ff8f3129c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3033.322077][T24190] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3033.330053][T24190] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3033.338019][T24190] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3033.345986][T24190] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8f312a6d4 [ 3033.353956][T24190] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3033.374217][T24190] memory: usage 3500kB, limit 0kB, failcnt 1352 [ 3033.380469][T24190] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3033.389043][T24190] Memory cgroup stats for /syz2: [ 3033.389153][T24190] anon 2121728 [ 3033.389153][T24190] file 20480 [ 3033.389153][T24190] kernel_stack 65536 [ 3033.389153][T24190] slab 946176 [ 3033.389153][T24190] sock 0 [ 3033.389153][T24190] shmem 0 [ 3033.389153][T24190] file_mapped 0 [ 3033.389153][T24190] file_dirty 135168 [ 3033.389153][T24190] file_writeback 0 [ 3033.389153][T24190] anon_thp 2097152 [ 3033.389153][T24190] inactive_anon 0 [ 3033.389153][T24190] active_anon 2121728 [ 3033.389153][T24190] inactive_file 0 [ 3033.389153][T24190] active_file 0 [ 3033.389153][T24190] unevictable 0 [ 3033.389153][T24190] slab_reclaimable 270336 [ 3033.389153][T24190] slab_unreclaimable 675840 [ 3033.389153][T24190] pgfault 18777 [ 3033.389153][T24190] pgmajfault 0 [ 3033.389153][T24190] workingset_refault 0 [ 3033.389153][T24190] workingset_activate 0 [ 3033.389153][T24190] workingset_nodereclaim 0 [ 3033.389153][T24190] pgrefill 99 [ 3033.389153][T24190] pgscan 99 [ 3033.389153][T24190] pgsteal 0 [ 3033.389153][T24190] pgactivate 66 [ 3033.484722][T24190] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24188,uid=0 [ 3033.502751][T24190] Memory cgroup out of memory: Killed process 24188 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3033.524104][ T1066] oom_reaper: reaped process 24188 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 20:15:03 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:03 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 20:15:03 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf}, 0x0) 20:15:03 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3033.755884][T24195] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3033.757711][T24143] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3033.788059][T24143] CPU: 0 PID: 24143 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3033.795653][T24143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3033.805696][T24143] Call Trace: [ 3033.805720][T24143] dump_stack+0x172/0x1f0 [ 3033.805739][T24143] dump_header+0x10b/0x82d [ 3033.805749][T24143] ? oom_kill_process+0x94/0x3f0 [ 3033.805764][T24143] oom_kill_process.cold+0x10/0x15 [ 3033.805778][T24143] out_of_memory+0x334/0x1340 [ 3033.805793][T24143] ? lock_downgrade+0x920/0x920 [ 3033.805812][T24143] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3033.805828][T24143] ? oom_killer_disable+0x280/0x280 [ 3033.805849][T24143] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3033.805860][T24143] ? memcg_stat_show+0xc40/0xc40 [ 3033.805878][T24143] ? do_raw_spin_unlock+0x57/0x270 [ 3033.809230][T24195] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3033.813465][T24143] ? _raw_spin_unlock+0x2d/0x50 [ 3033.813489][T24143] try_charge+0xf4b/0x1440 [ 3033.813511][T24143] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3033.813530][T24143] ? percpu_ref_tryget_live+0x111/0x290 [ 3033.837433][T24143] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3033.837451][T24143] ? __kasan_check_read+0x11/0x20 [ 3033.858869][T24143] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3033.858889][T24143] mem_cgroup_try_charge+0x136/0x590 [ 3033.888029][T24143] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3033.899764][T24143] wp_page_copy+0x407/0x1860 [ 3033.910300][T24143] ? find_held_lock+0x35/0x130 [ 3033.910316][T24143] ? do_wp_page+0x53b/0x15c0 [ 3033.910334][T24143] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3033.925771][T24143] ? lock_downgrade+0x920/0x920 [ 3033.925791][T24143] ? swp_swapcount+0x540/0x540 [ 3033.925808][T24143] ? __kasan_check_read+0x11/0x20 20:15:03 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3033.925819][T24143] ? do_raw_spin_unlock+0x57/0x270 [ 3033.925835][T24143] do_wp_page+0x543/0x15c0 [ 3033.925853][T24143] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3033.925876][T24143] __handle_mm_fault+0x23ec/0x4040 [ 3033.925894][T24143] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3033.925908][T24143] ? handle_mm_fault+0x292/0xaa0 [ 3033.925934][T24143] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3033.925945][T24143] ? __kasan_check_read+0x11/0x20 [ 3033.925960][T24143] handle_mm_fault+0x3b7/0xaa0 [ 3033.925979][T24143] __do_page_fault+0x536/0xdd0 [ 3033.925997][T24143] do_page_fault+0x38/0x590 [ 3033.926017][T24143] page_fault+0x39/0x40 [ 3033.926027][T24143] RIP: 0033:0x430b06 [ 3033.926042][T24143] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3033.926049][T24143] RSP: 002b:00007ffe459fd100 EFLAGS: 00010206 [ 3033.926058][T24143] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3033.926064][T24143] RDX: 0000000001160930 RSI: 0000000001168970 RDI: 0000000000000003 [ 3033.926070][T24143] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000115f940 [ 3033.926076][T24143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3033.926082][T24143] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3033.994350][T24143] memory: usage 1124kB, limit 0kB, failcnt 1364 [ 3034.092946][T24143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3034.099790][T24143] Memory cgroup stats for /syz2: [ 3034.099904][T24143] anon 20480 [ 3034.099904][T24143] file 20480 [ 3034.099904][T24143] kernel_stack 0 [ 3034.099904][T24143] slab 946176 [ 3034.099904][T24143] sock 0 [ 3034.099904][T24143] shmem 0 [ 3034.099904][T24143] file_mapped 0 [ 3034.099904][T24143] file_dirty 135168 [ 3034.099904][T24143] file_writeback 0 [ 3034.099904][T24143] anon_thp 0 [ 3034.099904][T24143] inactive_anon 0 [ 3034.099904][T24143] active_anon 20480 [ 3034.099904][T24143] inactive_file 0 [ 3034.099904][T24143] active_file 0 [ 3034.099904][T24143] unevictable 0 [ 3034.099904][T24143] slab_reclaimable 270336 [ 3034.099904][T24143] slab_unreclaimable 675840 [ 3034.099904][T24143] pgfault 18777 [ 3034.099904][T24143] pgmajfault 0 [ 3034.099904][T24143] workingset_refault 0 [ 3034.099904][T24143] workingset_activate 0 [ 3034.099904][T24143] workingset_nodereclaim 0 [ 3034.099904][T24143] pgrefill 99 [ 3034.099904][T24143] pgscan 99 [ 3034.099904][T24143] pgsteal 0 [ 3034.099904][T24143] pgactivate 66 [ 3034.196324][T24143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24143,uid=0 [ 3034.212320][T24143] Memory cgroup out of memory: Killed process 24143 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3034.231036][ T1066] oom_reaper: reaped process 24143 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3034.242770][T24198] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3034.262360][T24198] CPU: 0 PID: 24198 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3034.269930][T24198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3034.280009][T24198] Call Trace: [ 3034.283307][T24198] dump_stack+0x172/0x1f0 [ 3034.287646][T24198] dump_header+0x10b/0x82d [ 3034.292067][T24198] oom_kill_process.cold+0x10/0x15 [ 3034.297179][T24198] out_of_memory+0x334/0x1340 [ 3034.301867][T24198] ? oom_killer_disable+0x280/0x280 [ 3034.307082][T24198] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3034.312630][T24198] ? memcg_stat_show+0xc40/0xc40 [ 3034.317583][T24198] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3034.323400][T24198] ? cgroup_file_notify+0x140/0x1b0 [ 3034.328615][T24198] memory_max_write+0x262/0x3a0 [ 3034.333476][T24198] ? mem_cgroup_write+0x370/0x370 [ 3034.338508][T24198] ? lock_acquire+0x20b/0x410 [ 3034.343191][T24198] cgroup_file_write+0x241/0x790 [ 3034.348145][T24198] ? mem_cgroup_write+0x370/0x370 [ 3034.353175][T24198] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3034.358828][T24198] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3034.364470][T24198] kernfs_fop_write+0x2b8/0x480 [ 3034.369338][T24198] __vfs_write+0x8a/0x110 [ 3034.373669][T24198] ? kernfs_fop_open+0xd80/0xd80 [ 3034.378621][T24198] vfs_write+0x268/0x5d0 [ 3034.382875][T24198] ksys_write+0x14f/0x290 [ 3034.387204][T24198] ? __ia32_sys_read+0xb0/0xb0 [ 3034.391973][T24198] ? do_syscall_64+0x26/0x760 [ 3034.396655][T24198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3034.402719][T24198] ? do_syscall_64+0x26/0x760 [ 3034.407404][T24198] __x64_sys_write+0x73/0xb0 [ 3034.412006][T24198] do_syscall_64+0xfa/0x760 [ 3034.416514][T24198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3034.422404][T24198] RIP: 0033:0x459a29 [ 3034.426307][T24198] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3034.445920][T24198] RSP: 002b:00007f7c6b423c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3034.454344][T24198] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3034.462325][T24198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 3034.470302][T24198] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3034.478279][T24198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c6b4246d4 [ 3034.486260][T24198] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3034.508935][T24198] memory: usage 3320kB, limit 0kB, failcnt 1276 [ 3034.515712][T24198] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3034.523353][T24198] Memory cgroup stats for /syz4 [ 3034.530397][T24198] : [ 3034.530759][T24198] anon 2269184 [ 3034.530759][T24198] file 28672 [ 3034.530759][T24198] kernel_stack 65536 [ 3034.530759][T24198] slab 831488 [ 3034.530759][T24198] sock 0 [ 3034.530759][T24198] shmem 0 [ 3034.530759][T24198] file_mapped 0 [ 3034.530759][T24198] file_dirty 135168 [ 3034.530759][T24198] file_writeback 0 [ 3034.530759][T24198] anon_thp 2097152 [ 3034.530759][T24198] inactive_anon 0 [ 3034.530759][T24198] active_anon 2191360 [ 3034.530759][T24198] inactive_file 135168 [ 3034.530759][T24198] active_file 0 [ 3034.530759][T24198] unevictable 0 [ 3034.530759][T24198] slab_reclaimable 270336 [ 3034.530759][T24198] slab_unreclaimable 561152 [ 3034.530759][T24198] pgfault 19998 [ 3034.530759][T24198] pgmajfault 0 [ 3034.530759][T24198] workingset_refault 0 [ 3034.530759][T24198] workingset_activate 0 [ 3034.530759][T24198] workingset_nodereclaim 0 [ 3034.530759][T24198] pgrefill 67 [ 3034.530759][T24198] pgscan 110 [ 3034.530759][T24198] pgsteal 70 [ 3034.530759][T24198] pgactivate 33 [ 3034.627195][T24198] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24197,uid=0 [ 3034.645428][T24198] Memory cgroup out of memory: Killed process 24197 (syz-executor.4) total-vm:72572kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 20:15:04 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x33}, 0x0) [ 3034.671751][ T1066] oom_reaper: reaped process 24197 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 20:15:04 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3034.804860][T24203] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3034.841777][T24203] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3034.867427][T24125] syz-executor.4 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 3034.907854][T24125] CPU: 1 PID: 24125 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3034.915429][T24125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3034.925483][T24125] Call Trace: [ 3034.928779][T24125] dump_stack+0x172/0x1f0 [ 3034.933109][T24125] dump_header+0x10b/0x82d [ 3034.937515][T24125] ? oom_kill_process+0x94/0x3f0 [ 3034.942451][T24125] oom_kill_process.cold+0x10/0x15 [ 3034.947560][T24125] out_of_memory+0x334/0x1340 [ 3034.952235][T24125] ? lock_downgrade+0x920/0x920 [ 3034.957085][T24125] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3034.962891][T24125] ? oom_killer_disable+0x280/0x280 [ 3034.968114][T24125] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3034.973662][T24125] ? memcg_stat_show+0xc40/0xc40 [ 3034.978603][T24125] ? do_raw_spin_unlock+0x57/0x270 [ 3034.983710][T24125] ? _raw_spin_unlock+0x2d/0x50 [ 3034.988559][T24125] try_charge+0xf4b/0x1440 [ 3034.992979][T24125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3034.998521][T24125] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3035.004065][T24125] ? cache_grow_begin+0x122/0xd20 [ 3035.009081][T24125] ? find_held_lock+0x35/0x130 [ 3035.013842][T24125] ? cache_grow_begin+0x122/0xd20 [ 3035.018870][T24125] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3035.024407][T24125] ? lock_downgrade+0x920/0x920 [ 3035.029251][T24125] ? memcg_kmem_put_cache+0x50/0x50 [ 3035.034446][T24125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3035.040679][T24125] ? __kasan_check_read+0x11/0x20 [ 3035.045706][T24125] cache_grow_begin+0x629/0xd20 [ 3035.050579][T24125] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 3035.056210][T24125] ? mempolicy_slab_node+0x139/0x390 [ 3035.061491][T24125] fallback_alloc+0x1fd/0x2d0 [ 3035.066169][T24125] ____cache_alloc_node+0x1bc/0x1d0 [ 3035.071365][T24125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3035.077603][T24125] kmem_cache_alloc+0x1ef/0x710 [ 3035.082450][T24125] ? lock_downgrade+0x920/0x920 [ 3035.087295][T24125] ? rwlock_bug.part.0+0x90/0x90 [ 3035.092228][T24125] ? ratelimit_state_init+0xb0/0xb0 [ 3035.097421][T24125] ext4_alloc_inode+0x1f/0x640 [ 3035.102181][T24125] ? ratelimit_state_init+0xb0/0xb0 [ 3035.107376][T24125] alloc_inode+0x68/0x1e0 [ 3035.111700][T24125] iget_locked+0x1a6/0x4b0 [ 3035.116105][T24125] __ext4_iget+0x265/0x3e20 [ 3035.120592][T24125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3035.126814][T24125] ? ext4_get_projid+0x190/0x190 [ 3035.131731][T24125] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3035.137255][T24125] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3035.143222][T24125] ? d_alloc_parallel+0xa78/0x1c30 [ 3035.148314][T24125] ext4_lookup+0x3b1/0x7a0 [ 3035.152739][T24125] ? ext4_cross_rename+0x1430/0x1430 [ 3035.158004][T24125] ? __lock_acquire+0x16f2/0x4a00 [ 3035.163003][T24125] ? __kasan_check_read+0x11/0x20 [ 3035.168008][T24125] ? lockdep_init_map+0x1be/0x6d0 [ 3035.173013][T24125] __lookup_slow+0x279/0x500 [ 3035.177581][T24125] ? vfs_unlink+0x620/0x620 [ 3035.182074][T24125] lookup_slow+0x58/0x80 [ 3035.186296][T24125] path_mountpoint+0x5d2/0x1e60 [ 3035.191122][T24125] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3035.196648][T24125] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3035.202636][T24125] ? path_openat+0x46d0/0x46d0 [ 3035.207382][T24125] filename_mountpoint+0x18e/0x390 [ 3035.212470][T24125] ? filename_parentat.isra.0+0x410/0x410 [ 3035.218165][T24125] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3035.224303][T24125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3035.230537][T24125] ? __phys_addr_symbol+0x30/0x70 [ 3035.235537][T24125] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3035.241231][T24125] ? __check_object_size+0x3d/0x437 [ 3035.246410][T24125] ? strncpy_from_user+0x2b4/0x400 [ 3035.251499][T24125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3035.257717][T24125] ? getname_flags+0x277/0x5b0 [ 3035.262461][T24125] user_path_mountpoint_at+0x3a/0x50 [ 3035.267723][T24125] ksys_umount+0x164/0xf00 [ 3035.272130][T24125] ? __ia32_sys_rmdir+0x40/0x40 [ 3035.276968][T24125] ? __detach_mounts+0x2a0/0x2a0 [ 3035.281886][T24125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3035.288103][T24125] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3035.293537][T24125] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3035.298972][T24125] ? do_syscall_64+0x26/0x760 [ 3035.303629][T24125] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3035.309679][T24125] ? do_syscall_64+0x26/0x760 [ 3035.314334][T24125] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3035.319606][T24125] __x64_sys_umount+0x54/0x80 [ 3035.324263][T24125] do_syscall_64+0xfa/0x760 [ 3035.328742][T24125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3035.334608][T24125] RIP: 0033:0x45c457 [ 3035.338479][T24125] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3035.358057][T24125] RSP: 002b:00007ffd64b28c28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 3035.366444][T24125] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c457 [ 3035.374391][T24125] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffd64b28cd0 [ 3035.382344][T24125] RBP: 0000000000000008 R08: 0000000000000000 R09: 000000000000000e [ 3035.390290][T24125] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffd64b29d60 [ 3035.398256][T24125] R13: 0000000000be4940 R14: 0000000000000000 R15: 00007ffd64b29d60 [ 3035.410601][T24125] memory: usage 988kB, limit 0kB, failcnt 1288 [ 3035.416940][T24125] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3035.423992][T24125] Memory cgroup stats for /syz4: [ 3035.424098][T24125] anon 155648 [ 3035.424098][T24125] file 28672 [ 3035.424098][T24125] kernel_stack 65536 [ 3035.424098][T24125] slab 831488 [ 3035.424098][T24125] sock 0 [ 3035.424098][T24125] shmem 0 [ 3035.424098][T24125] file_mapped 0 [ 3035.424098][T24125] file_dirty 135168 [ 3035.424098][T24125] file_writeback 0 [ 3035.424098][T24125] anon_thp 0 [ 3035.424098][T24125] inactive_anon 0 [ 3035.424098][T24125] active_anon 77824 [ 3035.424098][T24125] inactive_file 135168 [ 3035.424098][T24125] active_file 0 [ 3035.424098][T24125] unevictable 0 [ 3035.424098][T24125] slab_reclaimable 270336 [ 3035.424098][T24125] slab_unreclaimable 561152 [ 3035.424098][T24125] pgfault 19998 [ 3035.424098][T24125] pgmajfault 0 [ 3035.424098][T24125] workingset_refault 0 [ 3035.424098][T24125] workingset_activate 0 [ 3035.424098][T24125] workingset_nodereclaim 0 [ 3035.424098][T24125] pgrefill 67 [ 3035.424098][T24125] pgscan 110 [ 3035.424098][T24125] pgsteal 70 [ 3035.424098][T24125] pgactivate 33 [ 3035.429129][T24125] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24125,uid=0 [ 3035.536175][T24125] Memory cgroup out of memory: Killed process 24125 (syz-executor.4) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3035.556922][ T1066] oom_reaper: reaped process 24125 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 20:15:05 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:05 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x48}, 0x0) [ 3035.640788][T24180] chnl_net:caif_netlink_parms(): no params data found [ 3035.665296][T24182] chnl_net:caif_netlink_parms(): no params data found [ 3035.757038][T24209] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3035.796200][T24209] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3036.077599][T24206] IPVS: ftp: loaded support on port[0] = 21 [ 3036.289701][T24182] bridge0: port 1(bridge_slave_0) entered blocking state [ 3036.297139][T24182] bridge0: port 1(bridge_slave_0) entered disabled state [ 3036.305825][T24182] device bridge_slave_0 entered promiscuous mode [ 3036.314841][T24182] bridge0: port 2(bridge_slave_1) entered blocking state [ 3036.321950][T24182] bridge0: port 2(bridge_slave_1) entered disabled state [ 3036.330500][T24182] device bridge_slave_1 entered promiscuous mode [ 3036.346052][T24180] bridge0: port 1(bridge_slave_0) entered blocking state [ 3036.353975][T24180] bridge0: port 1(bridge_slave_0) entered disabled state [ 3036.363322][T24180] device bridge_slave_0 entered promiscuous mode [ 3036.438763][T24182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3036.448379][T24180] bridge0: port 2(bridge_slave_1) entered blocking state [ 3036.456721][T24180] bridge0: port 2(bridge_slave_1) entered disabled state [ 3036.466538][T24180] device bridge_slave_1 entered promiscuous mode [ 3036.479570][T24182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3036.627278][T24182] team0: Port device team_slave_0 added [ 3036.636102][T24182] team0: Port device team_slave_1 added [ 3036.649514][T24180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3036.720428][T24180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3036.830419][T24180] team0: Port device team_slave_0 added [ 3036.945646][T24182] device hsr_slave_0 entered promiscuous mode [ 3036.992709][T24182] device hsr_slave_1 entered promiscuous mode [ 3037.041877][T24182] debugfs: Directory 'hsr0' with parent '/' already present! [ 3037.052460][T24180] team0: Port device team_slave_1 added [ 3037.215940][T24180] device hsr_slave_0 entered promiscuous mode [ 3037.272898][T24180] device hsr_slave_1 entered promiscuous mode [ 3037.361811][T24180] debugfs: Directory 'hsr0' with parent '/' already present! [ 3037.481895][T24206] chnl_net:caif_netlink_parms(): no params data found [ 3037.783567][T24206] bridge0: port 1(bridge_slave_0) entered blocking state [ 3037.790673][T24206] bridge0: port 1(bridge_slave_0) entered disabled state [ 3037.802453][T24206] device bridge_slave_0 entered promiscuous mode [ 3037.827948][T24206] bridge0: port 2(bridge_slave_1) entered blocking state [ 3037.835279][T24206] bridge0: port 2(bridge_slave_1) entered disabled state [ 3037.844783][T24206] device bridge_slave_1 entered promiscuous mode [ 3037.982124][T24182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3038.000183][T24206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3038.112336][T24206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3038.123795][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3038.132810][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3038.146809][T24182] 8021q: adding VLAN 0 to HW filter on device team0 [ 3038.247797][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3038.258372][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3038.267612][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3038.274728][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3038.355965][T24206] team0: Port device team_slave_0 added [ 3038.364049][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3038.380543][T24180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3038.390839][T24206] team0: Port device team_slave_1 added [ 3038.400057][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3038.409992][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3038.418982][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3038.426095][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3038.492745][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3038.685837][T24206] device hsr_slave_0 entered promiscuous mode [ 3038.752961][T24206] device hsr_slave_1 entered promiscuous mode [ 3038.811771][T24206] debugfs: Directory 'hsr0' with parent '/' already present! [ 3038.823462][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3038.833686][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3038.843280][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3038.916269][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3038.924740][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3038.942568][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3038.951267][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3038.960821][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3038.969542][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3038.977737][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3038.996453][T24180] 8021q: adding VLAN 0 to HW filter on device team0 [ 3039.083419][T24182] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3039.096136][T24182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3039.115182][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3039.132573][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3039.141209][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3039.150934][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3039.159874][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3039.166985][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3039.213273][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3039.223596][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3039.233011][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3039.241466][T16202] bridge0: port 2(bridge_slave_1) entered blocking state [ 3039.248572][T16202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3039.258911][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3039.346996][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3039.363028][T24182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3039.440644][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3039.460187][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3039.481053][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3039.491490][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3039.503131][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3039.588299][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3039.603135][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 20:15:09 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 20:15:09 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3039.711551][T24180] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3039.733356][T24180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3039.760863][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3039.770550][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3039.802100][T24206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3039.912994][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3039.922054][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3040.018784][T24206] 8021q: adding VLAN 0 to HW filter on device team0 [ 3040.038816][T24180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3040.114134][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3040.132862][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3040.141474][T16202] bridge0: port 1(bridge_slave_0) entered blocking state [ 3040.148603][T16202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3040.236697][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3040.246134][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3040.255342][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3040.267161][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3040.274281][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3040.284941][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3040.372916][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3040.388825][T24229] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3040.460244][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3040.483620][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3040.503173][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3040.559657][T24229] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3040.581107][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3040.591588][T24229] CPU: 1 PID: 24229 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3040.599168][T24229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3040.609233][T24229] Call Trace: [ 3040.612546][T24229] dump_stack+0x172/0x1f0 [ 3040.616884][T24229] dump_header+0x10b/0x82d [ 3040.621307][T24229] oom_kill_process.cold+0x10/0x15 [ 3040.626425][T24229] out_of_memory+0x334/0x1340 [ 3040.631108][T24229] ? __this_cpu_preempt_check+0x3a/0x210 [ 3040.636745][T24229] ? retint_kernel+0x2b/0x2b [ 3040.641327][T24229] ? oom_killer_disable+0x280/0x280 [ 3040.646504][T24229] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3040.652203][T24229] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3040.657725][T24229] ? memcg_stat_show+0xc40/0xc40 [ 3040.662660][T24229] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3040.668464][T24229] ? cgroup_file_notify+0x140/0x1b0 [ 3040.673697][T24229] memory_max_write+0x262/0x3a0 [ 3040.678559][T24229] ? mem_cgroup_write+0x370/0x370 [ 3040.683582][T24229] ? cgroup_file_write+0x86/0x790 [ 3040.688591][T24229] cgroup_file_write+0x241/0x790 [ 3040.693513][T24229] ? mem_cgroup_write+0x370/0x370 [ 3040.698518][T24229] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3040.704134][T24229] ? kernfs_ops+0x9f/0x120 [ 3040.708537][T24229] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3040.714156][T24229] kernfs_fop_write+0x2b8/0x480 [ 3040.718988][T24229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3040.725208][T24229] __vfs_write+0x8a/0x110 [ 3040.729512][T24229] ? kernfs_fop_open+0xd80/0xd80 [ 3040.734425][T24229] vfs_write+0x268/0x5d0 [ 3040.738646][T24229] ksys_write+0x14f/0x290 [ 3040.742954][T24229] ? __ia32_sys_read+0xb0/0xb0 [ 3040.747696][T24229] ? do_syscall_64+0x26/0x760 [ 3040.752351][T24229] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3040.758429][T24229] ? do_syscall_64+0x26/0x760 [ 3040.763094][T24229] __x64_sys_write+0x73/0xb0 [ 3040.767662][T24229] do_syscall_64+0xfa/0x760 [ 3040.772146][T24229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3040.778010][T24229] RIP: 0033:0x459a29 [ 3040.781882][T24229] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3040.801463][T24229] RSP: 002b:00007f1442af0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3040.809849][T24229] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3040.817799][T24229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3040.825746][T24229] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3040.833692][T24229] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1442af16d4 [ 3040.841644][T24229] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3040.855114][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3040.864518][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3040.872419][T24229] memory: usage 22476kB, limit 0kB, failcnt 127 [ 3040.873321][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3040.881853][T24229] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3040.897274][T24206] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3040.919560][T24206] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3040.921964][T24229] Memory cgroup stats for /syz3: [ 3040.922582][T24229] anon 2154496 [ 3040.922582][T24229] file 90112 [ 3040.922582][T24229] kernel_stack 65536 [ 3040.922582][T24229] slab 20664320 [ 3040.922582][T24229] sock 0 [ 3040.922582][T24229] shmem 0 [ 3040.922582][T24229] file_mapped 0 [ 3040.922582][T24229] file_dirty 0 [ 3040.922582][T24229] file_writeback 0 [ 3040.922582][T24229] anon_thp 2097152 [ 3040.922582][T24229] inactive_anon 0 [ 3040.922582][T24229] active_anon 2154496 [ 3040.922582][T24229] inactive_file 135168 [ 3040.922582][T24229] active_file 0 [ 3040.922582][T24229] unevictable 0 [ 3040.922582][T24229] slab_reclaimable 20140032 [ 3040.922582][T24229] slab_unreclaimable 524288 [ 3040.922582][T24229] pgfault 46200 [ 3040.922582][T24229] pgmajfault 0 [ 3040.922582][T24229] workingset_refault 0 [ 3040.922582][T24229] workingset_activate 0 [ 3040.922582][T24229] workingset_nodereclaim 0 [ 3040.922582][T24229] pgrefill 349 [ 3040.922582][T24229] pgscan 343 [ 3040.922582][T24229] pgsteal 33 [ 3040.922582][T24229] pgactivate 297 [ 3041.024953][T24229] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24227,uid=0 [ 3041.043488][T24229] Memory cgroup out of memory: Killed process 24227 (syz-executor.3) total-vm:72576kB, anon-rss:2188kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 3041.082184][ T1066] oom_reaper: reaped process 24227 (syz-executor.3), now anon-rss:0kB, file-rss:34904kB, shmem-rss:0kB [ 3041.098094][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3041.119255][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 20:15:10 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, 0xffffffffffffffff, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:15:10 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) 20:15:10 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:10 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 3041.256172][T24206] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3041.259811][T24180] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3041.273844][T24180] CPU: 0 PID: 24180 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3041.281402][T24180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3041.291465][T24180] Call Trace: [ 3041.294771][T24180] dump_stack+0x172/0x1f0 [ 3041.299119][T24180] dump_header+0x10b/0x82d [ 3041.303545][T24180] ? oom_kill_process+0x94/0x3f0 [ 3041.308495][T24180] oom_kill_process.cold+0x10/0x15 [ 3041.313611][T24180] out_of_memory+0x334/0x1340 [ 3041.313627][T24180] ? lock_downgrade+0x920/0x920 [ 3041.313645][T24180] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3041.313662][T24180] ? oom_killer_disable+0x280/0x280 [ 3041.313688][T24180] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3041.313699][T24180] ? memcg_stat_show+0xc40/0xc40 [ 3041.313716][T24180] ? do_raw_spin_unlock+0x57/0x270 [ 3041.313737][T24180] ? _raw_spin_unlock+0x2d/0x50 [ 3041.354580][T24180] try_charge+0xf4b/0x1440 [ 3041.359027][T24180] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3041.364586][T24180] ? percpu_ref_tryget_live+0x111/0x290 [ 3041.370154][T24180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3041.376410][T24180] ? __kasan_check_read+0x11/0x20 [ 3041.381450][T24180] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3041.387016][T24180] mem_cgroup_try_charge+0x136/0x590 [ 3041.392314][T24180] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3041.397965][T24180] wp_page_copy+0x407/0x1860 [ 3041.402572][T24180] ? find_held_lock+0x35/0x130 [ 3041.407351][T24180] ? do_wp_page+0x53b/0x15c0 [ 3041.411951][T24180] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3041.417767][T24180] ? lock_downgrade+0x920/0x920 [ 3041.422626][T24180] ? swp_swapcount+0x540/0x540 [ 3041.427396][T24180] ? __kasan_check_read+0x11/0x20 [ 3041.432430][T24180] ? do_raw_spin_unlock+0x57/0x270 [ 3041.437564][T24180] do_wp_page+0x543/0x15c0 [ 3041.441997][T24180] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3041.447393][T24180] __handle_mm_fault+0x23ec/0x4040 [ 3041.452532][T24180] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3041.458098][T24180] ? handle_mm_fault+0x292/0xaa0 [ 3041.463058][T24180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3041.469309][T24180] ? __kasan_check_read+0x11/0x20 [ 3041.474348][T24180] handle_mm_fault+0x3b7/0xaa0 [ 3041.479126][T24180] __do_page_fault+0x536/0xdd0 [ 3041.483910][T24180] do_page_fault+0x38/0x590 [ 3041.488420][T24180] page_fault+0x39/0x40 [ 3041.492597][T24180] RIP: 0033:0x4034f2 [ 3041.496511][T24180] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3041.516131][T24180] RSP: 002b:00007fff0bffbd70 EFLAGS: 00010246 [ 3041.522209][T24180] RAX: 0000000000000000 RBX: 00000000002e64f5 RCX: 0000000000413630 [ 3041.530184][T24180] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff0bffcea0 [ 3041.538158][T24180] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002992940 [ 3041.546140][T24180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff0bffcea0 [ 3041.554119][T24180] R13: 00007fff0bffce90 R14: 0000000000000000 R15: 00007fff0bffcea0 [ 3041.613944][T24180] memory: usage 20032kB, limit 0kB, failcnt 135 [ 3041.627167][T24180] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3041.643102][T24234] IPVS: ftp: loaded support on port[0] = 21 [ 3041.672224][T24180] Memory cgroup stats for /syz3: [ 3041.672341][T24180] anon 102400 [ 3041.672341][T24180] file 90112 [ 3041.672341][T24180] kernel_stack 0 [ 3041.672341][T24180] slab 20529152 [ 3041.672341][T24180] sock 0 [ 3041.672341][T24180] shmem 0 [ 3041.672341][T24180] file_mapped 0 [ 3041.672341][T24180] file_dirty 0 [ 3041.672341][T24180] file_writeback 0 [ 3041.672341][T24180] anon_thp 0 [ 3041.672341][T24180] inactive_anon 0 [ 3041.672341][T24180] active_anon 102400 [ 3041.672341][T24180] inactive_file 135168 [ 3041.672341][T24180] active_file 0 [ 3041.672341][T24180] unevictable 0 [ 3041.672341][T24180] slab_reclaimable 20004864 [ 3041.672341][T24180] slab_unreclaimable 524288 [ 3041.672341][T24180] pgfault 46200 [ 3041.672341][T24180] pgmajfault 0 [ 3041.672341][T24180] workingset_refault 0 [ 3041.672341][T24180] workingset_activate 0 [ 3041.672341][T24180] workingset_nodereclaim 0 [ 3041.672341][T24180] pgrefill 349 [ 3041.672341][T24180] pgscan 343 [ 3041.672341][T24180] pgsteal 33 [ 3041.672341][T24180] pgactivate 297 [ 3041.818985][T24180] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24180,uid=0 [ 3041.834786][T24180] Memory cgroup out of memory: Killed process 24180 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 3041.909952][ T1066] oom_reaper: reaped process 24180 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3041.928293][T24245] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3042.029422][T24245] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3042.044161][T24245] CPU: 0 PID: 24245 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3042.051733][T24245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3042.061776][T24245] Call Trace: [ 3042.061801][T24245] dump_stack+0x172/0x1f0 [ 3042.061821][T24245] dump_header+0x10b/0x82d [ 3042.061836][T24245] oom_kill_process.cold+0x10/0x15 [ 3042.061853][T24245] out_of_memory+0x334/0x1340 [ 3042.061871][T24245] ? __sched_text_start+0x8/0x8 [ 3042.061886][T24245] ? oom_killer_disable+0x280/0x280 [ 3042.061912][T24245] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3042.061925][T24245] ? memcg_stat_show+0xc40/0xc40 [ 3042.061945][T24245] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3042.061967][T24245] ? cgroup_file_notify+0x140/0x1b0 [ 3042.083691][T24245] memory_max_write+0x262/0x3a0 [ 3042.093684][T24245] ? mem_cgroup_write+0x370/0x370 [ 3042.093704][T24245] ? cgroup_file_write+0x86/0x790 [ 3042.093722][T24245] cgroup_file_write+0x241/0x790 [ 3042.093740][T24245] ? mem_cgroup_write+0x370/0x370 [ 3042.093755][T24245] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3042.093778][T24245] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3042.093797][T24245] kernfs_fop_write+0x2b8/0x480 [ 3042.093818][T24245] __vfs_write+0x8a/0x110 [ 3042.093831][T24245] ? kernfs_fop_open+0xd80/0xd80 [ 3042.093844][T24245] vfs_write+0x268/0x5d0 [ 3042.093858][T24245] ksys_write+0x14f/0x290 [ 3042.093877][T24245] ? __ia32_sys_read+0xb0/0xb0 [ 3042.104324][T24245] ? do_syscall_64+0x26/0x760 [ 3042.115261][T24245] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3042.115273][T24245] ? do_syscall_64+0x26/0x760 [ 3042.115293][T24245] __x64_sys_write+0x73/0xb0 [ 3042.115309][T24245] do_syscall_64+0xfa/0x760 [ 3042.115327][T24245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3042.115338][T24245] RIP: 0033:0x459a29 [ 3042.115356][T24245] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3042.145721][T24245] RSP: 002b:00007f0bc97f3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3042.156151][T24245] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3042.156158][T24245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3042.156166][T24245] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3042.156173][T24245] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0bc97f46d4 [ 3042.156182][T24245] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3042.172941][T24245] memory: usage 3244kB, limit 0kB, failcnt 1315 [ 3042.220117][T24245] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3042.234103][T24245] Memory cgroup stats for /syz0: [ 3042.234707][T24245] anon 2142208 [ 3042.234707][T24245] file 20480 [ 3042.234707][T24245] kernel_stack 65536 [ 3042.234707][T24245] slab 823296 [ 3042.234707][T24245] sock 0 [ 3042.234707][T24245] shmem 0 [ 3042.234707][T24245] file_mapped 0 [ 3042.234707][T24245] file_dirty 0 [ 3042.234707][T24245] file_writeback 0 [ 3042.234707][T24245] anon_thp 2097152 [ 3042.234707][T24245] inactive_anon 0 [ 3042.234707][T24245] active_anon 2142208 [ 3042.234707][T24245] inactive_file 0 [ 3042.234707][T24245] active_file 0 [ 3042.234707][T24245] unevictable 0 [ 3042.234707][T24245] slab_reclaimable 270336 [ 3042.234707][T24245] slab_unreclaimable 552960 [ 3042.234707][T24245] pgfault 19107 [ 3042.234707][T24245] pgmajfault 0 [ 3042.234707][T24245] workingset_refault 0 [ 3042.234707][T24245] workingset_activate 0 [ 3042.234707][T24245] workingset_nodereclaim 0 [ 3042.234707][T24245] pgrefill 66 [ 3042.234707][T24245] pgscan 66 [ 3042.234707][T24245] pgsteal 0 [ 3042.234707][T24245] pgactivate 33 [ 3042.244023][T24245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24244,uid=0 [ 3042.297135][T24245] Memory cgroup out of memory: Killed process 24244 (syz-executor.0) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3042.465672][ T1066] oom_reaper: reaped process 24244 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 20:15:12 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:12 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:12 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x60}, 0x0) [ 3042.673925][T24206] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3042.684748][T24206] CPU: 1 PID: 24206 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3042.692317][T24206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3042.702369][T24206] Call Trace: [ 3042.705688][T24206] dump_stack+0x172/0x1f0 [ 3042.710028][T24206] dump_header+0x10b/0x82d [ 3042.714445][T24206] ? oom_kill_process+0x94/0x3f0 [ 3042.719409][T24206] oom_kill_process.cold+0x10/0x15 [ 3042.724522][T24206] out_of_memory+0x334/0x1340 [ 3042.729197][T24206] ? lock_downgrade+0x920/0x920 [ 3042.734052][T24206] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3042.739858][T24206] ? oom_killer_disable+0x280/0x280 [ 3042.745068][T24206] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3042.750617][T24206] ? memcg_stat_show+0xc40/0xc40 [ 3042.755564][T24206] ? do_raw_spin_unlock+0x57/0x270 [ 3042.760681][T24206] ? _raw_spin_unlock+0x2d/0x50 [ 3042.765536][T24206] try_charge+0xf4b/0x1440 [ 3042.769968][T24206] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3042.775512][T24206] ? percpu_ref_tryget_live+0x111/0x290 [ 3042.781063][T24206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3042.787303][T24206] ? __kasan_check_read+0x11/0x20 [ 3042.792331][T24206] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3042.797880][T24206] mem_cgroup_try_charge+0x136/0x590 [ 3042.803172][T24206] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3042.808807][T24206] wp_page_copy+0x407/0x1860 [ 3042.813398][T24206] ? find_held_lock+0x35/0x130 [ 3042.818161][T24206] ? do_wp_page+0x53b/0x15c0 [ 3042.822755][T24206] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3042.828563][T24206] ? lock_downgrade+0x920/0x920 [ 3042.833418][T24206] ? swp_swapcount+0x540/0x540 [ 3042.838185][T24206] ? __kasan_check_read+0x11/0x20 [ 3042.843206][T24206] ? do_raw_spin_unlock+0x57/0x270 [ 3042.848322][T24206] do_wp_page+0x543/0x15c0 [ 3042.852746][T24206] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3042.858126][T24206] __handle_mm_fault+0x23ec/0x4040 [ 3042.863239][T24206] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3042.868784][T24206] ? handle_mm_fault+0x292/0xaa0 [ 3042.873766][T24206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3042.880007][T24206] ? __kasan_check_read+0x11/0x20 [ 3042.885032][T24206] handle_mm_fault+0x3b7/0xaa0 [ 3042.889800][T24206] __do_page_fault+0x536/0xdd0 [ 3042.894570][T24206] do_page_fault+0x38/0x590 [ 3042.899076][T24206] page_fault+0x39/0x40 [ 3042.903224][T24206] RIP: 0033:0x430b06 [ 3042.907113][T24206] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3042.921107][T24250] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3042.926709][T24206] RSP: 002b:00007fffeba65220 EFLAGS: 00010206 [ 3042.926722][T24206] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3042.926729][T24206] RDX: 00000000014e0930 RSI: 00000000014e8970 RDI: 0000000000000003 [ 3042.926737][T24206] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000014df940 [ 3042.926745][T24206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3042.926753][T24206] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3043.021224][T24206] memory: usage 868kB, limit 0kB, failcnt 1323 [ 3043.031366][T24206] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3043.035812][T24250] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3043.044335][T24206] Memory cgroup stats for /syz0: [ 3043.044444][T24206] anon 40960 [ 3043.044444][T24206] file 20480 [ 3043.044444][T24206] kernel_stack 0 [ 3043.044444][T24206] slab 823296 [ 3043.044444][T24206] sock 0 [ 3043.044444][T24206] shmem 0 [ 3043.044444][T24206] file_mapped 0 [ 3043.044444][T24206] file_dirty 0 [ 3043.044444][T24206] file_writeback 0 [ 3043.044444][T24206] anon_thp 0 [ 3043.044444][T24206] inactive_anon 0 [ 3043.044444][T24206] active_anon 40960 [ 3043.044444][T24206] inactive_file 0 [ 3043.044444][T24206] active_file 0 [ 3043.044444][T24206] unevictable 0 [ 3043.044444][T24206] slab_reclaimable 270336 [ 3043.044444][T24206] slab_unreclaimable 552960 [ 3043.044444][T24206] pgfault 19107 [ 3043.044444][T24206] pgmajfault 0 [ 3043.044444][T24206] workingset_refault 0 [ 3043.044444][T24206] workingset_activate 0 [ 3043.044444][T24206] workingset_nodereclaim 0 [ 3043.044444][T24206] pgrefill 66 [ 3043.044444][T24206] pgscan 66 [ 3043.044444][T24206] pgsteal 0 [ 3043.044444][T24206] pgactivate 33 [ 3043.052755][T24206] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24206,uid=0 [ 3043.171189][T24206] Memory cgroup out of memory: Killed process 24206 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3043.189463][ T1066] oom_reaper: reaped process 24206 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3043.200975][T24248] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3043.212493][T24248] CPU: 0 PID: 24248 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3043.220045][T24248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3043.220052][T24248] Call Trace: [ 3043.220079][T24248] dump_stack+0x172/0x1f0 [ 3043.220103][T24248] dump_header+0x10b/0x82d [ 3043.220124][T24248] oom_kill_process.cold+0x10/0x15 [ 3043.247251][T24248] out_of_memory+0x334/0x1340 [ 3043.251930][T24248] ? retint_kernel+0x2b/0x2b [ 3043.251949][T24248] ? oom_killer_disable+0x280/0x280 [ 3043.251978][T24248] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3043.251990][T24248] ? memcg_stat_show+0xc40/0xc40 [ 3043.252012][T24248] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3043.252030][T24248] ? cgroup_file_notify+0x140/0x1b0 [ 3043.252046][T24248] memory_max_write+0x262/0x3a0 [ 3043.252064][T24248] ? mem_cgroup_write+0x370/0x370 [ 3043.252082][T24248] ? lock_acquire+0x190/0x410 [ 3043.252100][T24248] ? kernfs_fop_write+0x227/0x480 [ 3043.252120][T24248] cgroup_file_write+0x241/0x790 [ 3043.252136][T24248] ? mem_cgroup_write+0x370/0x370 [ 3043.252151][T24248] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3043.252172][T24248] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3043.267459][T24248] kernfs_fop_write+0x2b8/0x480 [ 3043.267482][T24248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3043.267509][T24248] __vfs_write+0x8a/0x110 [ 3043.288246][T24248] ? kernfs_fop_open+0xd80/0xd80 [ 3043.302923][T24248] vfs_write+0x268/0x5d0 [ 3043.302940][T24248] ksys_write+0x14f/0x290 [ 3043.302956][T24248] ? __ia32_sys_read+0xb0/0xb0 [ 3043.302979][T24248] ? do_syscall_64+0xc0/0x760 [ 3043.302995][T24248] __x64_sys_write+0x73/0xb0 [ 3043.303010][T24248] do_syscall_64+0xfa/0x760 20:15:12 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x68}, 0x0) [ 3043.303035][T24248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3043.303046][T24248] RIP: 0033:0x459a29 [ 3043.303061][T24248] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3043.303069][T24248] RSP: 002b:00007f3ff0b0ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3043.303084][T24248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3043.303091][T24248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3043.303099][T24248] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3043.303107][T24248] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ff0b0b6d4 [ 3043.303115][T24248] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3043.402128][T24248] memory: usage 3316kB, limit 0kB, failcnt 1348 [ 3043.402174][T24248] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3043.402238][T24248] Memory cgroup stats for /syz5: [ 3043.403023][T24248] anon 2265088 [ 3043.403023][T24248] file 0 [ 3043.403023][T24248] kernel_stack 65536 [ 3043.403023][T24248] slab 675840 [ 3043.403023][T24248] sock 4096 [ 3043.403023][T24248] shmem 77824 [ 3043.403023][T24248] file_mapped 0 [ 3043.403023][T24248] file_dirty 0 [ 3043.403023][T24248] file_writeback 0 [ 3043.403023][T24248] anon_thp 2097152 [ 3043.403023][T24248] inactive_anon 135168 [ 3043.403023][T24248] active_anon 2187264 [ 3043.403023][T24248] inactive_file 0 [ 3043.403023][T24248] active_file 0 [ 3043.403023][T24248] unevictable 0 [ 3043.403023][T24248] slab_reclaimable 135168 [ 3043.403023][T24248] slab_unreclaimable 540672 [ 3043.403023][T24248] pgfault 21813 [ 3043.403023][T24248] pgmajfault 0 [ 3043.403023][T24248] workingset_refault 0 [ 3043.403023][T24248] workingset_activate 0 [ 3043.403023][T24248] workingset_nodereclaim 0 [ 3043.403023][T24248] pgrefill 165 [ 3043.403023][T24248] pgscan 253 [ 3043.403023][T24248] pgsteal 69 [ 3043.403023][T24248] pgactivate 66 [ 3043.431964][T24248] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24247,uid=0 [ 3043.481052][T24254] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3043.566856][T24248] Memory cgroup out of memory: Killed process 24248 (syz-executor.5) total-vm:72572kB, anon-rss:2192kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 20:15:13 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, 0xffffffffffffffff, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:15:13 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3043.613548][ T1066] oom_reaper: reaped process 24248 (syz-executor.5), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3043.624467][T24252] IPVS: ftp: loaded support on port[0] = 21 [ 3043.665860][T24182] syz-executor.5 invoked oom-killer: gfp_mask=0x40cd0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 3043.691982][T24182] CPU: 1 PID: 24182 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3043.699566][T24182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3043.709631][T24182] Call Trace: 20:15:13 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, 0xffffffffffffffff, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 3043.712941][T24182] dump_stack+0x172/0x1f0 [ 3043.717286][T24182] dump_header+0x10b/0x82d [ 3043.721710][T24182] ? oom_kill_process+0x94/0x3f0 [ 3043.726658][T24182] oom_kill_process.cold+0x10/0x15 [ 3043.731774][T24182] out_of_memory+0x334/0x1340 [ 3043.736460][T24182] ? lock_downgrade+0x920/0x920 [ 3043.741322][T24182] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3043.742585][T24254] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3043.747127][T24182] ? oom_killer_disable+0x280/0x280 [ 3043.747155][T24182] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3043.747172][T24182] ? memcg_stat_show+0xc40/0xc40 [ 3043.772080][T24182] ? do_raw_spin_unlock+0x57/0x270 [ 3043.777207][T24182] ? _raw_spin_unlock+0x2d/0x50 [ 3043.782076][T24182] try_charge+0xf4b/0x1440 [ 3043.786519][T24182] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3043.792080][T24182] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3043.797646][T24182] ? cache_grow_begin+0x122/0xd20 [ 3043.802680][T24182] ? find_held_lock+0x35/0x130 [ 3043.807450][T24182] ? cache_grow_begin+0x122/0xd20 [ 3043.812483][T24182] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3043.818036][T24182] ? lock_downgrade+0x920/0x920 [ 3043.822892][T24182] ? memcg_kmem_put_cache+0x50/0x50 [ 3043.828095][T24182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3043.834345][T24182] ? __kasan_check_read+0x11/0x20 [ 3043.839383][T24182] cache_grow_begin+0x629/0xd20 [ 3043.844260][T24182] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 3043.849900][T24182] ? mempolicy_slab_node+0x139/0x390 [ 3043.855214][T24182] fallback_alloc+0x1fd/0x2d0 [ 3043.859909][T24182] ____cache_alloc_node+0x1bc/0x1d0 [ 3043.865116][T24182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3043.871370][T24182] kmem_cache_alloc+0x1ef/0x710 [ 3043.876229][T24182] ? rcu_read_lock_held+0x9c/0xb0 [ 3043.881258][T24182] __d_alloc+0x2e/0x8c0 [ 3043.885424][T24182] d_alloc+0x4d/0x280 [ 3043.889414][T24182] d_alloc_parallel+0xf4/0x1c30 [ 3043.894284][T24182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3043.900556][T24182] ? __d_lookup_rcu+0x6c0/0x6c0 [ 3043.905424][T24182] ? __lock_acquire+0x16f2/0x4a00 [ 3043.910453][T24182] ? __kasan_check_read+0x11/0x20 [ 3043.915476][T24182] ? mark_lock+0xc2/0x1220 [ 3043.919896][T24182] ? lockdep_init_map+0x1be/0x6d0 [ 3043.924921][T24182] ? lockdep_init_map+0x1be/0x6d0 [ 3043.929953][T24182] __lookup_slow+0x1ab/0x500 [ 3043.934553][T24182] ? vfs_unlink+0x620/0x620 [ 3043.939087][T24182] lookup_slow+0x58/0x80 [ 3043.943333][T24182] path_mountpoint+0x5d2/0x1e60 [ 3043.948191][T24182] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3043.953739][T24182] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3043.959731][T24182] ? path_openat+0x46d0/0x46d0 [ 3043.964512][T24182] filename_mountpoint+0x18e/0x390 [ 3043.969634][T24182] ? filename_parentat.isra.0+0x410/0x410 [ 3043.975363][T24182] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3043.981534][T24182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3043.987783][T24182] ? __phys_addr_symbol+0x30/0x70 [ 3043.992818][T24182] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3043.998545][T24182] ? __check_object_size+0x3d/0x437 [ 3044.003759][T24182] ? strncpy_from_user+0x2b4/0x400 [ 3044.008886][T24182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3044.015129][T24182] ? getname_flags+0x277/0x5b0 [ 3044.015149][T24182] user_path_mountpoint_at+0x3a/0x50 [ 3044.015168][T24182] ksys_umount+0x164/0xf00 [ 3044.029567][T24182] ? __ia32_sys_rmdir+0x40/0x40 [ 3044.034416][T24182] ? __detach_mounts+0x2a0/0x2a0 [ 3044.039344][T24182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3044.045570][T24182] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3044.051016][T24182] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3044.056466][T24182] ? do_syscall_64+0x26/0x760 [ 3044.061133][T24182] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3044.067179][T24182] ? do_syscall_64+0x26/0x760 [ 3044.071834][T24182] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3044.077101][T24182] __x64_sys_umount+0x54/0x80 [ 3044.081761][T24182] do_syscall_64+0xfa/0x760 [ 3044.086254][T24182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3044.092183][T24182] RIP: 0033:0x45c457 [ 3044.096070][T24182] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3044.115655][T24182] RSP: 002b:00007fff56b58588 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 3044.124046][T24182] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c457 [ 3044.132057][T24182] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007fff56b58630 [ 3044.140017][T24182] RBP: 0000000000000008 R08: 0000000000000000 R09: 000000000000000e [ 3044.147978][T24182] R10: 000000000000000a R11: 0000000000000206 R12: 00007fff56b596c0 [ 3044.155927][T24182] R13: 00000000010ae940 R14: 0000000000000000 R15: 00007fff56b596c0 [ 3044.173080][T24182] memory: usage 980kB, limit 0kB, failcnt 1360 [ 3044.179347][T24182] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3044.186738][T24182] Memory cgroup stats for /syz5: [ 3044.186857][T24182] anon 151552 [ 3044.186857][T24182] file 0 [ 3044.186857][T24182] kernel_stack 0 [ 3044.186857][T24182] slab 675840 [ 3044.186857][T24182] sock 4096 [ 3044.186857][T24182] shmem 77824 [ 3044.186857][T24182] file_mapped 0 [ 3044.186857][T24182] file_dirty 0 [ 3044.186857][T24182] file_writeback 0 [ 3044.186857][T24182] anon_thp 0 [ 3044.186857][T24182] inactive_anon 135168 [ 3044.186857][T24182] active_anon 73728 [ 3044.186857][T24182] inactive_file 0 [ 3044.186857][T24182] active_file 0 [ 3044.186857][T24182] unevictable 0 [ 3044.186857][T24182] slab_reclaimable 135168 [ 3044.186857][T24182] slab_unreclaimable 540672 [ 3044.186857][T24182] pgfault 21813 [ 3044.186857][T24182] pgmajfault 0 [ 3044.186857][T24182] workingset_refault 0 [ 3044.186857][T24182] workingset_activate 0 [ 3044.186857][T24182] workingset_nodereclaim 0 [ 3044.186857][T24182] pgrefill 165 [ 3044.186857][T24182] pgscan 253 [ 3044.186857][T24182] pgsteal 69 [ 3044.186857][T24182] pgactivate 66 [ 3044.282009][T24182] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24182,uid=0 [ 3044.298026][T24182] Memory cgroup out of memory: Killed process 24182 (syz-executor.5) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3044.316725][ T1066] oom_reaper: reaped process 24182 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3045.088328][T24234] chnl_net:caif_netlink_parms(): no params data found [ 3045.239239][T24260] IPVS: ftp: loaded support on port[0] = 21 [ 3045.406139][T24234] bridge0: port 1(bridge_slave_0) entered blocking state [ 3045.413951][T24234] bridge0: port 1(bridge_slave_0) entered disabled state [ 3045.423338][T24234] device bridge_slave_0 entered promiscuous mode [ 3045.463095][T24234] bridge0: port 2(bridge_slave_1) entered blocking state [ 3045.470202][T24234] bridge0: port 2(bridge_slave_1) entered disabled state [ 3045.479409][T24234] device bridge_slave_1 entered promiscuous mode [ 3045.690747][T24234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3045.700610][T24252] chnl_net:caif_netlink_parms(): no params data found [ 3045.725506][T24234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3045.916755][T24234] team0: Port device team_slave_0 added [ 3045.957301][T24234] team0: Port device team_slave_1 added [ 3046.066210][T24252] bridge0: port 1(bridge_slave_0) entered blocking state [ 3046.074192][T24252] bridge0: port 1(bridge_slave_0) entered disabled state [ 3046.084180][T24252] device bridge_slave_0 entered promiscuous mode [ 3046.114095][T24260] chnl_net:caif_netlink_parms(): no params data found [ 3046.124926][T24252] bridge0: port 2(bridge_slave_1) entered blocking state [ 3046.132850][T24252] bridge0: port 2(bridge_slave_1) entered disabled state [ 3046.141539][T24252] device bridge_slave_1 entered promiscuous mode [ 3046.237962][T24234] device hsr_slave_0 entered promiscuous mode [ 3046.293017][T24234] device hsr_slave_1 entered promiscuous mode [ 3046.411905][T24234] debugfs: Directory 'hsr0' with parent '/' already present! [ 3046.505649][T24252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3046.520130][T24252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3046.540515][T24260] bridge0: port 1(bridge_slave_0) entered blocking state [ 3046.549095][T24260] bridge0: port 1(bridge_slave_0) entered disabled state [ 3046.558305][T24260] device bridge_slave_0 entered promiscuous mode [ 3046.619203][T24260] bridge0: port 2(bridge_slave_1) entered blocking state [ 3046.628406][T24260] bridge0: port 2(bridge_slave_1) entered disabled state [ 3046.637931][T24260] device bridge_slave_1 entered promiscuous mode [ 3046.659996][T24252] team0: Port device team_slave_0 added [ 3046.679191][T24252] team0: Port device team_slave_1 added [ 3046.809663][T24260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3046.825266][T24260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3046.937442][T24252] device hsr_slave_0 entered promiscuous mode [ 3047.002693][T24252] device hsr_slave_1 entered promiscuous mode [ 3047.081735][T24252] debugfs: Directory 'hsr0' with parent '/' already present! [ 3047.196418][T24260] team0: Port device team_slave_0 added [ 3047.220437][T24260] team0: Port device team_slave_1 added [ 3047.447516][T24260] device hsr_slave_0 entered promiscuous mode [ 3047.483019][T24260] device hsr_slave_1 entered promiscuous mode [ 3047.611872][T24260] debugfs: Directory 'hsr0' with parent '/' already present! [ 3047.812198][T24234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3047.899710][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3047.908748][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3047.922811][T24234] 8021q: adding VLAN 0 to HW filter on device team0 [ 3047.937669][T24252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3048.059103][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3048.069169][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3048.078216][T16202] bridge0: port 1(bridge_slave_0) entered blocking state [ 3048.085325][T16202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3048.168650][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3048.179448][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3048.188395][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3048.197276][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3048.207482][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3048.217044][T16202] bridge0: port 2(bridge_slave_1) entered blocking state [ 3048.224155][T16202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3048.233079][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3048.245034][T24252] 8021q: adding VLAN 0 to HW filter on device team0 [ 3048.319849][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3048.329548][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3048.339063][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3048.349816][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 3048.356926][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3048.365924][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3048.447339][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3048.457150][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3048.483263][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3048.492852][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3048.502108][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3048.512467][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3048.520973][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3048.528100][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3048.563889][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3048.572579][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3048.583850][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3048.593174][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3048.602055][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3048.610694][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3048.663423][T24260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3048.676961][T24234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3048.692957][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3048.827150][T24260] 8021q: adding VLAN 0 to HW filter on device team0 [ 3048.836414][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3048.845902][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3048.855138][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3048.863566][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3048.900310][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3048.909159][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3048.918661][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3048.927597][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3048.937133][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3048.946277][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 3048.953407][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3049.023572][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3049.042990][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3049.053800][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3049.062923][T16202] bridge0: port 2(bridge_slave_1) entered blocking state [ 3049.069982][T16202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3049.087072][T24234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3049.138912][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3049.150093][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3049.159800][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3049.264354][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3049.274423][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3049.283777][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3049.293352][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3049.303970][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3049.313158][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3049.329022][T24252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3049.394362][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3049.413510][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3049.467561][T24269] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3049.515519][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3049.526319][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3049.535967][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3049.550858][T24270] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3049.562632][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3049.576671][T24260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3049.594813][T24270] CPU: 0 PID: 24270 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3049.602377][T24270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3049.612434][T24270] Call Trace: [ 3049.615738][T24270] dump_stack+0x172/0x1f0 [ 3049.620075][T24270] dump_header+0x10b/0x82d [ 3049.624503][T24270] oom_kill_process.cold+0x10/0x15 [ 3049.629622][T24270] out_of_memory+0x334/0x1340 [ 3049.634303][T24270] ? cgroup_file_notify+0x140/0x1b0 [ 3049.639518][T24270] ? oom_killer_disable+0x280/0x280 [ 3049.644729][T24270] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3049.650276][T24270] ? memcg_stat_show+0xc40/0xc40 [ 3049.655233][T24270] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3049.661053][T24270] ? cgroup_file_notify+0x140/0x1b0 [ 3049.666268][T24270] memory_max_write+0x262/0x3a0 [ 3049.671125][T24270] ? mem_cgroup_write+0x370/0x370 [ 3049.676162][T24270] ? lock_acquire+0x190/0x410 [ 3049.680844][T24270] ? kernfs_fop_write+0x227/0x480 [ 3049.685883][T24270] cgroup_file_write+0x241/0x790 [ 3049.690829][T24270] ? mem_cgroup_write+0x370/0x370 [ 3049.695855][T24270] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3049.701498][T24270] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3049.707133][T24270] kernfs_fop_write+0x2b8/0x480 [ 3049.711992][T24270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3049.718238][T24270] __vfs_write+0x8a/0x110 [ 3049.722569][T24270] ? kernfs_fop_open+0xd80/0xd80 [ 3049.727507][T24270] vfs_write+0x268/0x5d0 [ 3049.731752][T24270] ksys_write+0x14f/0x290 [ 3049.736090][T24270] ? __ia32_sys_read+0xb0/0xb0 [ 3049.740856][T24270] ? do_syscall_64+0x26/0x760 [ 3049.745534][T24270] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3049.751593][T24270] ? do_syscall_64+0x26/0x760 [ 3049.756276][T24270] __x64_sys_write+0x73/0xb0 [ 3049.760868][T24270] do_syscall_64+0xfa/0x760 [ 3049.765381][T24270] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3049.771268][T24270] RIP: 0033:0x459a29 [ 3049.775165][T24270] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3049.794767][T24270] RSP: 002b:00007f825a4d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3049.803178][T24270] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3049.811144][T24270] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3049.819113][T24270] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3049.827085][T24270] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f825a4d36d4 [ 3049.835072][T24270] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3049.847730][T24270] memory: usage 3324kB, limit 0kB, failcnt 1365 [ 3049.854276][T24270] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3049.861175][T24270] Memory cgroup stats for /syz2: [ 3049.861285][T24270] anon 2080768 [ 3049.861285][T24270] file 20480 [ 3049.861285][T24270] kernel_stack 65536 [ 3049.861285][T24270] slab 946176 [ 3049.861285][T24270] sock 0 [ 3049.861285][T24270] shmem 0 [ 3049.861285][T24270] file_mapped 0 [ 3049.861285][T24270] file_dirty 135168 [ 3049.861285][T24270] file_writeback 0 [ 3049.861285][T24270] anon_thp 2097152 [ 3049.861285][T24270] inactive_anon 0 [ 3049.861285][T24270] active_anon 2080768 [ 3049.861285][T24270] inactive_file 0 [ 3049.861285][T24270] active_file 0 [ 3049.861285][T24270] unevictable 0 [ 3049.861285][T24270] slab_reclaimable 270336 [ 3049.861285][T24270] slab_unreclaimable 675840 [ 3049.861285][T24270] pgfault 18843 [ 3049.861285][T24270] pgmajfault 0 [ 3049.861285][T24270] workingset_refault 0 [ 3049.861285][T24270] workingset_activate 0 [ 3049.861285][T24270] workingset_nodereclaim 0 [ 3049.861285][T24270] pgrefill 99 [ 3049.861285][T24270] pgscan 99 [ 3049.861285][T24270] pgsteal 0 [ 3049.861285][T24270] pgactivate 66 [ 3049.960446][T24270] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24268,uid=0 [ 3049.984345][T24270] Memory cgroup out of memory: Killed process 24268 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3050.018477][T24252] 8021q: adding VLAN 0 to HW filter on device batadv0 20:15:19 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3050.073412][ T1066] oom_reaper: reaped process 24268 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 20:15:19 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6c}, 0x0) 20:15:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3050.121025][T24234] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3050.131202][T24234] CPU: 1 PID: 24234 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3050.138741][T24234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3050.148795][T24234] Call Trace: [ 3050.152095][T24234] dump_stack+0x172/0x1f0 [ 3050.156427][T24234] dump_header+0x10b/0x82d [ 3050.160837][T24234] ? oom_kill_process+0x94/0x3f0 [ 3050.162377][T24260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3050.165770][T24234] oom_kill_process.cold+0x10/0x15 [ 3050.165785][T24234] out_of_memory+0x334/0x1340 [ 3050.165804][T24234] ? lock_downgrade+0x920/0x920 [ 3050.177631][T24234] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3050.177649][T24234] ? oom_killer_disable+0x280/0x280 [ 3050.177672][T24234] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3050.203681][T24234] ? memcg_stat_show+0xc40/0xc40 [ 3050.208631][T24234] ? do_raw_spin_unlock+0x57/0x270 [ 3050.213749][T24234] ? _raw_spin_unlock+0x2d/0x50 [ 3050.218608][T24234] try_charge+0xf4b/0x1440 [ 3050.223041][T24234] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3050.228588][T24234] ? percpu_ref_tryget_live+0x111/0x290 [ 3050.234141][T24234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3050.240394][T24234] ? __kasan_check_read+0x11/0x20 [ 3050.245427][T24234] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3050.250981][T24234] mem_cgroup_try_charge+0x136/0x590 [ 3050.256277][T24234] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3050.261930][T24234] wp_page_copy+0x407/0x1860 [ 3050.266524][T24234] ? find_held_lock+0x35/0x130 [ 3050.271290][T24234] ? do_wp_page+0x53b/0x15c0 [ 3050.275882][T24234] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3050.281694][T24234] ? lock_downgrade+0x920/0x920 [ 3050.286552][T24234] ? swp_swapcount+0x540/0x540 [ 3050.291320][T24234] ? __kasan_check_read+0x11/0x20 [ 3050.296353][T24234] ? do_raw_spin_unlock+0x57/0x270 [ 3050.301469][T24234] do_wp_page+0x543/0x15c0 [ 3050.305887][T24234] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3050.311260][T24234] __handle_mm_fault+0x23ec/0x4040 [ 3050.316368][T24234] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3050.321922][T24234] ? handle_mm_fault+0x292/0xaa0 [ 3050.326868][T24234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3050.333106][T24234] ? __kasan_check_read+0x11/0x20 [ 3050.338133][T24234] handle_mm_fault+0x3b7/0xaa0 [ 3050.342912][T24234] __do_page_fault+0x536/0xdd0 [ 3050.347678][T24234] do_page_fault+0x38/0x590 [ 3050.352181][T24234] page_fault+0x39/0x40 [ 3050.356328][T24234] RIP: 0033:0x430b06 [ 3050.360213][T24234] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3050.379807][T24234] RSP: 002b:00007ffd50ae1400 EFLAGS: 00010206 [ 3050.385868][T24234] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3050.393834][T24234] RDX: 0000000001b10930 RSI: 0000000001b18970 RDI: 0000000000000003 [ 3050.401799][T24234] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001b0f940 [ 3050.409763][T24234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3050.417728][T24234] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3050.437308][T24234] memory: usage 952kB, limit 0kB, failcnt 1373 [ 3050.443562][T24234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3050.450408][T24234] Memory cgroup stats for /syz2: [ 3050.450524][T24234] anon 16384 [ 3050.450524][T24234] file 20480 [ 3050.450524][T24234] kernel_stack 0 [ 3050.450524][T24234] slab 946176 [ 3050.450524][T24234] sock 0 [ 3050.450524][T24234] shmem 0 [ 3050.450524][T24234] file_mapped 0 [ 3050.450524][T24234] file_dirty 135168 [ 3050.450524][T24234] file_writeback 0 [ 3050.450524][T24234] anon_thp 0 [ 3050.450524][T24234] inactive_anon 0 [ 3050.450524][T24234] active_anon 16384 [ 3050.450524][T24234] inactive_file 0 [ 3050.450524][T24234] active_file 0 [ 3050.450524][T24234] unevictable 0 [ 3050.450524][T24234] slab_reclaimable 270336 [ 3050.450524][T24234] slab_unreclaimable 675840 [ 3050.450524][T24234] pgfault 18843 [ 3050.450524][T24234] pgmajfault 0 [ 3050.450524][T24234] workingset_refault 0 [ 3050.450524][T24234] workingset_activate 0 [ 3050.450524][T24234] workingset_nodereclaim 0 [ 3050.450524][T24234] pgrefill 99 [ 3050.450524][T24234] pgscan 99 [ 3050.450524][T24234] pgsteal 0 [ 3050.450524][T24234] pgactivate 66 [ 3050.547585][T24234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24234,uid=0 [ 3050.565106][T24279] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3050.582104][T24279] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3050.591529][T24234] Memory cgroup out of memory: Killed process 24234 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3050.649513][ T1066] oom_reaper: reaped process 24234 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3050.854681][T24283] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3050.882003][T24283] CPU: 0 PID: 24283 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3050.889577][T24283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3050.899632][T24283] Call Trace: [ 3050.902935][T24283] dump_stack+0x172/0x1f0 [ 3050.907275][T24283] dump_header+0x10b/0x82d [ 3050.911692][T24283] oom_kill_process.cold+0x10/0x15 [ 3050.916804][T24283] out_of_memory+0x334/0x1340 [ 3050.921497][T24283] ? __sched_text_start+0x8/0x8 [ 3050.926358][T24283] ? oom_killer_disable+0x280/0x280 [ 3050.931577][T24283] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3050.937140][T24283] ? memcg_stat_show+0xc40/0xc40 [ 3050.942084][T24283] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3050.947893][T24283] ? cgroup_file_notify+0x140/0x1b0 [ 3050.953098][T24283] memory_max_write+0x262/0x3a0 [ 3050.957950][T24283] ? mem_cgroup_write+0x370/0x370 [ 3050.962980][T24283] ? mem_cgroup_write+0x370/0x370 [ 3050.968012][T24283] cgroup_file_write+0x241/0x790 [ 3050.972950][T24283] ? mem_cgroup_write+0x370/0x370 [ 3050.977978][T24283] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3050.983623][T24283] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3050.989260][T24283] kernfs_fop_write+0x2b8/0x480 [ 3050.994121][T24283] __vfs_write+0x8a/0x110 [ 3050.998449][T24283] ? kernfs_fop_open+0xd80/0xd80 [ 3051.003392][T24283] vfs_write+0x268/0x5d0 [ 3051.007646][T24283] ksys_write+0x14f/0x290 [ 3051.011979][T24283] ? __ia32_sys_read+0xb0/0xb0 [ 3051.016747][T24283] ? do_syscall_64+0x26/0x760 [ 3051.021430][T24283] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3051.027503][T24283] ? do_syscall_64+0x26/0x760 [ 3051.032190][T24283] __x64_sys_write+0x73/0xb0 [ 3051.036789][T24283] do_syscall_64+0xfa/0x760 [ 3051.041295][T24283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3051.047184][T24283] RIP: 0033:0x459a29 [ 3051.051082][T24283] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3051.070685][T24283] RSP: 002b:00007febe4257c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3051.079087][T24283] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3051.087045][T24283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 3051.094998][T24283] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3051.102949][T24283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febe42586d4 [ 3051.110900][T24283] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3051.130965][T24283] memory: usage 20688kB, limit 0kB, failcnt 136 [ 3051.138746][T24283] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3051.223787][T24283] Memory cgroup stats for /syz3: [ 3051.224505][T24283] anon 2191360 [ 3051.224505][T24283] file 90112 [ 3051.224505][T24283] kernel_stack 65536 [ 3051.224505][T24283] slab 18771968 [ 3051.224505][T24283] sock 0 [ 3051.224505][T24283] shmem 0 [ 3051.224505][T24283] file_mapped 0 [ 3051.224505][T24283] file_dirty 0 [ 3051.224505][T24283] file_writeback 0 [ 3051.224505][T24283] anon_thp 2097152 [ 3051.224505][T24283] inactive_anon 0 [ 3051.224505][T24283] active_anon 2191360 [ 3051.224505][T24283] inactive_file 135168 [ 3051.224505][T24283] active_file 0 [ 3051.224505][T24283] unevictable 0 [ 3051.224505][T24283] slab_reclaimable 18247680 [ 3051.224505][T24283] slab_unreclaimable 524288 [ 3051.224505][T24283] pgfault 46266 [ 3051.224505][T24283] pgmajfault 0 [ 3051.224505][T24283] workingset_refault 0 [ 3051.224505][T24283] workingset_activate 0 [ 3051.224505][T24283] workingset_nodereclaim 0 [ 3051.224505][T24283] pgrefill 349 [ 3051.224505][T24283] pgscan 343 [ 3051.224505][T24283] pgsteal 33 [ 3051.224505][T24283] pgactivate 297 [ 3051.321534][T24283] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24282,uid=0 [ 3051.340305][T24283] Memory cgroup out of memory: Killed process 24282 (syz-executor.3) total-vm:72576kB, anon-rss:2184kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3051.366547][ T1066] oom_reaper: reaped process 24282 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 3051.377840][T24286] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3051.411841][T24286] CPU: 1 PID: 24286 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3051.419424][T24286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3051.429488][T24286] Call Trace: [ 3051.432793][T24286] dump_stack+0x172/0x1f0 [ 3051.437127][T24286] dump_header+0x10b/0x82d [ 3051.441547][T24286] oom_kill_process.cold+0x10/0x15 [ 3051.446660][T24286] out_of_memory+0x334/0x1340 [ 3051.451334][T24286] ? mark_held_locks+0xa4/0xf0 [ 3051.456103][T24286] ? cgroup_file_notify+0x140/0x1b0 [ 3051.461306][T24286] ? oom_killer_disable+0x280/0x280 [ 3051.466502][T24286] ? trace_hardirqs_on_caller+0x6a/0x240 [ 3051.472149][T24286] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3051.477698][T24286] ? memcg_stat_show+0xc40/0xc40 [ 3051.482639][T24286] ? retint_kernel+0x2b/0x2b [ 3051.487353][T24286] memory_max_write+0x262/0x3a0 [ 3051.492212][T24286] ? mem_cgroup_write+0x370/0x370 [ 3051.497237][T24286] ? lock_acquire+0x20b/0x410 [ 3051.501928][T24286] cgroup_file_write+0x241/0x790 [ 3051.506877][T24286] ? mem_cgroup_write+0x370/0x370 [ 3051.511913][T24286] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3051.517552][T24286] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3051.523188][T24286] kernfs_fop_write+0x2b8/0x480 [ 3051.528053][T24286] __vfs_write+0x8a/0x110 [ 3051.532377][T24286] ? kernfs_fop_open+0xd80/0xd80 [ 3051.537294][T24286] vfs_write+0x268/0x5d0 [ 3051.541514][T24286] ksys_write+0x14f/0x290 [ 3051.545859][T24286] ? __ia32_sys_read+0xb0/0xb0 [ 3051.550607][T24286] ? do_syscall_64+0x26/0x760 [ 3051.555274][T24286] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3051.561333][T24286] ? do_syscall_64+0x26/0x760 [ 3051.566027][T24286] __x64_sys_write+0x73/0xb0 [ 3051.570599][T24286] do_syscall_64+0xfa/0x760 [ 3051.575117][T24286] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3051.580996][T24286] RIP: 0033:0x459a29 [ 3051.584868][T24286] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3051.604463][T24286] RSP: 002b:00007f3480aebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3051.612860][T24286] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3051.620813][T24286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 3051.628765][T24286] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3051.636728][T24286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3480aec6d4 [ 3051.644689][T24286] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3051.671745][T24286] memory: usage 3244kB, limit 0kB, failcnt 1289 [ 3051.678157][T24286] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3051.685770][T24286] Memory cgroup stats for /syz4: [ 3051.685898][T24286] anon 2207744 [ 3051.685898][T24286] file 28672 [ 3051.685898][T24286] kernel_stack 65536 [ 3051.685898][T24286] slab 831488 [ 3051.685898][T24286] sock 0 [ 3051.685898][T24286] shmem 0 [ 3051.685898][T24286] file_mapped 0 [ 3051.685898][T24286] file_dirty 135168 [ 3051.685898][T24286] file_writeback 0 [ 3051.685898][T24286] anon_thp 2097152 [ 3051.685898][T24286] inactive_anon 0 [ 3051.685898][T24286] active_anon 2129920 [ 3051.685898][T24286] inactive_file 135168 [ 3051.685898][T24286] active_file 0 [ 3051.685898][T24286] unevictable 0 [ 3051.685898][T24286] slab_reclaimable 270336 [ 3051.685898][T24286] slab_unreclaimable 561152 [ 3051.685898][T24286] pgfault 20097 [ 3051.685898][T24286] pgmajfault 0 [ 3051.685898][T24286] workingset_refault 0 [ 3051.685898][T24286] workingset_activate 0 [ 3051.685898][T24286] workingset_nodereclaim 0 [ 3051.685898][T24286] pgrefill 67 [ 3051.685898][T24286] pgscan 110 [ 3051.685898][T24286] pgsteal 70 [ 3051.685898][T24286] pgactivate 33 [ 3051.695032][T24286] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24285,uid=0 [ 3051.849140][T24286] Memory cgroup out of memory: Killed process 24286 (syz-executor.4) total-vm:72576kB, anon-rss:2184kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3051.868046][T24260] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3051.873725][ T1066] oom_reaper: reaped process 24286 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3051.882729][T24260] CPU: 0 PID: 24260 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3051.896501][T24260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3051.906562][T24260] Call Trace: [ 3051.909856][T24260] dump_stack+0x172/0x1f0 [ 3051.914188][T24260] dump_header+0x10b/0x82d [ 3051.918600][T24260] ? oom_kill_process+0x94/0x3f0 [ 3051.923536][T24260] oom_kill_process.cold+0x10/0x15 [ 3051.928653][T24260] out_of_memory+0x334/0x1340 [ 3051.933329][T24260] ? lock_downgrade+0x920/0x920 [ 3051.938183][T24260] ? oom_killer_disable+0x280/0x280 [ 3051.943381][T24260] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3051.943395][T24260] ? memcg_stat_show+0xc40/0xc40 [ 3051.943412][T24260] ? do_raw_spin_unlock+0x57/0x270 [ 3051.943430][T24260] ? _raw_spin_unlock+0x2d/0x50 [ 3051.943446][T24260] try_charge+0xf4b/0x1440 [ 3051.943470][T24260] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3051.943480][T24260] ? percpu_ref_tryget_live+0x111/0x290 [ 3051.943501][T24260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3051.943515][T24260] ? __kasan_check_read+0x11/0x20 [ 3051.943529][T24260] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3051.943546][T24260] mem_cgroup_try_charge+0x136/0x590 [ 3051.943562][T24260] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3051.943579][T24260] wp_page_copy+0x407/0x1860 [ 3051.943592][T24260] ? find_held_lock+0x35/0x130 [ 3051.943606][T24260] ? do_wp_page+0x53b/0x15c0 [ 3051.943622][T24260] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3051.943636][T24260] ? lock_downgrade+0x920/0x920 [ 3051.943654][T24260] ? swp_swapcount+0x540/0x540 [ 3051.943668][T24260] ? __kasan_check_read+0x11/0x20 [ 3051.943678][T24260] ? do_raw_spin_unlock+0x57/0x270 20:15:21 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:21 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:21 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x74}, 0x0) 20:15:21 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 3051.943694][T24260] do_wp_page+0x543/0x15c0 [ 3051.979532][T24260] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3052.016486][T24260] __handle_mm_fault+0x23ec/0x4040 [ 3052.026829][T24260] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3052.026842][T24260] ? handle_mm_fault+0x292/0xaa0 [ 3052.026868][T24260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3052.026883][T24260] ? __kasan_check_read+0x11/0x20 [ 3052.026899][T24260] handle_mm_fault+0x3b7/0xaa0 [ 3052.026920][T24260] __do_page_fault+0x536/0xdd0 [ 3052.026942][T24260] do_page_fault+0x38/0x590 [ 3052.026961][T24260] page_fault+0x39/0x40 [ 3052.026970][T24260] RIP: 0033:0x4034f2 [ 3052.026985][T24260] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3052.026992][T24260] RSP: 002b:00007ffca25eaba0 EFLAGS: 00010246 [ 3052.027003][T24260] RAX: 0000000000000000 RBX: 00000000002e8d28 RCX: 0000000000413630 [ 3052.027010][T24260] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffca25ebcd0 [ 3052.027016][T24260] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001135940 [ 3052.027023][T24260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca25ebcd0 [ 3052.027031][T24260] R13: 00007ffca25ebcc0 R14: 0000000000000000 R15: 00007ffca25ebcd0 [ 3052.095368][T24290] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3052.161949][T24260] memory: usage 18364kB, limit 0kB, failcnt 144 [ 3052.227159][T24260] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3052.241999][T24260] Memory cgroup stats for /syz3: [ 3052.242110][T24260] anon 81920 [ 3052.242110][T24260] file 90112 [ 3052.242110][T24260] kernel_stack 0 [ 3052.242110][T24260] slab 18771968 [ 3052.242110][T24260] sock 0 [ 3052.242110][T24260] shmem 0 [ 3052.242110][T24260] file_mapped 0 [ 3052.242110][T24260] file_dirty 0 [ 3052.242110][T24260] file_writeback 0 [ 3052.242110][T24260] anon_thp 0 [ 3052.242110][T24260] inactive_anon 0 [ 3052.242110][T24260] active_anon 81920 [ 3052.242110][T24260] inactive_file 135168 [ 3052.242110][T24260] active_file 0 [ 3052.242110][T24260] unevictable 0 [ 3052.242110][T24260] slab_reclaimable 18247680 [ 3052.242110][T24260] slab_unreclaimable 524288 [ 3052.242110][T24260] pgfault 46266 [ 3052.242110][T24260] pgmajfault 0 [ 3052.242110][T24260] workingset_refault 0 [ 3052.242110][T24260] workingset_activate 0 [ 3052.242110][T24260] workingset_nodereclaim 0 [ 3052.242110][T24260] pgrefill 349 [ 3052.242110][T24260] pgscan 343 [ 3052.242110][T24260] pgsteal 33 [ 3052.242110][T24260] pgactivate 297 [ 3052.336846][T24290] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3052.347336][T24260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24260,uid=0 [ 3052.363301][T24260] Memory cgroup out of memory: Killed process 24260 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3052.381856][ T1066] oom_reaper: reaped process 24260 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3052.393133][T24252] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3052.403406][T24252] CPU: 1 PID: 24252 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3052.410950][T24252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3052.421001][T24252] Call Trace: [ 3052.424300][T24252] dump_stack+0x172/0x1f0 [ 3052.428639][T24252] dump_header+0x10b/0x82d [ 3052.433053][T24252] ? oom_kill_process+0x94/0x3f0 [ 3052.437990][T24252] oom_kill_process.cold+0x10/0x15 [ 3052.443103][T24252] out_of_memory+0x334/0x1340 [ 3052.447787][T24252] ? lock_downgrade+0x920/0x920 [ 3052.452639][T24252] ? oom_killer_disable+0x280/0x280 [ 3052.457854][T24252] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3052.463396][T24252] ? memcg_stat_show+0xc40/0xc40 [ 3052.468334][T24252] ? do_raw_spin_unlock+0x57/0x270 [ 3052.473447][T24252] ? _raw_spin_unlock+0x2d/0x50 [ 3052.478299][T24252] try_charge+0xf4b/0x1440 [ 3052.482823][T24252] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3052.488365][T24252] ? percpu_ref_tryget_live+0x111/0x290 [ 3052.493921][T24252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3052.500164][T24252] ? __kasan_check_read+0x11/0x20 [ 3052.505191][T24252] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3052.510743][T24252] mem_cgroup_try_charge+0x136/0x590 [ 3052.516037][T24252] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3052.521672][T24252] wp_page_copy+0x407/0x1860 [ 3052.526265][T24252] ? find_held_lock+0x35/0x130 [ 3052.531028][T24252] ? do_wp_page+0x53b/0x15c0 [ 3052.535619][T24252] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3052.541427][T24252] ? lock_downgrade+0x920/0x920 [ 3052.546283][T24252] ? swp_swapcount+0x540/0x540 [ 3052.551074][T24252] ? __kasan_check_read+0x11/0x20 [ 3052.556103][T24252] ? do_raw_spin_unlock+0x57/0x270 [ 3052.561216][T24252] do_wp_page+0x543/0x15c0 [ 3052.565636][T24252] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3052.571007][T24252] __handle_mm_fault+0x23ec/0x4040 [ 3052.576118][T24252] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3052.581657][T24252] ? handle_mm_fault+0x292/0xaa0 [ 3052.586602][T24252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3052.592839][T24252] ? __kasan_check_read+0x11/0x20 [ 3052.597859][T24252] handle_mm_fault+0x3b7/0xaa0 [ 3052.602624][T24252] __do_page_fault+0x536/0xdd0 [ 3052.607393][T24252] do_page_fault+0x38/0x590 [ 3052.611894][T24252] page_fault+0x39/0x40 [ 3052.616044][T24252] RIP: 0033:0x4034f2 [ 3052.619935][T24252] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3052.639540][T24252] RSP: 002b:00007fffc869ab30 EFLAGS: 00010246 [ 3052.639552][T24252] RAX: 0000000000000000 RBX: 00000000002e9079 RCX: 0000000000413630 [ 3052.639559][T24252] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffc869bc60 [ 3052.639566][T24252] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000011d8940 20:15:22 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3052.639573][T24252] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffc869bc60 [ 3052.639580][T24252] R13: 00007fffc869bc50 R14: 0000000000000000 R15: 00007fffc869bc60 [ 3052.710644][T24291] IPVS: ftp: loaded support on port[0] = 21 [ 3052.733402][T24252] memory: usage 948kB, limit 0kB, failcnt 1297 [ 3052.739630][T24252] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3052.747683][T24252] Memory cgroup stats for /syz4: [ 3052.747775][T24252] anon 0 [ 3052.747775][T24252] file 28672 [ 3052.747775][T24252] kernel_stack 0 [ 3052.747775][T24252] slab 831488 [ 3052.747775][T24252] sock 0 [ 3052.747775][T24252] shmem 0 [ 3052.747775][T24252] file_mapped 0 [ 3052.747775][T24252] file_dirty 135168 [ 3052.747775][T24252] file_writeback 0 [ 3052.747775][T24252] anon_thp 0 [ 3052.747775][T24252] inactive_anon 0 [ 3052.747775][T24252] active_anon 0 [ 3052.747775][T24252] inactive_file 135168 [ 3052.747775][T24252] active_file 0 [ 3052.747775][T24252] unevictable 0 [ 3052.747775][T24252] slab_reclaimable 270336 [ 3052.747775][T24252] slab_unreclaimable 561152 [ 3052.747775][T24252] pgfault 20097 [ 3052.747775][T24252] pgmajfault 0 [ 3052.747775][T24252] workingset_refault 0 [ 3052.747775][T24252] workingset_activate 0 [ 3052.747775][T24252] workingset_nodereclaim 0 [ 3052.747775][T24252] pgrefill 67 20:15:22 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7a}, 0x0) 20:15:22 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3052.747775][T24252] pgscan 110 [ 3052.747775][T24252] pgsteal 70 [ 3052.747775][T24252] pgactivate 33 [ 3052.893229][T24294] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3052.972616][T24294] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3053.081903][T24252] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24252,uid=0 [ 3053.138010][T24252] Memory cgroup out of memory: Killed process 24252 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3053.176835][ T1066] oom_reaper: reaped process 24252 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 20:15:23 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf0}, 0x0) [ 3053.477847][T24297] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3053.491777][T24297] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:15:23 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:15:23 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:23 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x300}, 0x0) [ 3053.866661][T24302] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3053.885359][T24302] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3053.966806][T24299] IPVS: ftp: loaded support on port[0] = 21 [ 3054.168909][T24291] chnl_net:caif_netlink_parms(): no params data found [ 3054.378791][T24291] bridge0: port 1(bridge_slave_0) entered blocking state [ 3054.392997][T24291] bridge0: port 1(bridge_slave_0) entered disabled state [ 3054.412080][T24291] device bridge_slave_0 entered promiscuous mode [ 3054.450859][T24291] bridge0: port 2(bridge_slave_1) entered blocking state [ 3054.460492][T24291] bridge0: port 2(bridge_slave_1) entered disabled state [ 3054.469348][T24291] device bridge_slave_1 entered promiscuous mode [ 3054.556236][T24306] IPVS: ftp: loaded support on port[0] = 21 [ 3054.594492][T24291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3054.609532][T24291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3054.684168][T24299] chnl_net:caif_netlink_parms(): no params data found [ 3054.788888][T24291] team0: Port device team_slave_0 added [ 3054.840274][T24291] team0: Port device team_slave_1 added [ 3054.947706][T24299] bridge0: port 1(bridge_slave_0) entered blocking state [ 3054.955955][T24299] bridge0: port 1(bridge_slave_0) entered disabled state [ 3054.964656][T24299] device bridge_slave_0 entered promiscuous mode [ 3054.978400][T24299] bridge0: port 2(bridge_slave_1) entered blocking state [ 3054.991235][T24299] bridge0: port 2(bridge_slave_1) entered disabled state [ 3055.000779][T24299] device bridge_slave_1 entered promiscuous mode [ 3055.166094][T24291] device hsr_slave_0 entered promiscuous mode [ 3055.252825][T24291] device hsr_slave_1 entered promiscuous mode [ 3055.291846][T24291] debugfs: Directory 'hsr0' with parent '/' already present! [ 3055.419176][T24299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3055.538557][T24306] chnl_net:caif_netlink_parms(): no params data found [ 3055.556032][T24299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3055.740706][T24299] team0: Port device team_slave_0 added [ 3055.771086][T24299] team0: Port device team_slave_1 added [ 3055.823001][T24306] bridge0: port 1(bridge_slave_0) entered blocking state [ 3055.830083][T24306] bridge0: port 1(bridge_slave_0) entered disabled state [ 3055.841095][T24306] device bridge_slave_0 entered promiscuous mode [ 3055.882294][T24306] bridge0: port 2(bridge_slave_1) entered blocking state [ 3055.889370][T24306] bridge0: port 2(bridge_slave_1) entered disabled state [ 3055.898557][T24306] device bridge_slave_1 entered promiscuous mode [ 3055.961581][T24291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3056.095457][T24299] device hsr_slave_0 entered promiscuous mode [ 3056.152918][T24299] device hsr_slave_1 entered promiscuous mode [ 3056.191782][T24299] debugfs: Directory 'hsr0' with parent '/' already present! [ 3056.272928][T24306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3056.328626][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3056.336966][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3056.349938][T24306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3056.434972][T24291] 8021q: adding VLAN 0 to HW filter on device team0 [ 3056.472321][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3056.481253][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3056.490739][T13510] bridge0: port 1(bridge_slave_0) entered blocking state [ 3056.497886][T13510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3056.513524][T24306] team0: Port device team_slave_0 added [ 3056.521435][T24306] team0: Port device team_slave_1 added [ 3056.614373][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3056.623477][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3056.633756][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3056.642399][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3056.649450][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3056.682797][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3056.771856][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3056.781082][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3056.793637][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3056.887620][T24306] device hsr_slave_0 entered promiscuous mode [ 3056.972808][T24306] device hsr_slave_1 entered promiscuous mode [ 3057.002134][T24306] debugfs: Directory 'hsr0' with parent '/' already present! [ 3057.024884][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3057.033435][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3057.042990][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3057.052111][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3057.060703][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3057.183653][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3057.193640][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3057.209921][T24291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3057.259802][T24299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3057.300871][T24291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3057.354355][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3057.363725][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3057.378289][T24299] 8021q: adding VLAN 0 to HW filter on device team0 [ 3057.412152][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3057.421216][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3057.429969][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3057.437093][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3057.446218][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3057.495082][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3057.512838][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3057.521408][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3057.528513][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3057.537536][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3057.631842][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3057.653226][T24316] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3057.683001][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3057.692556][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3057.718303][T24306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3057.730517][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3057.740028][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3057.749853][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3057.791017][T24317] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3057.802083][T24317] CPU: 1 PID: 24317 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3057.809630][T24317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3057.819679][T24317] Call Trace: [ 3057.822979][T24317] dump_stack+0x172/0x1f0 [ 3057.827312][T24317] dump_header+0x10b/0x82d [ 3057.831731][T24317] oom_kill_process.cold+0x10/0x15 [ 3057.836841][T24317] out_of_memory+0x334/0x1340 [ 3057.841515][T24317] ? __sched_text_start+0x8/0x8 [ 3057.846362][T24317] ? oom_killer_disable+0x280/0x280 [ 3057.851573][T24317] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3057.857124][T24317] ? memcg_stat_show+0xc40/0xc40 [ 3057.862069][T24317] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3057.867872][T24317] ? cgroup_file_notify+0x140/0x1b0 [ 3057.873061][T24317] memory_max_write+0x262/0x3a0 [ 3057.877889][T24317] ? mem_cgroup_write+0x370/0x370 [ 3057.882892][T24317] ? lock_acquire+0x190/0x410 [ 3057.887672][T24317] ? kernfs_fop_write+0x227/0x480 [ 3057.892678][T24317] cgroup_file_write+0x241/0x790 [ 3057.897622][T24317] ? mem_cgroup_write+0x370/0x370 [ 3057.902624][T24317] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3057.908237][T24317] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3057.913846][T24317] kernfs_fop_write+0x2b8/0x480 [ 3057.918673][T24317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3057.924910][T24317] __vfs_write+0x8a/0x110 [ 3057.929215][T24317] ? kernfs_fop_open+0xd80/0xd80 [ 3057.934129][T24317] vfs_write+0x268/0x5d0 [ 3057.938358][T24317] ksys_write+0x14f/0x290 [ 3057.942663][T24317] ? __ia32_sys_read+0xb0/0xb0 [ 3057.947405][T24317] ? do_syscall_64+0x26/0x760 [ 3057.952059][T24317] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3057.958100][T24317] ? do_syscall_64+0x26/0x760 [ 3057.962766][T24317] __x64_sys_write+0x73/0xb0 [ 3057.967334][T24317] do_syscall_64+0xfa/0x760 [ 3057.971827][T24317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3057.977693][T24317] RIP: 0033:0x459a29 [ 3057.981566][T24317] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3058.001154][T24317] RSP: 002b:00007f04e42c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3058.009552][T24317] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3058.017498][T24317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3058.025444][T24317] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3058.033389][T24317] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04e42c96d4 [ 3058.041336][T24317] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3058.071566][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3058.080230][T24317] memory: usage 3232kB, limit 0kB, failcnt 1324 [ 3058.087799][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3058.096669][T24317] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3058.122132][T24317] Memory cgroup stats for /syz0: [ 3058.122247][T24317] anon 2199552 [ 3058.122247][T24317] file 20480 [ 3058.122247][T24317] kernel_stack 65536 [ 3058.122247][T24317] slab 823296 [ 3058.122247][T24317] sock 0 [ 3058.122247][T24317] shmem 0 [ 3058.122247][T24317] file_mapped 0 [ 3058.122247][T24317] file_dirty 0 [ 3058.122247][T24317] file_writeback 0 [ 3058.122247][T24317] anon_thp 2097152 [ 3058.122247][T24317] inactive_anon 0 [ 3058.122247][T24317] active_anon 2199552 [ 3058.122247][T24317] inactive_file 0 [ 3058.122247][T24317] active_file 0 [ 3058.122247][T24317] unevictable 0 [ 3058.122247][T24317] slab_reclaimable 270336 [ 3058.122247][T24317] slab_unreclaimable 552960 [ 3058.122247][T24317] pgfault 19173 [ 3058.122247][T24317] pgmajfault 0 [ 3058.122247][T24317] workingset_refault 0 [ 3058.122247][T24317] workingset_activate 0 [ 3058.122247][T24317] workingset_nodereclaim 0 [ 3058.122247][T24317] pgrefill 66 [ 3058.122247][T24317] pgscan 66 [ 3058.122247][T24317] pgsteal 0 [ 3058.122247][T24317] pgactivate 33 [ 3058.223448][T24317] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24314,uid=0 [ 3058.239540][T24317] Memory cgroup out of memory: Killed process 24314 (syz-executor.0) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3058.261493][ T1066] oom_reaper: reaped process 24314 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 20:15:27 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:27 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0x0, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 3058.287692][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3058.298361][T24291] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3058.329376][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3058.353253][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3058.372677][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3058.380739][T24291] CPU: 1 PID: 24291 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3058.388278][T24291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3058.398327][T24291] Call Trace: [ 3058.401622][T24291] dump_stack+0x172/0x1f0 [ 3058.405959][T24291] dump_header+0x10b/0x82d [ 3058.410369][T24291] ? oom_kill_process+0x94/0x3f0 [ 3058.415303][T24291] oom_kill_process.cold+0x10/0x15 [ 3058.420412][T24291] out_of_memory+0x334/0x1340 [ 3058.425085][T24291] ? lock_downgrade+0x920/0x920 [ 3058.429953][T24291] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3058.435768][T24291] ? oom_killer_disable+0x280/0x280 [ 3058.440980][T24291] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3058.446527][T24291] ? memcg_stat_show+0xc40/0xc40 [ 3058.451471][T24291] ? do_raw_spin_unlock+0x57/0x270 [ 3058.456586][T24291] ? _raw_spin_unlock+0x2d/0x50 [ 3058.461439][T24291] try_charge+0xf4b/0x1440 [ 3058.465865][T24291] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3058.471408][T24291] ? percpu_ref_tryget_live+0x111/0x290 [ 3058.476962][T24291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3058.483203][T24291] ? __kasan_check_read+0x11/0x20 [ 3058.488237][T24291] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3058.493790][T24291] mem_cgroup_try_charge+0x136/0x590 [ 3058.499093][T24291] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3058.504731][T24291] wp_page_copy+0x407/0x1860 [ 3058.509323][T24291] ? find_held_lock+0x35/0x130 [ 3058.514086][T24291] ? do_wp_page+0x53b/0x15c0 [ 3058.518678][T24291] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3058.524489][T24291] ? lock_downgrade+0x920/0x920 [ 3058.529347][T24291] ? swp_swapcount+0x540/0x540 [ 3058.534114][T24291] ? __kasan_check_read+0x11/0x20 [ 3058.539134][T24291] ? do_raw_spin_unlock+0x57/0x270 [ 3058.544247][T24291] do_wp_page+0x543/0x15c0 [ 3058.548669][T24291] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3058.554047][T24291] __handle_mm_fault+0x23ec/0x4040 [ 3058.559162][T24291] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3058.564712][T24291] ? handle_mm_fault+0x292/0xaa0 [ 3058.569665][T24291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3058.575907][T24291] ? __kasan_check_read+0x11/0x20 [ 3058.580947][T24291] handle_mm_fault+0x3b7/0xaa0 [ 3058.585722][T24291] __do_page_fault+0x536/0xdd0 [ 3058.590493][T24291] do_page_fault+0x38/0x590 [ 3058.595001][T24291] page_fault+0x39/0x40 [ 3058.599149][T24291] RIP: 0033:0x430b06 [ 3058.603038][T24291] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3058.622646][T24291] RSP: 002b:00007ffcefc46540 EFLAGS: 00010206 [ 3058.628717][T24291] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3058.636682][T24291] RDX: 0000000001a5c930 RSI: 0000000001a64970 RDI: 0000000000000003 [ 3058.644642][T24291] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001a5b940 [ 3058.652587][T24291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3058.660532][T24291] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3058.673717][T24299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3058.673736][T24291] memory: usage 876kB, limit 0kB, failcnt 1332 [ 3058.695788][T24306] 8021q: adding VLAN 0 to HW filter on device team0 [ 3058.701773][T24291] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3058.722836][T24291] Memory cgroup stats for /syz0: [ 3058.722950][T24291] anon 0 [ 3058.722950][T24291] file 20480 [ 3058.722950][T24291] kernel_stack 0 [ 3058.722950][T24291] slab 823296 [ 3058.722950][T24291] sock 0 [ 3058.722950][T24291] shmem 0 [ 3058.722950][T24291] file_mapped 0 [ 3058.722950][T24291] file_dirty 0 [ 3058.722950][T24291] file_writeback 0 [ 3058.722950][T24291] anon_thp 0 [ 3058.722950][T24291] inactive_anon 0 [ 3058.722950][T24291] active_anon 0 [ 3058.722950][T24291] inactive_file 0 [ 3058.722950][T24291] active_file 0 [ 3058.722950][T24291] unevictable 0 [ 3058.722950][T24291] slab_reclaimable 270336 [ 3058.722950][T24291] slab_unreclaimable 552960 [ 3058.722950][T24291] pgfault 19206 [ 3058.722950][T24291] pgmajfault 0 [ 3058.722950][T24291] workingset_refault 0 [ 3058.722950][T24291] workingset_activate 0 [ 3058.722950][T24291] workingset_nodereclaim 0 [ 3058.722950][T24291] pgrefill 66 [ 3058.722950][T24291] pgscan 66 [ 3058.722950][T24291] pgsteal 0 [ 3058.722950][T24291] pgactivate 33 [ 3058.722950][T24291] pgdeactivate 66 [ 3058.821380][T24291] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24291,uid=0 [ 3058.853074][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3058.862815][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3058.871353][T16062] bridge0: port 1(bridge_slave_0) entered blocking state [ 3058.878482][T16062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3058.886819][T24291] Memory cgroup out of memory: Killed process 24291 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3058.925360][ T1066] oom_reaper: reaped process 24291 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3058.968743][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3058.978810][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3058.989050][T13425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3058.998090][T13425] bridge0: port 2(bridge_slave_1) entered blocking state [ 3059.005221][T13425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3059.024818][T24299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3059.393081][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3059.422990][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3059.482584][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3059.492782][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3059.521842][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3059.544082][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3059.610540][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3059.619619][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3059.635638][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3059.705032][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3059.724385][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3059.755195][T24306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3059.788081][T24326] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3059.801844][T24326] CPU: 0 PID: 24326 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3059.809417][T24326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3059.819481][T24326] Call Trace: [ 3059.822785][T24326] dump_stack+0x172/0x1f0 [ 3059.827122][T24326] dump_header+0x10b/0x82d [ 3059.831549][T24326] oom_kill_process.cold+0x10/0x15 [ 3059.836668][T24326] out_of_memory+0x334/0x1340 [ 3059.841371][T24326] ? __sched_text_start+0x8/0x8 [ 3059.846225][T24326] ? oom_killer_disable+0x280/0x280 [ 3059.851438][T24326] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3059.856987][T24326] ? memcg_stat_show+0xc40/0xc40 [ 3059.861943][T24326] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3059.867759][T24326] ? cgroup_file_notify+0x140/0x1b0 [ 3059.872969][T24326] memory_max_write+0x262/0x3a0 [ 3059.877827][T24326] ? mem_cgroup_write+0x370/0x370 [ 3059.882855][T24326] ? lock_acquire+0x190/0x410 [ 3059.887536][T24326] ? kernfs_fop_write+0x227/0x480 [ 3059.892569][T24326] cgroup_file_write+0x241/0x790 [ 3059.897511][T24326] ? mem_cgroup_write+0x370/0x370 [ 3059.902540][T24326] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3059.908197][T24326] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3059.913848][T24326] kernfs_fop_write+0x2b8/0x480 [ 3059.918718][T24326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3059.924980][T24326] __vfs_write+0x8a/0x110 [ 3059.929316][T24326] ? kernfs_fop_open+0xd80/0xd80 [ 3059.934262][T24326] vfs_write+0x268/0x5d0 [ 3059.938512][T24326] ksys_write+0x14f/0x290 [ 3059.942844][T24326] ? __ia32_sys_read+0xb0/0xb0 [ 3059.947616][T24326] ? do_syscall_64+0x26/0x760 [ 3059.952298][T24326] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3059.958367][T24326] ? do_syscall_64+0x26/0x760 [ 3059.963054][T24326] __x64_sys_write+0x73/0xb0 [ 3059.967655][T24326] do_syscall_64+0xfa/0x760 [ 3059.972168][T24326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3059.978058][T24326] RIP: 0033:0x459a29 [ 3059.981960][T24326] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3060.001575][T24326] RSP: 002b:00007f79d6ad0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3060.009993][T24326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3060.017975][T24326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3060.025957][T24326] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3060.033933][T24326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79d6ad16d4 [ 3060.041918][T24326] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3060.055140][T24326] memory: usage 3340kB, limit 0kB, failcnt 1375 [ 3060.061415][T24326] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3060.068872][T24326] Memory cgroup stats for /syz5: [ 3060.069004][T24326] anon 2215936 [ 3060.069004][T24326] file 0 [ 3060.069004][T24326] kernel_stack 65536 [ 3060.069004][T24326] slab 675840 [ 3060.069004][T24326] sock 4096 [ 3060.069004][T24326] shmem 77824 [ 3060.069004][T24326] file_mapped 0 [ 3060.069004][T24326] file_dirty 0 [ 3060.069004][T24326] file_writeback 0 [ 3060.069004][T24326] anon_thp 2097152 [ 3060.069004][T24326] inactive_anon 135168 [ 3060.069004][T24326] active_anon 2138112 [ 3060.069004][T24326] inactive_file 0 [ 3060.069004][T24326] active_file 0 [ 3060.069004][T24326] unevictable 0 [ 3060.069004][T24326] slab_reclaimable 135168 [ 3060.069004][T24326] slab_unreclaimable 540672 [ 3060.069004][T24326] pgfault 21912 [ 3060.069004][T24326] pgmajfault 0 [ 3060.069004][T24326] workingset_refault 0 [ 3060.069004][T24326] workingset_activate 0 [ 3060.069004][T24326] workingset_nodereclaim 0 [ 3060.069004][T24326] pgrefill 165 [ 3060.069004][T24326] pgscan 253 [ 3060.069004][T24326] pgsteal 69 [ 3060.069004][T24326] pgactivate 66 [ 3060.074791][T24326] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24324,uid=0 [ 3060.189758][T24326] Memory cgroup out of memory: Killed process 24324 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3060.210146][ T1066] oom_reaper: reaped process 24324 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3060.224559][T24306] 8021q: adding VLAN 0 to HW filter on device batadv0 20:15:29 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:29 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:29 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x500}, 0x0) 20:15:29 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3060.275775][T24299] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3060.304579][T24331] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3060.311821][T24299] CPU: 1 PID: 24299 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3060.320218][T24299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3060.330266][T24299] Call Trace: [ 3060.330291][T24299] dump_stack+0x172/0x1f0 [ 3060.330312][T24299] dump_header+0x10b/0x82d [ 3060.342312][T24299] ? oom_kill_process+0x94/0x3f0 [ 3060.347265][T24299] oom_kill_process.cold+0x10/0x15 [ 3060.352393][T24299] out_of_memory+0x334/0x1340 [ 3060.357077][T24299] ? lock_downgrade+0x920/0x920 [ 3060.361921][T24299] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3060.361938][T24299] ? oom_killer_disable+0x280/0x280 [ 3060.361960][T24299] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3060.361973][T24299] ? memcg_stat_show+0xc40/0xc40 [ 3060.361990][T24299] ? do_raw_spin_unlock+0x57/0x270 [ 3060.368585][T24331] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3060.372967][T24299] ? _raw_spin_unlock+0x2d/0x50 [ 3060.372987][T24299] try_charge+0xf4b/0x1440 [ 3060.373009][T24299] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3060.373028][T24299] ? percpu_ref_tryget_live+0x111/0x290 [ 3060.418148][T24299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3060.422479][T24328] IPVS: ftp: loaded support on port[0] = 21 [ 3060.424397][T24299] ? __kasan_check_read+0x11/0x20 [ 3060.435283][T24299] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3060.440842][T24299] mem_cgroup_try_charge+0x136/0x590 [ 3060.446151][T24299] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3060.451802][T24299] wp_page_copy+0x407/0x1860 [ 3060.456411][T24299] ? find_held_lock+0x35/0x130 [ 3060.461188][T24299] ? do_wp_page+0x53b/0x15c0 [ 3060.465804][T24299] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3060.471627][T24299] ? lock_downgrade+0x920/0x920 [ 3060.476492][T24299] ? swp_swapcount+0x540/0x540 [ 3060.481277][T24299] ? __kasan_check_read+0x11/0x20 [ 3060.486318][T24299] ? do_raw_spin_unlock+0x57/0x270 [ 3060.491436][T24299] do_wp_page+0x543/0x15c0 [ 3060.495880][T24299] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3060.501291][T24299] __handle_mm_fault+0x23ec/0x4040 [ 3060.506425][T24299] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3060.511980][T24299] ? handle_mm_fault+0x292/0xaa0 [ 3060.516940][T24299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3060.523195][T24299] ? __kasan_check_read+0x11/0x20 [ 3060.528241][T24299] handle_mm_fault+0x3b7/0xaa0 [ 3060.533023][T24299] __do_page_fault+0x536/0xdd0 [ 3060.537812][T24299] do_page_fault+0x38/0x590 [ 3060.542345][T24299] page_fault+0x39/0x40 [ 3060.546502][T24299] RIP: 0033:0x430b06 [ 3060.550401][T24299] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3060.570020][T24299] RSP: 002b:00007fff041a6430 EFLAGS: 00010206 [ 3060.576102][T24299] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3060.584090][T24299] RDX: 00000000013bc930 RSI: 00000000013c4970 RDI: 0000000000000003 [ 3060.592093][T24299] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000013bb940 [ 3060.600082][T24299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3060.608090][T24299] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3060.622751][T24299] memory: usage 972kB, limit 0kB, failcnt 1384 [ 3060.630496][T24299] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3060.673298][T24299] Memory cgroup stats for /syz5: [ 3060.673412][T24299] anon 135168 [ 3060.673412][T24299] file 0 [ 3060.673412][T24299] kernel_stack 0 [ 3060.673412][T24299] slab 675840 [ 3060.673412][T24299] sock 4096 [ 3060.673412][T24299] shmem 77824 [ 3060.673412][T24299] file_mapped 0 [ 3060.673412][T24299] file_dirty 0 [ 3060.673412][T24299] file_writeback 0 [ 3060.673412][T24299] anon_thp 0 [ 3060.673412][T24299] inactive_anon 135168 [ 3060.673412][T24299] active_anon 57344 [ 3060.673412][T24299] inactive_file 0 [ 3060.673412][T24299] active_file 0 [ 3060.673412][T24299] unevictable 0 [ 3060.673412][T24299] slab_reclaimable 135168 [ 3060.673412][T24299] slab_unreclaimable 540672 [ 3060.673412][T24299] pgfault 21912 [ 3060.673412][T24299] pgmajfault 0 [ 3060.673412][T24299] workingset_refault 0 [ 3060.673412][T24299] workingset_activate 0 [ 3060.673412][T24299] workingset_nodereclaim 0 [ 3060.673412][T24299] pgrefill 165 [ 3060.673412][T24299] pgscan 253 [ 3060.673412][T24299] pgsteal 69 [ 3060.673412][T24299] pgactivate 66 20:15:30 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x600}, 0x0) [ 3060.783575][T24335] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3060.828643][T24335] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3060.920281][T24339] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3061.062483][T24299] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24299,uid=0 [ 3061.133545][T24299] Memory cgroup out of memory: Killed process 24299 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3061.175868][ T1066] oom_reaper: reaped process 24299 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3061.187322][T24339] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3061.198359][T24339] CPU: 0 PID: 24339 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3061.205911][T24339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3061.205921][T24339] Call Trace: [ 3061.205945][T24339] dump_stack+0x172/0x1f0 [ 3061.205968][T24339] dump_header+0x10b/0x82d [ 3061.205987][T24339] oom_kill_process.cold+0x10/0x15 [ 3061.206005][T24339] out_of_memory+0x334/0x1340 [ 3061.206029][T24339] ? oom_killer_disable+0x280/0x280 [ 3061.206056][T24339] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3061.237857][T24339] ? memcg_stat_show+0xc40/0xc40 [ 3061.237886][T24339] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3061.253506][T24339] ? cgroup_file_notify+0x140/0x1b0 [ 3061.253527][T24339] memory_max_write+0x262/0x3a0 [ 3061.264937][T24339] ? mem_cgroup_write+0x370/0x370 [ 3061.274761][T24339] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3061.274781][T24339] cgroup_file_write+0x241/0x790 [ 3061.274797][T24339] ? mem_cgroup_write+0x370/0x370 [ 3061.274811][T24339] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3061.274830][T24339] ? kernfs_ops+0x9f/0x120 [ 3061.274845][T24339] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3061.274860][T24339] kernfs_fop_write+0x2b8/0x480 [ 3061.274877][T24339] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3061.274895][T24339] __vfs_write+0x8a/0x110 [ 3061.274913][T24339] ? kernfs_fop_open+0xd80/0xd80 [ 3061.295896][T24339] vfs_write+0x268/0x5d0 [ 3061.310741][T24339] ksys_write+0x14f/0x290 [ 3061.310758][T24339] ? __ia32_sys_read+0xb0/0xb0 [ 3061.330452][T24339] __x64_sys_write+0x73/0xb0 [ 3061.330476][T24339] do_syscall_64+0xfa/0x760 [ 3061.344111][T24339] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3061.344126][T24339] RIP: 0033:0x459a29 [ 3061.354495][T24339] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3061.377945][T24339] RSP: 002b:00007fbc2f425c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3061.377957][T24339] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3061.377964][T24339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3061.377971][T24339] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3061.377978][T24339] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc2f4266d4 [ 3061.377986][T24339] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3061.409527][T24339] memory: usage 3236kB, limit 0kB, failcnt 1374 [ 3061.438612][T24339] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3061.445863][T24339] Memory cgroup stats for /syz2: [ 3061.447135][T24339] anon 2134016 [ 3061.447135][T24339] file 20480 [ 3061.447135][T24339] kernel_stack 65536 [ 3061.447135][T24339] slab 946176 [ 3061.447135][T24339] sock 0 [ 3061.447135][T24339] shmem 0 [ 3061.447135][T24339] file_mapped 0 [ 3061.447135][T24339] file_dirty 135168 [ 3061.447135][T24339] file_writeback 0 [ 3061.447135][T24339] anon_thp 2097152 [ 3061.447135][T24339] inactive_anon 0 [ 3061.447135][T24339] active_anon 2134016 [ 3061.447135][T24339] inactive_file 0 [ 3061.447135][T24339] active_file 0 [ 3061.447135][T24339] unevictable 0 [ 3061.447135][T24339] slab_reclaimable 270336 [ 3061.447135][T24339] slab_unreclaimable 675840 [ 3061.447135][T24339] pgfault 18909 [ 3061.447135][T24339] pgmajfault 0 [ 3061.447135][T24339] workingset_refault 0 [ 3061.447135][T24339] workingset_activate 0 [ 3061.447135][T24339] workingset_nodereclaim 0 [ 3061.447135][T24339] pgrefill 99 [ 3061.447135][T24339] pgscan 99 [ 3061.447135][T24339] pgsteal 0 [ 3061.447135][T24339] pgactivate 66 [ 3061.545140][T24339] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24338,uid=0 [ 3061.561426][T24339] Memory cgroup out of memory: Killed process 24338 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3061.587445][ T1066] oom_reaper: reaped process 24338 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 20:15:31 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x700}, 0x0) 20:15:31 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3061.778734][T24306] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3061.812949][T24345] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3061.821060][T24345] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3061.821669][T24306] CPU: 0 PID: 24306 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3061.837881][T24306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3061.847933][T24306] Call Trace: [ 3061.851236][T24306] dump_stack+0x172/0x1f0 [ 3061.855569][T24306] dump_header+0x10b/0x82d [ 3061.859980][T24306] ? oom_kill_process+0x94/0x3f0 [ 3061.864927][T24306] oom_kill_process.cold+0x10/0x15 [ 3061.870038][T24306] out_of_memory+0x334/0x1340 [ 3061.874714][T24306] ? lock_downgrade+0x920/0x920 [ 3061.879567][T24306] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3061.885377][T24306] ? oom_killer_disable+0x280/0x280 [ 3061.890588][T24306] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3061.896137][T24306] ? memcg_stat_show+0xc40/0xc40 [ 3061.901080][T24306] ? do_raw_spin_unlock+0x57/0x270 [ 3061.906205][T24306] ? _raw_spin_unlock+0x2d/0x50 [ 3061.911066][T24306] try_charge+0xf4b/0x1440 [ 3061.915493][T24306] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3061.921037][T24306] ? percpu_ref_tryget_live+0x111/0x290 [ 3061.926594][T24306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3061.932833][T24306] ? __kasan_check_read+0x11/0x20 [ 3061.937861][T24306] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3061.943409][T24306] mem_cgroup_try_charge+0x136/0x590 [ 3061.948697][T24306] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3061.954330][T24306] __handle_mm_fault+0x1f0d/0x4040 [ 3061.959439][T24306] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3061.964995][T24306] ? handle_mm_fault+0x292/0xaa0 [ 3061.969941][T24306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3061.976180][T24306] ? __kasan_check_read+0x11/0x20 [ 3061.981213][T24306] handle_mm_fault+0x3b7/0xaa0 [ 3061.985980][T24306] __do_page_fault+0x536/0xdd0 [ 3061.990752][T24306] do_page_fault+0x38/0x590 [ 3061.995261][T24306] page_fault+0x39/0x40 [ 3061.999411][T24306] RIP: 0033:0x4579c1 [ 3062.003306][T24306] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 3062.022908][T24306] RSP: 002b:00007fff4f50af70 EFLAGS: 00010206 [ 3062.028974][T24306] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004579a0 [ 3062.036945][T24306] RDX: 00007fff4f50af70 RSI: 0000000000000003 RDI: 0000000000000001 [ 3062.044916][T24306] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000028a0940 [ 3062.052884][T24306] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff4f50c150 [ 3062.060859][T24306] R13: 00007fff4f50c140 R14: 0000000000000000 R15: 00007fff4f50c150 [ 3062.073629][T24306] memory: usage 868kB, limit 0kB, failcnt 1382 [ 3062.079806][T24306] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3062.086762][T24306] Memory cgroup stats for /syz2: [ 3062.086857][T24306] anon 36864 [ 3062.086857][T24306] file 20480 [ 3062.086857][T24306] kernel_stack 0 [ 3062.086857][T24306] slab 946176 [ 3062.086857][T24306] sock 0 [ 3062.086857][T24306] shmem 0 [ 3062.086857][T24306] file_mapped 0 [ 3062.086857][T24306] file_dirty 135168 [ 3062.086857][T24306] file_writeback 0 [ 3062.086857][T24306] anon_thp 0 [ 3062.086857][T24306] inactive_anon 0 [ 3062.086857][T24306] active_anon 36864 [ 3062.086857][T24306] inactive_file 0 [ 3062.086857][T24306] active_file 0 [ 3062.086857][T24306] unevictable 0 [ 3062.086857][T24306] slab_reclaimable 270336 [ 3062.086857][T24306] slab_unreclaimable 675840 [ 3062.086857][T24306] pgfault 18909 [ 3062.086857][T24306] pgmajfault 0 [ 3062.086857][T24306] workingset_refault 0 [ 3062.086857][T24306] workingset_activate 0 [ 3062.086857][T24306] workingset_nodereclaim 0 [ 3062.086857][T24306] pgrefill 99 [ 3062.086857][T24306] pgscan 99 [ 3062.086857][T24306] pgsteal 0 [ 3062.086857][T24306] pgactivate 66 [ 3062.181156][T24306] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24306,uid=0 [ 3062.211755][T24306] Memory cgroup out of memory: Killed process 24306 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3062.242512][ T1066] oom_reaper: reaped process 24306 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 20:15:32 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xa00}, 0x0) [ 3062.478115][T24346] IPVS: ftp: loaded support on port[0] = 21 [ 3062.571507][T24351] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3062.591737][T24351] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:15:32 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3062.848062][T24348] IPVS: ftp: loaded support on port[0] = 21 20:15:32 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3062.905371][T24328] chnl_net:caif_netlink_parms(): no params data found 20:15:32 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xe00}, 0x0) [ 3063.042752][T24354] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3063.050871][T24354] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3063.157299][T24328] bridge0: port 1(bridge_slave_0) entered blocking state [ 3063.171758][T24328] bridge0: port 1(bridge_slave_0) entered disabled state [ 3063.180517][T24328] device bridge_slave_0 entered promiscuous mode [ 3063.246238][T24328] bridge0: port 2(bridge_slave_1) entered blocking state [ 3063.253741][T24328] bridge0: port 2(bridge_slave_1) entered disabled state [ 3063.263700][T24328] device bridge_slave_1 entered promiscuous mode [ 3063.350824][T24328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3063.472433][T24328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3063.633825][T24328] team0: Port device team_slave_0 added [ 3063.644545][T24328] team0: Port device team_slave_1 added [ 3063.656999][T24348] chnl_net:caif_netlink_parms(): no params data found [ 3063.669442][T24346] chnl_net:caif_netlink_parms(): no params data found [ 3063.855166][T24328] device hsr_slave_0 entered promiscuous mode [ 3063.892934][T24328] device hsr_slave_1 entered promiscuous mode [ 3063.931870][T24328] debugfs: Directory 'hsr0' with parent '/' already present! [ 3064.134918][T24348] bridge0: port 1(bridge_slave_0) entered blocking state [ 3064.142275][T24348] bridge0: port 1(bridge_slave_0) entered disabled state [ 3064.150954][T24348] device bridge_slave_0 entered promiscuous mode [ 3064.162581][T24346] bridge0: port 1(bridge_slave_0) entered blocking state [ 3064.169632][T24346] bridge0: port 1(bridge_slave_0) entered disabled state [ 3064.179490][T24346] device bridge_slave_0 entered promiscuous mode [ 3064.190716][T24348] bridge0: port 2(bridge_slave_1) entered blocking state [ 3064.198863][T24348] bridge0: port 2(bridge_slave_1) entered disabled state [ 3064.208521][T24348] device bridge_slave_1 entered promiscuous mode [ 3064.234790][T24346] bridge0: port 2(bridge_slave_1) entered blocking state [ 3064.242205][T24346] bridge0: port 2(bridge_slave_1) entered disabled state [ 3064.250841][T24346] device bridge_slave_1 entered promiscuous mode [ 3064.291134][T24346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3064.341786][T24348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3064.355213][T24346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3064.368552][T24348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3064.464660][T24346] team0: Port device team_slave_0 added [ 3064.473373][T24346] team0: Port device team_slave_1 added [ 3064.488951][T24348] team0: Port device team_slave_0 added [ 3064.593361][T24348] team0: Port device team_slave_1 added [ 3064.666134][T24346] device hsr_slave_0 entered promiscuous mode [ 3064.744701][T24346] device hsr_slave_1 entered promiscuous mode [ 3064.782004][T24346] debugfs: Directory 'hsr0' with parent '/' already present! [ 3064.905815][T24348] device hsr_slave_0 entered promiscuous mode [ 3065.022918][T24348] device hsr_slave_1 entered promiscuous mode [ 3065.121859][T24348] debugfs: Directory 'hsr0' with parent '/' already present! [ 3065.206449][T24328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3065.321022][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3065.330369][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3065.366929][T24328] 8021q: adding VLAN 0 to HW filter on device team0 [ 3065.442473][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3065.451385][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3065.460331][T16202] bridge0: port 1(bridge_slave_0) entered blocking state [ 3065.467437][T16202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3065.583743][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3065.592872][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3065.602284][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3065.610775][T14269] bridge0: port 2(bridge_slave_1) entered blocking state [ 3065.617874][T14269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3065.715245][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3065.725417][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3065.767023][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3065.782875][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3065.793903][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3065.803278][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3065.894375][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3065.912907][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3065.923484][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3065.959817][T24348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3065.967285][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3065.977749][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3065.991959][T24346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3066.047766][T24328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3066.075488][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3066.084446][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3066.096524][T24348] 8021q: adding VLAN 0 to HW filter on device team0 [ 3066.194667][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3066.203629][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3066.212330][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3066.221358][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3066.230409][T13510] bridge0: port 1(bridge_slave_0) entered blocking state [ 3066.237536][T13510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3066.249503][T24328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3066.271315][T24346] 8021q: adding VLAN 0 to HW filter on device team0 [ 3066.286762][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3066.295847][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3066.305740][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3066.314569][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3066.321684][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3066.380645][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3066.389848][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3066.410411][T20707] bridge0: port 1(bridge_slave_0) entered blocking state [ 3066.417538][T20707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3066.437872][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3066.447871][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3066.533685][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3066.543727][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3066.553850][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3066.560921][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3066.569788][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3066.595733][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3066.605224][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3066.614829][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3066.624266][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3066.687823][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3066.699007][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3066.709484][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3066.721436][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3066.732500][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3066.798062][T24364] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3066.820853][T24364] CPU: 1 PID: 24364 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3066.828425][T24364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3066.838478][T24364] Call Trace: [ 3066.841778][T24364] dump_stack+0x172/0x1f0 [ 3066.846110][T24364] dump_header+0x10b/0x82d [ 3066.850529][T24364] oom_kill_process.cold+0x10/0x15 [ 3066.855650][T24364] out_of_memory+0x334/0x1340 [ 3066.860329][T24364] ? __this_cpu_preempt_check+0x3a/0x210 [ 3066.865960][T24364] ? retint_kernel+0x2b/0x2b [ 3066.870559][T24364] ? oom_killer_disable+0x280/0x280 [ 3066.875760][T24364] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3066.881486][T24364] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3066.887026][T24364] ? memcg_stat_show+0xc40/0xc40 [ 3066.891976][T24364] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3066.897785][T24364] ? cgroup_file_notify+0x140/0x1b0 [ 3066.902981][T24364] memory_max_write+0x262/0x3a0 [ 3066.907818][T24364] ? mem_cgroup_write+0x370/0x370 [ 3066.912827][T24364] ? lock_acquire+0x190/0x410 [ 3066.917486][T24364] ? kernfs_fop_write+0x227/0x480 [ 3066.922497][T24364] cgroup_file_write+0x241/0x790 [ 3066.927416][T24364] ? mem_cgroup_write+0x370/0x370 [ 3066.932425][T24364] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3066.938043][T24364] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3066.943655][T24364] kernfs_fop_write+0x2b8/0x480 [ 3066.948488][T24364] __vfs_write+0x8a/0x110 [ 3066.952796][T24364] ? kernfs_fop_open+0xd80/0xd80 [ 3066.957723][T24364] vfs_write+0x268/0x5d0 [ 3066.961950][T24364] ksys_write+0x14f/0x290 [ 3066.966268][T24364] ? __ia32_sys_read+0xb0/0xb0 [ 3066.971019][T24364] __x64_sys_write+0x73/0xb0 [ 3066.975591][T24364] do_syscall_64+0xfa/0x760 [ 3066.980083][T24364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3066.985963][T24364] RIP: 0033:0x459a29 [ 3066.989847][T24364] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3067.009434][T24364] RSP: 002b:00007f43d3284c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3067.017859][T24364] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3067.025811][T24364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 3067.033760][T24364] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3067.041711][T24364] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43d32856d4 [ 3067.049660][T24364] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3067.062704][T24364] memory: usage 17944kB, limit 0kB, failcnt 145 [ 3067.069235][T24364] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3067.080126][T24364] Memory cgroup stats for /syz3: [ 3067.081194][T24364] anon 2170880 [ 3067.081194][T24364] file 90112 [ 3067.081194][T24364] kernel_stack 0 [ 3067.081194][T24364] slab 16068608 [ 3067.081194][T24364] sock 0 [ 3067.081194][T24364] shmem 0 [ 3067.081194][T24364] file_mapped 0 [ 3067.081194][T24364] file_dirty 0 [ 3067.081194][T24364] file_writeback 0 [ 3067.081194][T24364] anon_thp 2097152 [ 3067.081194][T24364] inactive_anon 0 [ 3067.081194][T24364] active_anon 2170880 [ 3067.081194][T24364] inactive_file 135168 [ 3067.081194][T24364] active_file 0 [ 3067.081194][T24364] unevictable 0 [ 3067.081194][T24364] slab_reclaimable 15544320 [ 3067.081194][T24364] slab_unreclaimable 524288 [ 3067.081194][T24364] pgfault 46365 [ 3067.081194][T24364] pgmajfault 0 [ 3067.081194][T24364] workingset_refault 0 [ 3067.081194][T24364] workingset_activate 0 [ 3067.081194][T24364] workingset_nodereclaim 0 [ 3067.081194][T24364] pgrefill 349 [ 3067.081194][T24364] pgscan 343 [ 3067.081194][T24364] pgsteal 33 [ 3067.081194][T24364] pgactivate 297 [ 3067.122701][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3067.198796][T24364] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24363,uid=0 [ 3067.216360][T24364] Memory cgroup out of memory: Killed process 24363 (syz-executor.3) total-vm:72576kB, anon-rss:2180kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 20:15:36 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x0, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:36 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3067.239980][ T1066] oom_reaper: reaped process 24363 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 3067.253493][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3067.263625][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3067.273052][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3067.284800][T24328] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3067.297415][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3067.307564][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3067.315903][T24328] CPU: 0 PID: 24328 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3067.323452][T24328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3067.333500][T24328] Call Trace: [ 3067.336792][T24328] dump_stack+0x172/0x1f0 [ 3067.341125][T24328] dump_header+0x10b/0x82d [ 3067.345534][T24328] ? oom_kill_process+0x94/0x3f0 [ 3067.350464][T24328] oom_kill_process.cold+0x10/0x15 [ 3067.355577][T24328] out_of_memory+0x334/0x1340 [ 3067.360249][T24328] ? lock_downgrade+0x920/0x920 [ 3067.365103][T24328] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3067.370912][T24328] ? oom_killer_disable+0x280/0x280 [ 3067.376121][T24328] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3067.381665][T24328] ? memcg_stat_show+0xc40/0xc40 [ 3067.386603][T24328] ? do_raw_spin_unlock+0x57/0x270 [ 3067.391718][T24328] ? _raw_spin_unlock+0x2d/0x50 [ 3067.396570][T24328] try_charge+0xf4b/0x1440 [ 3067.400995][T24328] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3067.406542][T24328] ? percpu_ref_tryget_live+0x111/0x290 [ 3067.412088][T24328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3067.418324][T24328] ? __kasan_check_read+0x11/0x20 [ 3067.423354][T24328] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3067.428895][T24328] mem_cgroup_try_charge+0x136/0x590 [ 3067.434186][T24328] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3067.439819][T24328] wp_page_copy+0x407/0x1860 [ 3067.444410][T24328] ? find_held_lock+0x35/0x130 [ 3067.449171][T24328] ? do_wp_page+0x53b/0x15c0 [ 3067.453764][T24328] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3067.459574][T24328] ? lock_downgrade+0x920/0x920 [ 3067.464429][T24328] ? swp_swapcount+0x540/0x540 [ 3067.469189][T24328] ? __kasan_check_read+0x11/0x20 [ 3067.474221][T24328] ? do_raw_spin_unlock+0x57/0x270 [ 3067.479347][T24328] do_wp_page+0x543/0x15c0 [ 3067.483769][T24328] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3067.489157][T24328] __handle_mm_fault+0x23ec/0x4040 [ 3067.494282][T24328] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3067.499834][T24328] ? handle_mm_fault+0x292/0xaa0 [ 3067.504793][T24328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3067.511035][T24328] ? __kasan_check_read+0x11/0x20 [ 3067.516063][T24328] handle_mm_fault+0x3b7/0xaa0 [ 3067.520842][T24328] __do_page_fault+0x536/0xdd0 [ 3067.525620][T24328] do_page_fault+0x38/0x590 [ 3067.530137][T24328] page_fault+0x39/0x40 [ 3067.534292][T24328] RIP: 0033:0x430b06 [ 3067.538190][T24328] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3067.557801][T24328] RSP: 002b:00007ffc6db92330 EFLAGS: 00010206 [ 3067.563876][T24328] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3067.571844][T24328] RDX: 000000000247b930 RSI: 0000000002483970 RDI: 0000000000000003 [ 3067.579821][T24328] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000247a940 [ 3067.587800][T24328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3067.595775][T24328] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3067.609165][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3067.618726][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3067.628756][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3067.644360][T24346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3067.682377][T24346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3067.703575][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3067.715132][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3067.727392][T24348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3067.738366][T24328] memory: usage 15560kB, limit 0kB, failcnt 153 [ 3067.745349][T24328] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3067.753050][T24328] Memory cgroup stats for /syz3: [ 3067.753148][T24328] anon 61440 [ 3067.753148][T24328] file 90112 [ 3067.753148][T24328] kernel_stack 0 [ 3067.753148][T24328] slab 15933440 [ 3067.753148][T24328] sock 0 [ 3067.753148][T24328] shmem 0 [ 3067.753148][T24328] file_mapped 0 [ 3067.753148][T24328] file_dirty 0 [ 3067.753148][T24328] file_writeback 0 [ 3067.753148][T24328] anon_thp 0 [ 3067.753148][T24328] inactive_anon 0 [ 3067.753148][T24328] active_anon 61440 [ 3067.753148][T24328] inactive_file 135168 [ 3067.753148][T24328] active_file 0 [ 3067.753148][T24328] unevictable 0 [ 3067.753148][T24328] slab_reclaimable 15409152 [ 3067.753148][T24328] slab_unreclaimable 524288 [ 3067.753148][T24328] pgfault 46365 [ 3067.753148][T24328] pgmajfault 0 [ 3067.753148][T24328] workingset_refault 0 [ 3067.753148][T24328] workingset_activate 0 [ 3067.753148][T24328] workingset_nodereclaim 0 [ 3067.753148][T24328] pgrefill 349 [ 3067.753148][T24328] pgscan 343 [ 3067.753148][T24328] pgsteal 33 [ 3067.753148][T24328] pgactivate 297 [ 3067.876331][T24328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24328,uid=0 [ 3067.894752][T24328] Memory cgroup out of memory: Killed process 24328 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3068.243245][T24348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3068.323904][T24373] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3068.512388][T24373] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3068.532784][T24373] CPU: 0 PID: 24373 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3068.540371][T24373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3068.550438][T24373] Call Trace: [ 3068.553746][T24373] dump_stack+0x172/0x1f0 [ 3068.558095][T24373] dump_header+0x10b/0x82d [ 3068.562531][T24373] oom_kill_process.cold+0x10/0x15 [ 3068.567658][T24373] out_of_memory+0x334/0x1340 [ 3068.572351][T24373] ? retint_kernel+0x2b/0x2b [ 3068.576958][T24373] ? oom_killer_disable+0x280/0x280 [ 3068.582177][T24373] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3068.587734][T24373] ? memcg_stat_show+0xc40/0xc40 [ 3068.592697][T24373] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3068.598521][T24373] ? cgroup_file_notify+0x140/0x1b0 [ 3068.603741][T24373] memory_max_write+0x262/0x3a0 [ 3068.608606][T24373] ? mem_cgroup_write+0x370/0x370 [ 3068.613638][T24373] ? __this_cpu_preempt_check+0x3a/0x210 [ 3068.619282][T24373] ? retint_kernel+0x2b/0x2b [ 3068.624049][T24373] cgroup_file_write+0x241/0x790 [ 3068.629132][T24373] ? mem_cgroup_write+0x370/0x370 [ 3068.634181][T24373] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3068.639832][T24373] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3068.645479][T24373] kernfs_fop_write+0x2b8/0x480 [ 3068.650340][T24373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3068.656601][T24373] __vfs_write+0x8a/0x110 [ 3068.661077][T24373] ? kernfs_fop_open+0xd80/0xd80 [ 3068.666035][T24373] vfs_write+0x268/0x5d0 [ 3068.670295][T24373] ksys_write+0x14f/0x290 [ 3068.674635][T24373] ? __ia32_sys_read+0xb0/0xb0 [ 3068.679422][T24373] __x64_sys_write+0x73/0xb0 [ 3068.684026][T24373] ? do_syscall_64+0x5b/0x760 [ 3068.688709][T24373] do_syscall_64+0xfa/0x760 [ 3068.693227][T24373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3068.699126][T24373] RIP: 0033:0x459a29 [ 3068.703034][T24373] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3068.722651][T24373] RSP: 002b:00007f9db3f2ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3068.731075][T24373] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3068.739052][T24373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3068.747036][T24373] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3068.755018][T24373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9db3f2f6d4 [ 3068.763115][T24373] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3068.775876][T24373] memory: usage 3288kB, limit 0kB, failcnt 1333 [ 3068.783352][T24373] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3068.790722][T24373] Memory cgroup stats for /syz0: [ 3068.793153][T24373] anon 2097152 [ 3068.793153][T24373] file 20480 [ 3068.793153][T24373] kernel_stack 65536 [ 3068.793153][T24373] slab 962560 [ 3068.793153][T24373] sock 0 [ 3068.793153][T24373] shmem 0 [ 3068.793153][T24373] file_mapped 0 [ 3068.793153][T24373] file_dirty 0 [ 3068.793153][T24373] file_writeback 0 [ 3068.793153][T24373] anon_thp 2097152 [ 3068.793153][T24373] inactive_anon 0 [ 3068.793153][T24373] active_anon 2097152 [ 3068.793153][T24373] inactive_file 0 [ 3068.793153][T24373] active_file 0 [ 3068.793153][T24373] unevictable 0 [ 3068.793153][T24373] slab_reclaimable 270336 [ 3068.793153][T24373] slab_unreclaimable 692224 [ 3068.793153][T24373] pgfault 19272 [ 3068.793153][T24373] pgmajfault 0 [ 3068.793153][T24373] workingset_refault 0 [ 3068.793153][T24373] workingset_activate 0 [ 3068.793153][T24373] workingset_nodereclaim 0 [ 3068.793153][T24373] pgrefill 66 [ 3068.793153][T24373] pgscan 66 [ 3068.793153][T24373] pgsteal 0 [ 3068.793153][T24373] pgactivate 33 [ 3068.894806][T24373] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24370,uid=0 [ 3068.916961][T24373] Memory cgroup out of memory: Killed process 24370 (syz-executor.0) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3068.940857][ T1066] oom_reaper: reaped process 24370 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 3068.952458][T24378] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3068.964522][T24378] CPU: 0 PID: 24378 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3068.972196][T24378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3068.982264][T24378] Call Trace: [ 3068.985686][T24378] dump_stack+0x172/0x1f0 [ 3068.990043][T24378] dump_header+0x10b/0x82d [ 3068.994473][T24378] oom_kill_process.cold+0x10/0x15 [ 3068.999601][T24378] out_of_memory+0x334/0x1340 [ 3069.004305][T24378] ? oom_killer_disable+0x280/0x280 [ 3069.009532][T24378] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3069.015093][T24378] ? memcg_stat_show+0xc40/0xc40 [ 3069.020046][T24378] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3069.025981][T24378] ? cgroup_file_notify+0x140/0x1b0 [ 3069.031196][T24378] memory_max_write+0x262/0x3a0 [ 3069.036064][T24378] ? mem_cgroup_write+0x370/0x370 [ 3069.041105][T24378] ? cgroup_file_write+0x86/0x790 [ 3069.046138][T24378] cgroup_file_write+0x241/0x790 [ 3069.046156][T24378] ? mem_cgroup_write+0x370/0x370 [ 3069.046170][T24378] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3069.046195][T24378] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3069.046213][T24378] kernfs_fop_write+0x2b8/0x480 [ 3069.046240][T24378] __vfs_write+0x8a/0x110 [ 3069.046254][T24378] ? kernfs_fop_open+0xd80/0xd80 [ 3069.046270][T24378] vfs_write+0x268/0x5d0 [ 3069.046288][T24378] ksys_write+0x14f/0x290 [ 3069.046302][T24378] ? __ia32_sys_read+0xb0/0xb0 [ 3069.046324][T24378] __x64_sys_write+0x73/0xb0 [ 3069.067528][T24378] ? do_syscall_64+0x5b/0x760 [ 3069.067544][T24378] do_syscall_64+0xfa/0x760 [ 3069.067568][T24378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3069.081643][T24378] RIP: 0033:0x459a29 [ 3069.081659][T24378] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3069.081667][T24378] RSP: 002b:00007f9e5599ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3069.081680][T24378] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3069.081688][T24378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 3069.081696][T24378] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3069.081704][T24378] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e5599f6d4 [ 3069.081711][T24378] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3069.191462][T24378] memory: usage 3272kB, limit 0kB, failcnt 1298 [ 3069.205809][T24378] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3069.212946][T24378] Memory cgroup stats for /syz4: [ 3069.213888][T24378] anon 2166784 [ 3069.213888][T24378] file 28672 [ 3069.213888][T24378] kernel_stack 65536 [ 3069.213888][T24378] slab 831488 [ 3069.213888][T24378] sock 0 [ 3069.213888][T24378] shmem 0 [ 3069.213888][T24378] file_mapped 0 [ 3069.213888][T24378] file_dirty 135168 [ 3069.213888][T24378] file_writeback 0 [ 3069.213888][T24378] anon_thp 2097152 [ 3069.213888][T24378] inactive_anon 0 [ 3069.213888][T24378] active_anon 2166784 [ 3069.213888][T24378] inactive_file 135168 [ 3069.213888][T24378] active_file 0 [ 3069.213888][T24378] unevictable 0 [ 3069.213888][T24378] slab_reclaimable 270336 [ 3069.213888][T24378] slab_unreclaimable 561152 [ 3069.213888][T24378] pgfault 20163 [ 3069.213888][T24378] pgmajfault 0 [ 3069.213888][T24378] workingset_refault 0 [ 3069.213888][T24378] workingset_activate 0 [ 3069.213888][T24378] workingset_nodereclaim 0 [ 3069.213888][T24378] pgrefill 67 [ 3069.213888][T24378] pgscan 110 [ 3069.213888][T24378] pgsteal 70 [ 3069.213888][T24378] pgactivate 33 [ 3069.219048][T24378] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24377,uid=0 [ 3069.335380][T24378] Memory cgroup out of memory: Killed process 24378 (syz-executor.4) total-vm:72576kB, anon-rss:2180kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3069.364905][ T1066] oom_reaper: reaped process 24378 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3069.379856][T24380] IPVS: ftp: loaded support on port[0] = 21 20:15:39 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={0xffffffffffffffff, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) 20:15:39 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf00}, 0x0) 20:15:39 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x0, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:39 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3069.424245][T24346] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3069.444331][T24346] CPU: 0 PID: 24346 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3069.451908][T24346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3069.461973][T24346] Call Trace: [ 3069.465286][T24346] dump_stack+0x172/0x1f0 [ 3069.469633][T24346] dump_header+0x10b/0x82d [ 3069.474145][T24346] ? oom_kill_process+0x94/0x3f0 [ 3069.479093][T24346] oom_kill_process.cold+0x10/0x15 [ 3069.484218][T24346] out_of_memory+0x334/0x1340 [ 3069.488907][T24346] ? lock_downgrade+0x920/0x920 [ 3069.493770][T24346] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3069.499584][T24346] ? oom_killer_disable+0x280/0x280 [ 3069.504927][T24346] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3069.510479][T24346] ? memcg_stat_show+0xc40/0xc40 [ 3069.515543][T24346] ? do_raw_spin_unlock+0x57/0x270 [ 3069.520745][T24346] ? _raw_spin_unlock+0x2d/0x50 [ 3069.525611][T24346] try_charge+0xf4b/0x1440 [ 3069.530041][T24346] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3069.535672][T24346] ? percpu_ref_tryget_live+0x111/0x290 [ 3069.541227][T24346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3069.547479][T24346] ? __kasan_check_read+0x11/0x20 [ 3069.552520][T24346] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3069.558077][T24346] mem_cgroup_try_charge+0x136/0x590 [ 3069.563376][T24346] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3069.569026][T24346] wp_page_copy+0x407/0x1860 [ 3069.573625][T24346] ? find_held_lock+0x35/0x130 [ 3069.578401][T24346] ? do_wp_page+0x53b/0x15c0 [ 3069.583004][T24346] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3069.588819][T24346] ? lock_downgrade+0x920/0x920 [ 3069.593684][T24346] ? swp_swapcount+0x540/0x540 [ 3069.598628][T24346] ? __kasan_check_read+0x11/0x20 [ 3069.603660][T24346] ? do_raw_spin_unlock+0x57/0x270 [ 3069.608787][T24346] do_wp_page+0x543/0x15c0 [ 3069.613226][T24346] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3069.618614][T24346] __handle_mm_fault+0x23ec/0x4040 [ 3069.623739][T24346] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3069.629295][T24346] ? handle_mm_fault+0x292/0xaa0 [ 3069.634258][T24346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3069.640508][T24346] ? __kasan_check_read+0x11/0x20 [ 3069.645668][T24346] handle_mm_fault+0x3b7/0xaa0 [ 3069.650447][T24346] __do_page_fault+0x536/0xdd0 [ 3069.655387][T24346] do_page_fault+0x38/0x590 [ 3069.659996][T24346] page_fault+0x39/0x40 [ 3069.664163][T24346] RIP: 0033:0x430b06 [ 3069.668071][T24346] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3069.687677][T24346] RSP: 002b:00007fff22549170 EFLAGS: 00010206 [ 3069.693754][T24346] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3069.701732][T24346] RDX: 0000000001bc4930 RSI: 0000000001bcc970 RDI: 0000000000000003 [ 3069.709714][T24346] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001bc3940 [ 3069.717690][T24346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 20:15:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x2000}, 0x0) [ 3069.725671][T24346] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3069.756163][T24346] memory: usage 960kB, limit 0kB, failcnt 1341 [ 3069.776916][T24346] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3069.804897][T24346] Memory cgroup stats for /syz0: [ 3069.804993][T24346] anon 0 [ 3069.804993][T24346] file 20480 [ 3069.804993][T24346] kernel_stack 0 [ 3069.804993][T24346] slab 962560 [ 3069.804993][T24346] sock 0 [ 3069.804993][T24346] shmem 0 [ 3069.804993][T24346] file_mapped 0 [ 3069.804993][T24346] file_dirty 0 [ 3069.804993][T24346] file_writeback 0 [ 3069.804993][T24346] anon_thp 0 [ 3069.804993][T24346] inactive_anon 0 [ 3069.804993][T24346] active_anon 0 [ 3069.804993][T24346] inactive_file 0 [ 3069.804993][T24346] active_file 0 [ 3069.804993][T24346] unevictable 0 [ 3069.804993][T24346] slab_reclaimable 270336 [ 3069.804993][T24346] slab_unreclaimable 692224 [ 3069.804993][T24346] pgfault 19272 [ 3069.804993][T24346] pgmajfault 0 [ 3069.804993][T24346] workingset_refault 0 [ 3069.804993][T24346] workingset_activate 0 [ 3069.804993][T24346] workingset_nodereclaim 0 [ 3069.804993][T24346] pgrefill 66 [ 3069.804993][T24346] pgscan 66 [ 3069.804993][T24346] pgsteal 0 [ 3069.804993][T24346] pgactivate 33 [ 3069.804993][T24346] pgdeactivate 66 [ 3069.809973][T24346] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24346,uid=0 [ 3069.937850][T24386] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3069.946506][T24386] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3069.958125][T24346] Memory cgroup out of memory: Killed process 24346 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 20:15:39 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x3300}, 0x0) [ 3070.037962][T24348] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3070.038460][ T1066] oom_reaper: reaped process 24346 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3070.093560][T24348] CPU: 1 PID: 24348 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3070.101141][T24348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3070.111201][T24348] Call Trace: [ 3070.114504][T24348] dump_stack+0x172/0x1f0 [ 3070.118845][T24348] dump_header+0x10b/0x82d [ 3070.123399][T24348] ? oom_kill_process+0x94/0x3f0 [ 3070.128350][T24348] oom_kill_process.cold+0x10/0x15 [ 3070.133469][T24348] out_of_memory+0x334/0x1340 [ 3070.138149][T24348] ? lock_downgrade+0x920/0x920 [ 3070.143133][T24348] ? oom_killer_disable+0x280/0x280 [ 3070.148351][T24348] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3070.153900][T24348] ? memcg_stat_show+0xc40/0xc40 [ 3070.158850][T24348] ? do_raw_spin_unlock+0x57/0x270 [ 3070.163972][T24348] ? _raw_spin_unlock+0x2d/0x50 [ 3070.168832][T24348] try_charge+0xf4b/0x1440 [ 3070.173267][T24348] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3070.178812][T24348] ? percpu_ref_tryget_live+0x111/0x290 [ 3070.184369][T24348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3070.190618][T24348] ? __kasan_check_read+0x11/0x20 [ 3070.195660][T24348] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3070.201332][T24348] mem_cgroup_try_charge+0x136/0x590 [ 3070.206627][T24348] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3070.212270][T24348] wp_page_copy+0x407/0x1860 [ 3070.216868][T24348] ? find_held_lock+0x35/0x130 [ 3070.221756][T24348] ? do_wp_page+0x53b/0x15c0 [ 3070.226554][T24348] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3070.232381][T24348] ? lock_downgrade+0x920/0x920 [ 3070.237326][T24348] ? swp_swapcount+0x540/0x540 [ 3070.242098][T24348] ? __kasan_check_read+0x11/0x20 [ 3070.247129][T24348] ? do_raw_spin_unlock+0x57/0x270 [ 3070.252251][T24348] do_wp_page+0x543/0x15c0 [ 3070.256687][T24348] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3070.262204][T24348] __handle_mm_fault+0x23ec/0x4040 [ 3070.267420][T24348] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3070.273066][T24348] ? handle_mm_fault+0x292/0xaa0 [ 3070.278024][T24348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3070.284362][T24348] ? __kasan_check_read+0x11/0x20 [ 3070.289405][T24348] handle_mm_fault+0x3b7/0xaa0 [ 3070.294196][T24348] __do_page_fault+0x536/0xdd0 [ 3070.298970][T24348] do_page_fault+0x38/0x590 [ 3070.303487][T24348] page_fault+0x39/0x40 [ 3070.307668][T24348] RIP: 0033:0x430b06 [ 3070.311573][T24348] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3070.331186][T24348] RSP: 002b:00007ffcf229c3c0 EFLAGS: 00010206 [ 3070.337267][T24348] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3070.345381][T24348] RDX: 0000000001c2f930 RSI: 0000000001c37970 RDI: 0000000000000003 [ 3070.353552][T24348] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001c2e940 [ 3070.361526][T24348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3070.369508][T24348] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3070.404681][T24389] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3070.412908][T24389] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3070.423074][T24348] memory: usage 948kB, limit 0kB, failcnt 1306 [ 3070.432051][T24348] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3070.438916][T24348] Memory cgroup stats for /syz4: [ 3070.439021][T24348] anon 36864 [ 3070.439021][T24348] file 28672 [ 3070.439021][T24348] kernel_stack 0 [ 3070.439021][T24348] slab 831488 [ 3070.439021][T24348] sock 0 [ 3070.439021][T24348] shmem 0 [ 3070.439021][T24348] file_mapped 0 [ 3070.439021][T24348] file_dirty 135168 [ 3070.439021][T24348] file_writeback 0 [ 3070.439021][T24348] anon_thp 0 [ 3070.439021][T24348] inactive_anon 0 [ 3070.439021][T24348] active_anon 36864 [ 3070.439021][T24348] inactive_file 135168 [ 3070.439021][T24348] active_file 0 [ 3070.439021][T24348] unevictable 0 [ 3070.439021][T24348] slab_reclaimable 270336 [ 3070.439021][T24348] slab_unreclaimable 561152 [ 3070.439021][T24348] pgfault 20163 [ 3070.439021][T24348] pgmajfault 0 [ 3070.439021][T24348] workingset_refault 0 [ 3070.439021][T24348] workingset_activate 0 [ 3070.439021][T24348] workingset_nodereclaim 0 [ 3070.439021][T24348] pgrefill 67 [ 3070.439021][T24348] pgscan 110 [ 3070.439021][T24348] pgsteal 70 [ 3070.439021][T24348] pgactivate 33 [ 3070.541786][T24348] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24348,uid=0 [ 3070.557985][T24348] Memory cgroup out of memory: Killed process 24348 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3070.577169][ T1066] oom_reaper: reaped process 24348 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 20:15:40 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x3f00}, 0x0) [ 3070.714613][T24392] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3070.741826][T24392] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:15:40 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:40 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4000}, 0x0) 20:15:41 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={0xffffffffffffffff, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 3071.418960][T24394] IPVS: ftp: loaded support on port[0] = 21 [ 3071.461926][T24398] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3071.470198][T24398] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3071.704212][T24380] chnl_net:caif_netlink_parms(): no params data found [ 3071.917576][T24380] bridge0: port 1(bridge_slave_0) entered blocking state [ 3071.925660][T24380] bridge0: port 1(bridge_slave_0) entered disabled state [ 3071.934817][T24380] device bridge_slave_0 entered promiscuous mode [ 3071.959354][T24394] chnl_net:caif_netlink_parms(): no params data found [ 3071.968995][T24402] IPVS: ftp: loaded support on port[0] = 21 [ 3071.978275][T24380] bridge0: port 2(bridge_slave_1) entered blocking state [ 3071.990967][T24380] bridge0: port 2(bridge_slave_1) entered disabled state [ 3072.000053][T24380] device bridge_slave_1 entered promiscuous mode [ 3072.185278][T24380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3072.218093][T24380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3072.228493][T24394] bridge0: port 1(bridge_slave_0) entered blocking state [ 3072.236257][T24394] bridge0: port 1(bridge_slave_0) entered disabled state [ 3072.245202][T24394] device bridge_slave_0 entered promiscuous mode [ 3072.350363][T24394] bridge0: port 2(bridge_slave_1) entered blocking state [ 3072.364449][T24394] bridge0: port 2(bridge_slave_1) entered disabled state [ 3072.373375][T24394] device bridge_slave_1 entered promiscuous mode [ 3072.508016][T24380] team0: Port device team_slave_0 added [ 3072.522714][T24380] team0: Port device team_slave_1 added [ 3072.539757][T24394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3072.615715][T24380] device hsr_slave_0 entered promiscuous mode [ 3072.692867][T24380] device hsr_slave_1 entered promiscuous mode [ 3072.772503][T24380] debugfs: Directory 'hsr0' with parent '/' already present! [ 3072.837768][T24394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3072.976366][T24394] team0: Port device team_slave_0 added [ 3073.074883][T24394] team0: Port device team_slave_1 added [ 3073.127287][T24402] chnl_net:caif_netlink_parms(): no params data found [ 3073.205545][T24394] device hsr_slave_0 entered promiscuous mode [ 3073.282880][T24394] device hsr_slave_1 entered promiscuous mode [ 3073.341830][T24394] debugfs: Directory 'hsr0' with parent '/' already present! [ 3073.440146][T24380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3073.473528][T24402] bridge0: port 1(bridge_slave_0) entered blocking state [ 3073.480660][T24402] bridge0: port 1(bridge_slave_0) entered disabled state [ 3073.489351][T24402] device bridge_slave_0 entered promiscuous mode [ 3073.499651][T24402] bridge0: port 2(bridge_slave_1) entered blocking state [ 3073.506952][T24402] bridge0: port 2(bridge_slave_1) entered disabled state [ 3073.515710][T24402] device bridge_slave_1 entered promiscuous mode [ 3073.590910][T24380] 8021q: adding VLAN 0 to HW filter on device team0 [ 3073.659159][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3073.667978][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3073.676449][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3073.685776][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3073.694976][T16202] bridge0: port 1(bridge_slave_0) entered blocking state [ 3073.702180][T16202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3073.710966][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3073.720106][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3073.742124][T16202] bridge0: port 2(bridge_slave_1) entered blocking state [ 3073.749162][T16202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3073.773010][T24402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3073.800127][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3073.814223][T24402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3073.874734][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3073.905120][T24402] team0: Port device team_slave_0 added [ 3073.979918][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3073.993418][T24402] team0: Port device team_slave_1 added [ 3074.088449][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3074.098196][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3074.155826][T24402] device hsr_slave_0 entered promiscuous mode [ 3074.212950][T24402] device hsr_slave_1 entered promiscuous mode [ 3074.281740][T24402] debugfs: Directory 'hsr0' with parent '/' already present! [ 3074.378552][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3074.389288][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3074.398956][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3074.408314][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3074.417598][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3074.431200][T24394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3074.556051][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3074.566834][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3074.584815][T24380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3074.658898][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3074.668638][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3074.693531][T24394] 8021q: adding VLAN 0 to HW filter on device team0 [ 3074.806829][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3074.816433][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3074.827541][T16062] bridge0: port 1(bridge_slave_0) entered blocking state [ 3074.834661][T16062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3074.843068][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3074.852389][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3074.860909][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3074.868020][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3074.942311][T24380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3074.949750][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3074.961118][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3075.014467][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3075.033305][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3075.043644][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3075.104991][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3075.114537][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3075.124032][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3075.214607][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3075.229680][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3075.254317][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3075.264676][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3075.280397][T24394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3075.363032][T24410] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3075.373765][T24410] CPU: 0 PID: 24410 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3075.381318][T24410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3075.391385][T24410] Call Trace: [ 3075.394691][T24410] dump_stack+0x172/0x1f0 [ 3075.399038][T24410] dump_header+0x10b/0x82d [ 3075.403470][T24410] oom_kill_process.cold+0x10/0x15 [ 3075.408592][T24410] out_of_memory+0x334/0x1340 [ 3075.413284][T24410] ? cgroup_file_notify+0x140/0x1b0 [ 3075.418551][T24410] ? oom_killer_disable+0x280/0x280 [ 3075.423777][T24410] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3075.429338][T24410] ? memcg_stat_show+0xc40/0xc40 [ 3075.434298][T24410] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3075.440115][T24410] ? cgroup_file_notify+0x140/0x1b0 [ 3075.445315][T24410] memory_max_write+0x262/0x3a0 [ 3075.450157][T24410] ? mem_cgroup_write+0x370/0x370 [ 3075.455172][T24410] ? lock_acquire+0x190/0x410 [ 3075.459983][T24410] ? kernfs_fop_write+0x227/0x480 [ 3075.465101][T24410] cgroup_file_write+0x241/0x790 [ 3075.470050][T24410] ? mem_cgroup_write+0x370/0x370 [ 3075.475070][T24410] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3075.480703][T24410] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3075.486336][T24410] kernfs_fop_write+0x2b8/0x480 [ 3075.491198][T24410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3075.497438][T24410] __vfs_write+0x8a/0x110 [ 3075.501764][T24410] ? kernfs_fop_open+0xd80/0xd80 [ 3075.506702][T24410] vfs_write+0x268/0x5d0 [ 3075.510940][T24410] ksys_write+0x14f/0x290 [ 3075.515264][T24410] ? __ia32_sys_read+0xb0/0xb0 [ 3075.520023][T24410] ? do_syscall_64+0x26/0x760 [ 3075.524699][T24410] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3075.530760][T24410] ? do_syscall_64+0x26/0x760 [ 3075.535432][T24410] __x64_sys_write+0x73/0xb0 [ 3075.540020][T24410] do_syscall_64+0xfa/0x760 [ 3075.544521][T24410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3075.550555][T24410] RIP: 0033:0x459a29 [ 3075.554458][T24410] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3075.574187][T24410] RSP: 002b:00007fb32cc30c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3075.582605][T24410] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3075.590639][T24410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3075.598601][T24410] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3075.606633][T24410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb32cc316d4 [ 3075.614611][T24410] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3075.664261][T24410] memory: usage 3292kB, limit 0kB, failcnt 1385 [ 3075.670685][T24410] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3075.677842][T24410] Memory cgroup stats for /syz5: [ 3075.678974][T24410] anon 2158592 [ 3075.678974][T24410] file 0 [ 3075.678974][T24410] kernel_stack 65536 [ 3075.678974][T24410] slab 811008 [ 3075.678974][T24410] sock 4096 [ 3075.678974][T24410] shmem 77824 [ 3075.678974][T24410] file_mapped 0 [ 3075.678974][T24410] file_dirty 0 [ 3075.678974][T24410] file_writeback 0 [ 3075.678974][T24410] anon_thp 2097152 [ 3075.678974][T24410] inactive_anon 135168 [ 3075.678974][T24410] active_anon 2158592 [ 3075.678974][T24410] inactive_file 0 [ 3075.678974][T24410] active_file 0 [ 3075.678974][T24410] unevictable 0 [ 3075.678974][T24410] slab_reclaimable 135168 [ 3075.678974][T24410] slab_unreclaimable 675840 [ 3075.678974][T24410] pgfault 21945 [ 3075.678974][T24410] pgmajfault 0 [ 3075.678974][T24410] workingset_refault 0 [ 3075.678974][T24410] workingset_activate 0 [ 3075.678974][T24410] workingset_nodereclaim 0 [ 3075.678974][T24410] pgrefill 165 [ 3075.678974][T24410] pgscan 253 [ 3075.678974][T24410] pgsteal 69 [ 3075.678974][T24410] pgactivate 66 [ 3075.779416][T24410] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24408,uid=0 [ 3075.813309][T24410] Memory cgroup out of memory: Killed process 24408 (syz-executor.5) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 20:15:45 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:45 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={0xffffffffffffffff, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 3075.857346][ T1066] oom_reaper: reaped process 24408 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3075.863441][T24402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3075.905660][T24380] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3075.915985][T24380] CPU: 0 PID: 24380 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3075.923540][T24380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3075.923546][T24380] Call Trace: [ 3075.923570][T24380] dump_stack+0x172/0x1f0 [ 3075.923592][T24380] dump_header+0x10b/0x82d [ 3075.923603][T24380] ? oom_kill_process+0x94/0x3f0 [ 3075.923620][T24380] oom_kill_process.cold+0x10/0x15 [ 3075.923636][T24380] out_of_memory+0x334/0x1340 [ 3075.923652][T24380] ? lock_downgrade+0x920/0x920 [ 3075.923671][T24380] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3075.923688][T24380] ? oom_killer_disable+0x280/0x280 [ 3075.976433][T24380] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3075.981999][T24380] ? memcg_stat_show+0xc40/0xc40 [ 3075.982018][T24380] ? do_raw_spin_unlock+0x57/0x270 [ 3075.982037][T24380] ? _raw_spin_unlock+0x2d/0x50 [ 3075.982058][T24380] try_charge+0xf4b/0x1440 [ 3076.001344][T24380] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3076.006892][T24380] ? percpu_ref_tryget_live+0x111/0x290 [ 3076.006914][T24380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3076.018688][T24380] ? __kasan_check_read+0x11/0x20 [ 3076.023725][T24380] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3076.029283][T24380] mem_cgroup_try_charge+0x136/0x590 [ 3076.034588][T24380] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3076.040233][T24380] wp_page_copy+0x407/0x1860 [ 3076.044916][T24380] ? find_held_lock+0x35/0x130 [ 3076.048662][T24394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3076.049689][T24380] ? do_wp_page+0x53b/0x15c0 [ 3076.061014][T24380] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3076.066820][T24380] ? lock_downgrade+0x920/0x920 [ 3076.066840][T24380] ? swp_swapcount+0x540/0x540 [ 3076.066855][T24380] ? __kasan_check_read+0x11/0x20 [ 3076.066870][T24380] ? do_raw_spin_unlock+0x57/0x270 [ 3076.076606][T24380] do_wp_page+0x543/0x15c0 [ 3076.091126][T24380] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3076.096514][T24380] __handle_mm_fault+0x23ec/0x4040 [ 3076.101635][T24380] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3076.107186][T24380] ? handle_mm_fault+0x292/0xaa0 [ 3076.112142][T24380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3076.118389][T24380] ? __kasan_check_read+0x11/0x20 [ 3076.123421][T24380] handle_mm_fault+0x3b7/0xaa0 [ 3076.123444][T24380] __do_page_fault+0x536/0xdd0 [ 3076.123470][T24380] do_page_fault+0x38/0x590 [ 3076.133027][T24380] page_fault+0x39/0x40 [ 3076.141685][T24380] RIP: 0033:0x430b06 [ 3076.141701][T24380] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3076.141708][T24380] RSP: 002b:00007ffc681c50d0 EFLAGS: 00010206 [ 3076.141720][T24380] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3076.141727][T24380] RDX: 0000000001582930 RSI: 000000000158a970 RDI: 0000000000000003 [ 3076.141739][T24380] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001581940 [ 3076.165268][T24380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3076.179354][T24380] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3076.219189][T24380] memory: usage 972kB, limit 0kB, failcnt 1393 [ 3076.262220][T24380] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3076.269100][T24380] Memory cgroup stats for /syz5: [ 3076.269221][T24380] anon 53248 [ 3076.269221][T24380] file 0 [ 3076.269221][T24380] kernel_stack 65536 [ 3076.269221][T24380] slab 811008 [ 3076.269221][T24380] sock 4096 [ 3076.269221][T24380] shmem 77824 [ 3076.269221][T24380] file_mapped 0 [ 3076.269221][T24380] file_dirty 0 [ 3076.269221][T24380] file_writeback 0 [ 3076.269221][T24380] anon_thp 0 [ 3076.269221][T24380] inactive_anon 135168 [ 3076.269221][T24380] active_anon 53248 [ 3076.269221][T24380] inactive_file 0 [ 3076.269221][T24380] active_file 0 [ 3076.269221][T24380] unevictable 0 [ 3076.269221][T24380] slab_reclaimable 135168 [ 3076.269221][T24380] slab_unreclaimable 675840 [ 3076.269221][T24380] pgfault 21978 [ 3076.269221][T24380] pgmajfault 0 [ 3076.269221][T24380] workingset_refault 0 [ 3076.269221][T24380] workingset_activate 0 [ 3076.269221][T24380] workingset_nodereclaim 0 [ 3076.269221][T24380] pgrefill 165 [ 3076.269221][T24380] pgscan 253 [ 3076.269221][T24380] pgsteal 69 [ 3076.269221][T24380] pgactivate 66 [ 3076.293423][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3076.469614][T24380] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24380,uid=0 [ 3076.494093][T24380] Memory cgroup out of memory: Killed process 24380 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3076.503146][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3076.527900][T24402] 8021q: adding VLAN 0 to HW filter on device team0 [ 3076.535340][ T1066] oom_reaper: reaped process 24380 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3076.633192][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3076.646626][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3076.655844][T12724] bridge0: port 1(bridge_slave_0) entered blocking state [ 3076.662976][T12724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3076.716020][T24417] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3076.809815][T24418] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3076.851784][T24418] CPU: 0 PID: 24418 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3076.859382][T24418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3076.869561][T24418] Call Trace: [ 3076.872871][T24418] dump_stack+0x172/0x1f0 [ 3076.877225][T24418] dump_header+0x10b/0x82d [ 3076.881658][T24418] oom_kill_process.cold+0x10/0x15 [ 3076.886783][T24418] out_of_memory+0x334/0x1340 [ 3076.891479][T24418] ? __sched_text_start+0x8/0x8 [ 3076.896353][T24418] ? oom_killer_disable+0x280/0x280 [ 3076.901573][T24418] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3076.907130][T24418] ? memcg_stat_show+0xc40/0xc40 [ 3076.912088][T24418] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3076.917902][T24418] ? cgroup_file_notify+0x140/0x1b0 [ 3076.923161][T24418] memory_max_write+0x262/0x3a0 [ 3076.928010][T24418] ? mem_cgroup_write+0x370/0x370 [ 3076.933161][T24418] ? lock_acquire+0x190/0x410 [ 3076.938074][T24418] ? kernfs_fop_write+0x227/0x480 [ 3076.943114][T24418] cgroup_file_write+0x241/0x790 [ 3076.948063][T24418] ? mem_cgroup_write+0x370/0x370 [ 3076.953222][T24418] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3076.958876][T24418] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3076.964637][T24418] kernfs_fop_write+0x2b8/0x480 [ 3076.969487][T24418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3076.975852][T24418] __vfs_write+0x8a/0x110 [ 3076.980230][T24418] ? kernfs_fop_open+0xd80/0xd80 [ 3076.985233][T24418] vfs_write+0x268/0x5d0 [ 3076.989472][T24418] ksys_write+0x14f/0x290 [ 3076.993795][T24418] ? __ia32_sys_read+0xb0/0xb0 [ 3076.998679][T24418] ? do_syscall_64+0x26/0x760 [ 3077.003353][T24418] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3077.009410][T24418] ? do_syscall_64+0x26/0x760 [ 3077.014081][T24418] __x64_sys_write+0x73/0xb0 [ 3077.018766][T24418] do_syscall_64+0xfa/0x760 [ 3077.023267][T24418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3077.029147][T24418] RIP: 0033:0x459a29 [ 3077.033032][T24418] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3077.052626][T24418] RSP: 002b:00007f8c3a642c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3077.061140][T24418] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3077.069109][T24418] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3077.077075][T24418] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3077.085041][T24418] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c3a6436d4 [ 3077.093035][T24418] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3077.171720][T24418] memory: usage 3228kB, limit 0kB, failcnt 1383 [ 3077.178135][T24418] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3077.241785][T24418] Memory cgroup stats for /syz2: [ 3077.241908][T24418] anon 2183168 [ 3077.241908][T24418] file 20480 [ 3077.241908][T24418] kernel_stack 65536 [ 3077.241908][T24418] slab 946176 [ 3077.241908][T24418] sock 0 [ 3077.241908][T24418] shmem 0 [ 3077.241908][T24418] file_mapped 0 [ 3077.241908][T24418] file_dirty 135168 [ 3077.241908][T24418] file_writeback 0 [ 3077.241908][T24418] anon_thp 2097152 [ 3077.241908][T24418] inactive_anon 0 [ 3077.241908][T24418] active_anon 2183168 [ 3077.241908][T24418] inactive_file 0 [ 3077.241908][T24418] active_file 0 [ 3077.241908][T24418] unevictable 0 [ 3077.241908][T24418] slab_reclaimable 270336 [ 3077.241908][T24418] slab_unreclaimable 675840 [ 3077.241908][T24418] pgfault 19008 [ 3077.241908][T24418] pgmajfault 0 [ 3077.241908][T24418] workingset_refault 0 [ 3077.241908][T24418] workingset_activate 0 [ 3077.241908][T24418] workingset_nodereclaim 0 [ 3077.241908][T24418] pgrefill 99 [ 3077.241908][T24418] pgscan 99 [ 3077.241908][T24418] pgsteal 0 [ 3077.241908][T24418] pgactivate 66 [ 3077.338066][T24418] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24416,uid=0 [ 3077.354271][T24418] Memory cgroup out of memory: Killed process 24416 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:1000 [ 3077.375394][ T1066] oom_reaper: reaped process 24416 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 3077.425605][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3077.434861][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3077.443838][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3077.452627][T16062] bridge0: port 2(bridge_slave_1) entered blocking state [ 3077.459849][T16062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3077.543573][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3077.651865][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 20:15:47 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:47 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3077.706939][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3077.721567][T24394] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3077.735373][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3077.743540][T24394] CPU: 1 PID: 24394 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3077.751219][T24394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3077.761282][T24394] Call Trace: [ 3077.764584][T24394] dump_stack+0x172/0x1f0 [ 3077.768927][T24394] dump_header+0x10b/0x82d [ 3077.773341][T24394] ? oom_kill_process+0x94/0x3f0 [ 3077.778289][T24394] oom_kill_process.cold+0x10/0x15 [ 3077.783402][T24394] out_of_memory+0x334/0x1340 [ 3077.783418][T24394] ? lock_downgrade+0x920/0x920 [ 3077.783437][T24394] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3077.783451][T24394] ? oom_killer_disable+0x280/0x280 [ 3077.783475][T24394] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3077.783488][T24394] ? memcg_stat_show+0xc40/0xc40 [ 3077.783507][T24394] ? do_raw_spin_unlock+0x57/0x270 [ 3077.783527][T24394] ? _raw_spin_unlock+0x2d/0x50 [ 3077.783543][T24394] try_charge+0xf4b/0x1440 [ 3077.783566][T24394] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3077.783578][T24394] ? percpu_ref_tryget_live+0x111/0x290 [ 3077.783597][T24394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3077.783612][T24394] ? __kasan_check_read+0x11/0x20 [ 3077.783631][T24394] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3077.783650][T24394] mem_cgroup_try_charge+0x136/0x590 [ 3077.783670][T24394] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3077.783689][T24394] __handle_mm_fault+0x1f0d/0x4040 [ 3077.783708][T24394] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3077.783721][T24394] ? handle_mm_fault+0x292/0xaa0 [ 3077.783744][T24394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3077.783759][T24394] ? __kasan_check_read+0x11/0x20 [ 3077.783775][T24394] handle_mm_fault+0x3b7/0xaa0 [ 3077.783800][T24394] __do_page_fault+0x536/0xdd0 [ 3077.783817][T24394] do_page_fault+0x38/0x590 [ 3077.783832][T24394] page_fault+0x39/0x40 [ 3077.783842][T24394] RIP: 0033:0x4034f2 [ 3077.783855][T24394] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3077.783862][T24394] RSP: 002b:00007ffd1655efe0 EFLAGS: 00010246 [ 3077.783873][T24394] RAX: 0000000000000000 RBX: 00000000002ef2bc RCX: 0000000000413630 [ 3077.783881][T24394] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd16560110 [ 3077.783887][T24394] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000bd8940 [ 3077.783894][T24394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd16560110 [ 3077.783902][T24394] R13: 00007ffd16560100 R14: 0000000000000000 R15: 00007ffd16560110 [ 3077.802665][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3077.920037][T24394] memory: usage 864kB, limit 0kB, failcnt 1391 [ 3078.007994][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3078.026414][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3078.042860][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3078.060892][T24394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3078.068933][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3078.087137][T24394] Memory cgroup stats for /syz2: [ 3078.087244][T24394] anon 0 [ 3078.087244][T24394] file 20480 [ 3078.087244][T24394] kernel_stack 0 [ 3078.087244][T24394] slab 946176 [ 3078.087244][T24394] sock 0 [ 3078.087244][T24394] shmem 0 [ 3078.087244][T24394] file_mapped 0 [ 3078.087244][T24394] file_dirty 135168 [ 3078.087244][T24394] file_writeback 0 [ 3078.087244][T24394] anon_thp 0 [ 3078.087244][T24394] inactive_anon 0 [ 3078.087244][T24394] active_anon 0 [ 3078.087244][T24394] inactive_file 0 [ 3078.087244][T24394] active_file 0 [ 3078.087244][T24394] unevictable 0 [ 3078.087244][T24394] slab_reclaimable 270336 [ 3078.087244][T24394] slab_unreclaimable 675840 [ 3078.087244][T24394] pgfault 19008 [ 3078.087244][T24394] pgmajfault 0 [ 3078.087244][T24394] workingset_refault 0 [ 3078.087244][T24394] workingset_activate 0 [ 3078.087244][T24394] workingset_nodereclaim 0 [ 3078.087244][T24394] pgrefill 99 [ 3078.087244][T24394] pgscan 99 [ 3078.087244][T24394] pgsteal 0 [ 3078.087244][T24394] pgactivate 66 [ 3078.087244][T24394] pgdeactivate 99 [ 3078.200056][T24420] IPVS: ftp: loaded support on port[0] = 21 [ 3078.221798][T24394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24394,uid=0 [ 3078.237742][T24394] Memory cgroup out of memory: Killed process 24394 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:118784kB oom_score_adj:0 [ 3078.262727][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3078.271280][ T1066] oom_reaper: reaped process 24394 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3078.271557][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3078.367829][T24402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3078.766112][T24402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3079.081403][T24428] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3079.114826][T24420] chnl_net:caif_netlink_parms(): no params data found [ 3079.201790][T24429] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3079.212162][T24429] CPU: 0 PID: 24429 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3079.212173][T24429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3079.212179][T24429] Call Trace: [ 3079.212204][T24429] dump_stack+0x172/0x1f0 [ 3079.212227][T24429] dump_header+0x10b/0x82d [ 3079.212248][T24429] oom_kill_process.cold+0x10/0x15 [ 3079.212267][T24429] out_of_memory+0x334/0x1340 [ 3079.212286][T24429] ? __sched_text_start+0x8/0x8 [ 3079.212303][T24429] ? oom_killer_disable+0x280/0x280 [ 3079.212329][T24429] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3079.212344][T24429] ? memcg_stat_show+0xc40/0xc40 [ 3079.212367][T24429] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3079.212387][T24429] ? cgroup_file_notify+0x140/0x1b0 [ 3079.212406][T24429] memory_max_write+0x262/0x3a0 [ 3079.212426][T24429] ? mem_cgroup_write+0x370/0x370 [ 3079.212444][T24429] ? lock_acquire+0x190/0x410 [ 3079.212459][T24429] ? kernfs_fop_write+0x227/0x480 [ 3079.212480][T24429] cgroup_file_write+0x241/0x790 [ 3079.242021][T24429] ? mem_cgroup_write+0x370/0x370 [ 3079.251748][T24429] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3079.251767][T24429] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3079.251786][T24429] kernfs_fop_write+0x2b8/0x480 [ 3079.251803][T24429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3079.251825][T24429] __vfs_write+0x8a/0x110 [ 3079.272262][T24429] ? kernfs_fop_open+0xd80/0xd80 [ 3079.283204][T24429] vfs_write+0x268/0x5d0 [ 3079.283221][T24429] ksys_write+0x14f/0x290 [ 3079.283238][T24429] ? __ia32_sys_read+0xb0/0xb0 [ 3079.302722][T24429] ? do_syscall_64+0x26/0x760 [ 3079.312625][T24429] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3079.312641][T24429] ? do_syscall_64+0x26/0x760 [ 3079.312661][T24429] __x64_sys_write+0x73/0xb0 [ 3079.334933][T24429] do_syscall_64+0xfa/0x760 [ 3079.344145][T24429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3079.344156][T24429] RIP: 0033:0x459a29 [ 3079.344174][T24429] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3079.357427][T24429] RSP: 002b:00007f31184d5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3079.368123][T24429] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3079.368135][T24429] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3079.377339][T24429] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3079.377352][T24429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f31184d66d4 [ 3079.387688][T24429] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3079.398456][T24429] memory: usage 15824kB, limit 0kB, failcnt 154 [ 3079.492014][T24429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3079.501736][T24429] Memory cgroup stats for /syz3: [ 3079.501859][T24429] anon 2142208 [ 3079.501859][T24429] file 90112 [ 3079.501859][T24429] kernel_stack 65536 [ 3079.501859][T24429] slab 13770752 [ 3079.501859][T24429] sock 0 [ 3079.501859][T24429] shmem 0 [ 3079.501859][T24429] file_mapped 0 [ 3079.501859][T24429] file_dirty 0 [ 3079.501859][T24429] file_writeback 0 [ 3079.501859][T24429] anon_thp 2097152 [ 3079.501859][T24429] inactive_anon 0 [ 3079.501859][T24429] active_anon 2142208 [ 3079.501859][T24429] inactive_file 135168 [ 3079.501859][T24429] active_file 0 [ 3079.501859][T24429] unevictable 0 [ 3079.501859][T24429] slab_reclaimable 13246464 [ 3079.501859][T24429] slab_unreclaimable 524288 [ 3079.501859][T24429] pgfault 46431 [ 3079.501859][T24429] pgmajfault 0 [ 3079.501859][T24429] workingset_refault 0 [ 3079.501859][T24429] workingset_activate 0 [ 3079.501859][T24429] workingset_nodereclaim 0 [ 3079.501859][T24429] pgrefill 349 [ 3079.501859][T24429] pgscan 343 [ 3079.501859][T24429] pgsteal 33 [ 3079.501859][T24429] pgactivate 297 [ 3079.618056][T24431] IPVS: ftp: loaded support on port[0] = 21 [ 3079.622173][T24429] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24427,uid=0 [ 3079.640201][T24429] Memory cgroup out of memory: Killed process 24427 (syz-executor.3) total-vm:72708kB, anon-rss:2192kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3079.661796][ T1066] oom_reaper: reaped process 24427 (syz-executor.3), now anon-rss:0kB, file-rss:34900kB, shmem-rss:0kB [ 3079.818191][T24420] bridge0: port 1(bridge_slave_0) entered blocking state [ 3079.836544][T24420] bridge0: port 1(bridge_slave_0) entered disabled state 20:15:49 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100, 0x100000001, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000}, 0x0, 0xe, 0xffffffffffffffff, 0x40) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000dc0)={r0, &(0x7f0000000a40)="4b814e8f529005bf8419525bcbafc7ac20dc6def7cf60fe0f472a4739ca00f1574ffc8e7603d6ca1db46884c813f22b04afb40da4867eb282deeb8b113e866bbb332e3bb3eb5cc4a3d106f1c57bb9447df0585e2c18c3d4d766c53a95e25edd736d558953126fd2c7e579b6748fd98264063a103034f1847bc63cce389d106b054a00e5e8403c2a82886ddf4cef99bdcfbd6a157eabd7f3ed2d736f6ca429e5f0fc844a6f0e48ed2b5a65bc1a897b0e23c0e3a4d426930311656fe0a19e1529eed72b1ec7e1ef9db3e45cbb6023627bffc", &(0x7f0000000d00)="25e47ec3ac62b8c09c49f92c56734894e160be8dd7b854f8094bdceb3834e8b6b027c2a23edcb722b7fdf0ad10531a2eeb231bf216b889686b49cfd5ad639452b4c1003d3bb873e96c69835b0014e5d34f567502f85a530cbe13fbb35d120a01e4088d85aade4ac36aced6449d1432f00d30fd11eab32fd0394748c9cc1f4129bbef1bab1069b085554dcf36335d7726d06106ce6c25eccfca6d171b75b2b74725cf12bb0909438f1336ead316e86ce868bea94dbb2268"}, 0x20) r1 = socket$kcm(0x29, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x12, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x3, 0x7, 0x0, 0x1, 0x2}]}, &(0x7f0000f6bffb), 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000e00)=r2, 0x1e9) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x8) r4 = socket$kcm(0xa, 0x100000000000001, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x800000000006) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x12', 0x1ff) sendmsg$kcm(r4, 0x0, 0x200008c2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x3) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000580)=""/230, 0x3f0}, {&(0x7f0000000740)=""/157, 0x9d}, {&(0x7f0000000800)=""/232, 0xe8}, {&(0x7f0000000680)=""/69, 0xffffffffffffff6c}, {&(0x7f0000000900)=""/33, 0x21}, {&(0x7f0000000940)=""/223, 0xdf}, {&(0x7f0000000ec0)=""/240, 0x19}], 0x0, &(0x7f0000000bc0)=""/25, 0x19}, 0x40) socket$kcm(0x29, 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000c40)=0x4) close(r5) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000400)=r2, 0x4) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) r7 = socket$kcm(0x10, 0x1000000000000002, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x8) recvmsg(r7, &(0x7f0000000380)={0x0, 0x237, 0x0, 0x0, 0x0, 0xfffffffffffffe2c}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r9 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r9, 0x1, 0x3e, &(0x7f00000002c0)=r8, 0x161) ioctl$TUNSETVNETBE(r8, 0x400454de, &(0x7f0000000240)=0x1) recvmsg(r7, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) 20:15:49 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4800}, 0x0) 20:15:49 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:49 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3079.871893][T24420] device bridge_slave_0 entered promiscuous mode [ 3079.886445][T24402] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3079.911938][T24402] CPU: 0 PID: 24402 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3079.919487][T24402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3079.929535][T24402] Call Trace: [ 3079.932829][T24402] dump_stack+0x172/0x1f0 [ 3079.937165][T24402] dump_header+0x10b/0x82d [ 3079.941578][T24402] ? oom_kill_process+0x94/0x3f0 [ 3079.946517][T24402] oom_kill_process.cold+0x10/0x15 [ 3079.951626][T24402] out_of_memory+0x334/0x1340 [ 3079.952191][T24433] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3079.956299][T24402] ? lock_downgrade+0x920/0x920 [ 3079.956318][T24402] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3079.956335][T24402] ? oom_killer_disable+0x280/0x280 [ 3079.969217][T24402] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3079.985690][T24402] ? memcg_stat_show+0xc40/0xc40 [ 3079.990628][T24402] ? do_raw_spin_unlock+0x57/0x270 [ 3079.995732][T24402] ? _raw_spin_unlock+0x2d/0x50 [ 3080.000595][T24402] try_charge+0xf4b/0x1440 [ 3080.000617][T24402] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3080.000633][T24402] ? percpu_ref_tryget_live+0x111/0x290 [ 3080.005149][T24433] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3080.010556][T24402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3080.010574][T24402] ? __kasan_check_read+0x11/0x20 [ 3080.010593][T24402] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3080.010615][T24402] mem_cgroup_try_charge+0x136/0x590 [ 3080.036614][T24402] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3080.053000][T24402] wp_page_copy+0x407/0x1860 [ 3080.053018][T24402] ? find_held_lock+0x35/0x130 [ 3080.053035][T24402] ? do_wp_page+0x53b/0x15c0 [ 3080.066915][T24402] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3080.072712][T24402] ? lock_downgrade+0x920/0x920 [ 3080.072732][T24402] ? swp_swapcount+0x540/0x540 [ 3080.072748][T24402] ? __kasan_check_read+0x11/0x20 [ 3080.072763][T24402] ? do_raw_spin_unlock+0x57/0x270 [ 3080.087336][T24402] do_wp_page+0x543/0x15c0 [ 3080.087356][T24402] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3080.087379][T24402] __handle_mm_fault+0x23ec/0x4040 [ 3080.107297][T24402] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3080.112833][T24402] ? handle_mm_fault+0x292/0xaa0 [ 3080.112865][T24402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3080.112882][T24402] ? __kasan_check_read+0x11/0x20 [ 3080.112900][T24402] handle_mm_fault+0x3b7/0xaa0 [ 3080.133789][T24402] __do_page_fault+0x536/0xdd0 [ 3080.133813][T24402] do_page_fault+0x38/0x590 [ 3080.133833][T24402] page_fault+0x39/0x40 [ 3080.133848][T24402] RIP: 0033:0x430b06 [ 3080.151085][T24402] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3080.170675][T24402] RSP: 002b:00007fff161393a0 EFLAGS: 00010206 [ 3080.170687][T24402] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3080.170696][T24402] RDX: 0000000002654930 RSI: 000000000265c970 RDI: 0000000000000003 [ 3080.170704][T24402] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002653940 [ 3080.170711][T24402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3080.170720][T24402] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3080.320412][T24420] bridge0: port 2(bridge_slave_1) entered blocking state [ 3080.331457][T24420] bridge0: port 2(bridge_slave_1) entered disabled state [ 3080.342097][T24402] memory: usage 13448kB, limit 0kB, failcnt 166 [ 3080.349570][T24402] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3080.364491][T24420] device bridge_slave_1 entered promiscuous mode [ 3080.411708][T24402] Memory cgroup stats for /syz3: [ 3080.411822][T24402] anon 0 [ 3080.411822][T24402] file 90112 [ 3080.411822][T24402] kernel_stack 0 [ 3080.411822][T24402] slab 13635584 [ 3080.411822][T24402] sock 0 [ 3080.411822][T24402] shmem 0 [ 3080.411822][T24402] file_mapped 0 [ 3080.411822][T24402] file_dirty 0 [ 3080.411822][T24402] file_writeback 0 [ 3080.411822][T24402] anon_thp 0 [ 3080.411822][T24402] inactive_anon 0 [ 3080.411822][T24402] active_anon 0 [ 3080.411822][T24402] inactive_file 135168 [ 3080.411822][T24402] active_file 0 20:15:50 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c00}, 0x0) [ 3080.411822][T24402] unevictable 0 [ 3080.411822][T24402] slab_reclaimable 13111296 [ 3080.411822][T24402] slab_unreclaimable 524288 [ 3080.411822][T24402] pgfault 46431 [ 3080.411822][T24402] pgmajfault 0 [ 3080.411822][T24402] workingset_refault 0 [ 3080.411822][T24402] workingset_activate 0 [ 3080.411822][T24402] workingset_nodereclaim 0 [ 3080.411822][T24402] pgrefill 349 [ 3080.411822][T24402] pgscan 343 [ 3080.411822][T24402] pgsteal 33 [ 3080.411822][T24402] pgactivate 297 [ 3080.574221][T24436] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3080.621752][T24436] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3080.659769][T24402] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24402,uid=0 20:15:50 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6000}, 0x0) [ 3080.712769][T24420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3080.731767][T24402] Memory cgroup out of memory: Killed process 24402 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3080.793820][T24439] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3080.805691][T24439] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3080.833776][T24420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:15:50 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6800}, 0x0) [ 3080.938234][T24442] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3080.946587][T24442] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3081.227875][T24420] team0: Port device team_slave_0 added 20:15:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100, 0x100000001, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000}, 0x0, 0xe, 0xffffffffffffffff, 0x40) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000dc0)={r0, &(0x7f0000000a40)="4b814e8f529005bf8419525bcbafc7ac20dc6def7cf60fe0f472a4739ca00f1574ffc8e7603d6ca1db46884c813f22b04afb40da4867eb282deeb8b113e866bbb332e3bb3eb5cc4a3d106f1c57bb9447df0585e2c18c3d4d766c53a95e25edd736d558953126fd2c7e579b6748fd98264063a103034f1847bc63cce389d106b054a00e5e8403c2a82886ddf4cef99bdcfbd6a157eabd7f3ed2d736f6ca429e5f0fc844a6f0e48ed2b5a65bc1a897b0e23c0e3a4d426930311656fe0a19e1529eed72b1ec7e1ef9db3e45cbb6023627bffc", &(0x7f0000000d00)="25e47ec3ac62b8c09c49f92c56734894e160be8dd7b854f8094bdceb3834e8b6b027c2a23edcb722b7fdf0ad10531a2eeb231bf216b889686b49cfd5ad639452b4c1003d3bb873e96c69835b0014e5d34f567502f85a530cbe13fbb35d120a01e4088d85aade4ac36aced6449d1432f00d30fd11eab32fd0394748c9cc1f4129bbef1bab1069b085554dcf36335d7726d06106ce6c25eccfca6d171b75b2b74725cf12bb0909438f1336ead316e86ce868bea94dbb2268"}, 0x20) r1 = socket$kcm(0x29, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x12, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x3, 0x7, 0x0, 0x1, 0x2}]}, &(0x7f0000f6bffb), 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000e00)=r2, 0x1e9) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x8) r4 = socket$kcm(0xa, 0x100000000000001, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x800000000006) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x12', 0x1ff) sendmsg$kcm(r4, 0x0, 0x200008c2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x3) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000580)=""/230, 0x3f0}, {&(0x7f0000000740)=""/157, 0x9d}, {&(0x7f0000000800)=""/232, 0xe8}, {&(0x7f0000000680)=""/69, 0xffffffffffffff6c}, {&(0x7f0000000900)=""/33, 0x21}, {&(0x7f0000000940)=""/223, 0xdf}, {&(0x7f0000000ec0)=""/240, 0x19}], 0x0, &(0x7f0000000bc0)=""/25, 0x19}, 0x40) socket$kcm(0x29, 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000c40)=0x4) close(r5) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000400)=r2, 0x4) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) r7 = socket$kcm(0x10, 0x1000000000000002, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x8) recvmsg(r7, &(0x7f0000000380)={0x0, 0x237, 0x0, 0x0, 0x0, 0xfffffffffffffe2c}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r9 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r9, 0x1, 0x3e, &(0x7f00000002c0)=r8, 0x161) ioctl$TUNSETVNETBE(r8, 0x400454de, &(0x7f0000000240)=0x1) recvmsg(r7, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) 20:15:50 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6c00}, 0x0) [ 3081.293780][T24420] team0: Port device team_slave_1 added [ 3081.416611][T24447] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3081.435261][T24447] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3081.535687][T24420] device hsr_slave_0 entered promiscuous mode [ 3081.613192][T24420] device hsr_slave_1 entered promiscuous mode [ 3081.672737][T24420] debugfs: Directory 'hsr0' with parent '/' already present! [ 3081.712884][T24448] IPVS: ftp: loaded support on port[0] = 21 [ 3081.734895][T24431] chnl_net:caif_netlink_parms(): no params data found [ 3081.994433][T24431] bridge0: port 1(bridge_slave_0) entered blocking state [ 3082.002213][T24431] bridge0: port 1(bridge_slave_0) entered disabled state [ 3082.019976][T24431] device bridge_slave_0 entered promiscuous mode [ 3082.136944][T24451] IPVS: ftp: loaded support on port[0] = 21 [ 3082.143764][T24431] bridge0: port 2(bridge_slave_1) entered blocking state [ 3082.150819][T24431] bridge0: port 2(bridge_slave_1) entered disabled state [ 3082.164282][T24431] device bridge_slave_1 entered promiscuous mode [ 3082.292609][T24431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3082.372044][T24431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3082.398328][T24448] chnl_net:caif_netlink_parms(): no params data found [ 3082.508387][T24431] team0: Port device team_slave_0 added [ 3082.600811][T24431] team0: Port device team_slave_1 added [ 3082.626004][T24420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3082.755533][T24448] bridge0: port 1(bridge_slave_0) entered blocking state [ 3082.762849][T24448] bridge0: port 1(bridge_slave_0) entered disabled state [ 3082.771308][T24448] device bridge_slave_0 entered promiscuous mode [ 3082.805282][T24448] bridge0: port 2(bridge_slave_1) entered blocking state [ 3082.813199][T24448] bridge0: port 2(bridge_slave_1) entered disabled state [ 3082.822561][T24448] device bridge_slave_1 entered promiscuous mode [ 3082.926426][T24431] device hsr_slave_0 entered promiscuous mode [ 3082.992566][T24431] device hsr_slave_1 entered promiscuous mode [ 3083.031708][T24431] debugfs: Directory 'hsr0' with parent '/' already present! [ 3083.046557][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3083.055064][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3083.118826][T24420] 8021q: adding VLAN 0 to HW filter on device team0 [ 3083.149486][T24448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3083.159175][T24451] chnl_net:caif_netlink_parms(): no params data found [ 3083.187081][T24448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3083.243815][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3083.252713][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3083.261180][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 3083.268279][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3083.280187][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3083.321375][T24448] team0: Port device team_slave_0 added [ 3083.404023][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3083.418202][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3083.427365][T22393] bridge0: port 2(bridge_slave_1) entered blocking state [ 3083.434475][T22393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3083.469364][T24448] team0: Port device team_slave_1 added [ 3083.518062][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3083.556416][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3083.565995][T24451] bridge0: port 1(bridge_slave_0) entered blocking state [ 3083.573261][T24451] bridge0: port 1(bridge_slave_0) entered disabled state [ 3083.581968][T24451] device bridge_slave_0 entered promiscuous mode [ 3083.620140][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3083.629649][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3083.638625][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3083.647707][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3083.656771][T24451] bridge0: port 2(bridge_slave_1) entered blocking state [ 3083.664500][T24451] bridge0: port 2(bridge_slave_1) entered disabled state [ 3083.673368][T24451] device bridge_slave_1 entered promiscuous mode [ 3083.815419][T24448] device hsr_slave_0 entered promiscuous mode [ 3083.973003][T24448] device hsr_slave_1 entered promiscuous mode [ 3084.021705][T24448] debugfs: Directory 'hsr0' with parent '/' already present! [ 3084.029554][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3084.039426][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3084.048638][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3084.136506][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3084.145203][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3084.157667][T24451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3084.174874][T24420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3084.236045][T24451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3084.378987][T24451] team0: Port device team_slave_0 added [ 3084.389111][T24420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3084.417940][T24451] team0: Port device team_slave_1 added [ 3084.478470][T24431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3084.555423][T24451] device hsr_slave_0 entered promiscuous mode [ 3084.602656][T24451] device hsr_slave_1 entered promiscuous mode [ 3084.671740][T24451] debugfs: Directory 'hsr0' with parent '/' already present! [ 3084.759489][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3084.767849][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3084.795038][T24431] 8021q: adding VLAN 0 to HW filter on device team0 [ 3084.838975][T24448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3084.945116][T24460] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3084.957811][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3084.966372][T24460] CPU: 1 PID: 24460 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3084.973923][T24460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3084.982887][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3084.983974][T24460] Call Trace: [ 3084.993317][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3084.995218][T24460] dump_stack+0x172/0x1f0 [ 3085.002277][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3085.006521][T24460] dump_header+0x10b/0x82d [ 3085.018094][T24460] oom_kill_process.cold+0x10/0x15 [ 3085.023211][T24460] out_of_memory+0x334/0x1340 [ 3085.027896][T24460] ? retint_kernel+0x2b/0x2b [ 3085.032487][T24460] ? oom_killer_disable+0x280/0x280 [ 3085.037698][T24460] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3085.043248][T24460] ? memcg_stat_show+0xc40/0xc40 [ 3085.048193][T24460] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3085.054005][T24460] ? cgroup_file_notify+0x140/0x1b0 [ 3085.059205][T24460] memory_max_write+0x262/0x3a0 [ 3085.064613][T24460] ? mem_cgroup_write+0x370/0x370 [ 3085.069643][T24460] ? mem_cgroup_write+0x370/0x370 [ 3085.074683][T24460] cgroup_file_write+0x241/0x790 [ 3085.079620][T24460] ? mem_cgroup_write+0x370/0x370 [ 3085.084667][T24460] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3085.090304][T24460] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3085.095942][T24460] kernfs_fop_write+0x2b8/0x480 [ 3085.100797][T24460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3085.107049][T24460] __vfs_write+0x8a/0x110 [ 3085.111374][T24460] ? kernfs_fop_open+0xd80/0xd80 [ 3085.114623][T24431] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3085.116307][T24460] vfs_write+0x268/0x5d0 [ 3085.130836][T24460] ksys_write+0x14f/0x290 [ 3085.135165][T24460] ? __ia32_sys_read+0xb0/0xb0 [ 3085.139926][T24460] ? do_syscall_64+0x26/0x760 [ 3085.142021][T24431] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3085.144595][T24460] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3085.144613][T24460] ? do_syscall_64+0x26/0x760 [ 3085.166027][T24460] __x64_sys_write+0x73/0xb0 [ 3085.170617][T24460] do_syscall_64+0xfa/0x760 [ 3085.175127][T24460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3085.181012][T24460] RIP: 0033:0x459a29 [ 3085.184902][T24460] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3085.204505][T24460] RSP: 002b:00007fa61c887c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3085.212814][T24431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3085.212914][T24460] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3085.227612][T24460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 3085.227621][T24460] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3085.227628][T24460] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa61c8886d4 [ 3085.227637][T24460] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3085.260156][T24460] memory: usage 3088kB, limit 0kB, failcnt 1307 [ 3085.266919][T24460] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3085.275111][T24460] Memory cgroup stats for /syz4: [ 3085.276489][T24460] anon 2170880 [ 3085.276489][T24460] file 28672 [ 3085.276489][T24460] kernel_stack 65536 [ 3085.276489][T24460] slab 831488 [ 3085.276489][T24460] sock 0 [ 3085.276489][T24460] shmem 0 [ 3085.276489][T24460] file_mapped 0 [ 3085.276489][T24460] file_dirty 135168 [ 3085.276489][T24460] file_writeback 0 [ 3085.276489][T24460] anon_thp 2097152 [ 3085.276489][T24460] inactive_anon 0 [ 3085.276489][T24460] active_anon 2170880 [ 3085.276489][T24460] inactive_file 135168 [ 3085.276489][T24460] active_file 0 [ 3085.276489][T24460] unevictable 0 [ 3085.276489][T24460] slab_reclaimable 270336 [ 3085.276489][T24460] slab_unreclaimable 561152 [ 3085.276489][T24460] pgfault 20229 [ 3085.276489][T24460] pgmajfault 0 [ 3085.276489][T24460] workingset_refault 0 [ 3085.276489][T24460] workingset_activate 0 [ 3085.276489][T24460] workingset_nodereclaim 0 [ 3085.276489][T24460] pgrefill 67 [ 3085.276489][T24460] pgscan 110 [ 3085.276489][T24460] pgsteal 70 [ 3085.276489][T24460] pgactivate 33 [ 3085.376161][T24460] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24458,uid=0 [ 3085.396474][T24460] Memory cgroup out of memory: Killed process 24458 (syz-executor.4) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3085.419732][ T1066] oom_reaper: reaped process 24458 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3085.430084][T24448] 8021q: adding VLAN 0 to HW filter on device team0 20:15:55 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:15:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100, 0x100000001, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000}, 0x0, 0xe, 0xffffffffffffffff, 0x40) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000dc0)={r0, &(0x7f0000000a40)="4b814e8f529005bf8419525bcbafc7ac20dc6def7cf60fe0f472a4739ca00f1574ffc8e7603d6ca1db46884c813f22b04afb40da4867eb282deeb8b113e866bbb332e3bb3eb5cc4a3d106f1c57bb9447df0585e2c18c3d4d766c53a95e25edd736d558953126fd2c7e579b6748fd98264063a103034f1847bc63cce389d106b054a00e5e8403c2a82886ddf4cef99bdcfbd6a157eabd7f3ed2d736f6ca429e5f0fc844a6f0e48ed2b5a65bc1a897b0e23c0e3a4d426930311656fe0a19e1529eed72b1ec7e1ef9db3e45cbb6023627bffc", &(0x7f0000000d00)="25e47ec3ac62b8c09c49f92c56734894e160be8dd7b854f8094bdceb3834e8b6b027c2a23edcb722b7fdf0ad10531a2eeb231bf216b889686b49cfd5ad639452b4c1003d3bb873e96c69835b0014e5d34f567502f85a530cbe13fbb35d120a01e4088d85aade4ac36aced6449d1432f00d30fd11eab32fd0394748c9cc1f4129bbef1bab1069b085554dcf36335d7726d06106ce6c25eccfca6d171b75b2b74725cf12bb0909438f1336ead316e86ce868bea94dbb2268"}, 0x20) r1 = socket$kcm(0x29, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x12, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x3, 0x7, 0x0, 0x1, 0x2}]}, &(0x7f0000f6bffb), 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000e00)=r2, 0x1e9) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x8) r4 = socket$kcm(0xa, 0x100000000000001, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x800000000006) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x12', 0x1ff) sendmsg$kcm(r4, 0x0, 0x200008c2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x3) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000580)=""/230, 0x3f0}, {&(0x7f0000000740)=""/157, 0x9d}, {&(0x7f0000000800)=""/232, 0xe8}, {&(0x7f0000000680)=""/69, 0xffffffffffffff6c}, {&(0x7f0000000900)=""/33, 0x21}, {&(0x7f0000000940)=""/223, 0xdf}, {&(0x7f0000000ec0)=""/240, 0x19}], 0x0, &(0x7f0000000bc0)=""/25, 0x19}, 0x40) socket$kcm(0x29, 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000c40)=0x4) close(r5) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000400)=r2, 0x4) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) r7 = socket$kcm(0x10, 0x1000000000000002, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x8) recvmsg(r7, &(0x7f0000000380)={0x0, 0x237, 0x0, 0x0, 0x0, 0xfffffffffffffe2c}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r9 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r9, 0x1, 0x3e, &(0x7f00000002c0)=r8, 0x161) ioctl$TUNSETVNETBE(r8, 0x400454de, &(0x7f0000000240)=0x1) recvmsg(r7, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) [ 3085.452790][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3085.465219][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3085.477838][T24420] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3085.490221][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3085.498495][T24420] CPU: 0 PID: 24420 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3085.506042][T24420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3085.516090][T24420] Call Trace: [ 3085.519384][T24420] dump_stack+0x172/0x1f0 [ 3085.523718][T24420] dump_header+0x10b/0x82d [ 3085.528124][T24420] ? oom_kill_process+0x94/0x3f0 [ 3085.533061][T24420] oom_kill_process.cold+0x10/0x15 [ 3085.538170][T24420] out_of_memory+0x334/0x1340 [ 3085.542846][T24420] ? lock_downgrade+0x920/0x920 [ 3085.547704][T24420] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3085.553506][T24420] ? oom_killer_disable+0x280/0x280 [ 3085.558719][T24420] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3085.564264][T24420] ? memcg_stat_show+0xc40/0xc40 [ 3085.569198][T24420] ? do_raw_spin_unlock+0x57/0x270 [ 3085.574316][T24420] ? _raw_spin_unlock+0x2d/0x50 [ 3085.579167][T24420] try_charge+0xf4b/0x1440 [ 3085.583586][T24420] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3085.589120][T24420] ? percpu_ref_tryget_live+0x111/0x290 [ 3085.594666][T24420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3085.600905][T24420] ? __kasan_check_read+0x11/0x20 [ 3085.605931][T24420] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3085.611475][T24420] mem_cgroup_try_charge+0x136/0x590 [ 3085.616757][T24420] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3085.622388][T24420] wp_page_copy+0x407/0x1860 [ 3085.626974][T24420] ? find_held_lock+0x35/0x130 [ 3085.631737][T24420] ? do_wp_page+0x53b/0x15c0 [ 3085.636322][T24420] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3085.642124][T24420] ? lock_downgrade+0x920/0x920 [ 3085.646980][T24420] ? swp_swapcount+0x540/0x540 [ 3085.651750][T24420] ? __kasan_check_read+0x11/0x20 [ 3085.656771][T24420] ? do_raw_spin_unlock+0x57/0x270 [ 3085.661886][T24420] do_wp_page+0x543/0x15c0 [ 3085.666299][T24420] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3085.671674][T24420] __handle_mm_fault+0x23ec/0x4040 [ 3085.676785][T24420] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3085.682328][T24420] ? handle_mm_fault+0x292/0xaa0 [ 3085.687274][T24420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3085.693517][T24420] ? __kasan_check_read+0x11/0x20 [ 3085.698541][T24420] handle_mm_fault+0x3b7/0xaa0 [ 3085.703316][T24420] __do_page_fault+0x536/0xdd0 [ 3085.708086][T24420] do_page_fault+0x38/0x590 [ 3085.712592][T24420] page_fault+0x39/0x40 [ 3085.716762][T24420] RIP: 0033:0x430b06 [ 3085.720651][T24420] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3085.740242][T24420] RSP: 002b:00007ffee9ce7390 EFLAGS: 00010206 [ 3085.746300][T24420] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3085.754265][T24420] RDX: 00000000017a9930 RSI: 00000000017b1970 RDI: 0000000000000003 [ 3085.762226][T24420] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000017a8940 [ 3085.770188][T24420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3085.778149][T24420] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3085.790616][T22393] bridge0: port 2(bridge_slave_1) entered blocking state [ 3085.795747][T24420] memory: usage 768kB, limit 0kB, failcnt 1319 [ 3085.797751][T22393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3085.813364][T24420] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3085.813723][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3085.820203][T24420] Memory cgroup stats for /syz4: [ 3085.820340][T24420] anon 0 [ 3085.820340][T24420] file 28672 [ 3085.820340][T24420] kernel_stack 0 [ 3085.820340][T24420] slab 831488 [ 3085.820340][T24420] sock 0 [ 3085.820340][T24420] shmem 0 [ 3085.820340][T24420] file_mapped 0 [ 3085.820340][T24420] file_dirty 135168 [ 3085.820340][T24420] file_writeback 0 [ 3085.820340][T24420] anon_thp 0 [ 3085.820340][T24420] inactive_anon 0 [ 3085.820340][T24420] active_anon 0 [ 3085.820340][T24420] inactive_file 135168 [ 3085.820340][T24420] active_file 0 [ 3085.820340][T24420] unevictable 0 [ 3085.820340][T24420] slab_reclaimable 270336 [ 3085.820340][T24420] slab_unreclaimable 561152 [ 3085.820340][T24420] pgfault 20229 [ 3085.820340][T24420] pgmajfault 0 [ 3085.820340][T24420] workingset_refault 0 [ 3085.820340][T24420] workingset_activate 0 [ 3085.820340][T24420] workingset_nodereclaim 0 [ 3085.820340][T24420] pgrefill 67 [ 3085.820340][T24420] pgscan 110 [ 3085.820340][T24420] pgsteal 70 [ 3085.820340][T24420] pgactivate 33 [ 3085.830593][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3085.881665][T24420] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24420,uid=0 [ 3085.946424][T24420] Memory cgroup out of memory: Killed process 24420 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3085.964554][ T1066] oom_reaper: reaped process 24420 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3085.977760][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3085.987605][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3085.996863][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3086.006145][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3086.014954][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3086.028975][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3086.037992][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3086.046723][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3086.055342][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3086.063577][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3086.154269][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3086.162948][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3086.170911][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3086.182770][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3086.191260][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 3086.198360][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3086.206592][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3086.215782][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3086.224456][T13492] bridge0: port 2(bridge_slave_1) entered blocking state [ 3086.231503][T13492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3086.581407][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3086.601750][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3086.630371][T24467] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3086.706108][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3086.814653][T24467] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3086.830989][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3086.841759][T24467] CPU: 1 PID: 24467 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3086.849324][T24467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3086.859378][T24467] Call Trace: [ 3086.862675][T24467] dump_stack+0x172/0x1f0 [ 3086.867007][T24467] dump_header+0x10b/0x82d [ 3086.871420][T24467] oom_kill_process.cold+0x10/0x15 [ 3086.876546][T24467] out_of_memory+0x334/0x1340 [ 3086.881233][T24467] ? retint_kernel+0x2b/0x2b [ 3086.885831][T24467] ? oom_killer_disable+0x280/0x280 [ 3086.891034][T24467] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3086.896764][T24467] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3086.902307][T24467] ? memcg_stat_show+0xc40/0xc40 [ 3086.907269][T24467] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3086.913103][T24467] ? cgroup_file_notify+0x140/0x1b0 [ 3086.918310][T24467] memory_max_write+0x262/0x3a0 [ 3086.923170][T24467] ? mem_cgroup_write+0x370/0x370 [ 3086.928219][T24467] ? mem_cgroup_write+0x370/0x370 [ 3086.933252][T24467] cgroup_file_write+0x241/0x790 [ 3086.938187][T24467] ? mem_cgroup_write+0x370/0x370 [ 3086.943212][T24467] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3086.948857][T24467] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3086.954494][T24467] kernfs_fop_write+0x2b8/0x480 [ 3086.959346][T24467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3086.965600][T24467] __vfs_write+0x8a/0x110 [ 3086.969941][T24467] ? kernfs_fop_open+0xd80/0xd80 [ 3086.974883][T24467] vfs_write+0x268/0x5d0 [ 3086.979125][T24467] ksys_write+0x14f/0x290 [ 3086.983453][T24467] ? __ia32_sys_read+0xb0/0xb0 [ 3086.988234][T24467] __x64_sys_write+0x73/0xb0 [ 3086.992832][T24467] do_syscall_64+0xfa/0x760 [ 3086.997350][T24467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3087.003244][T24467] RIP: 0033:0x459a29 [ 3087.007148][T24467] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3087.026752][T24467] RSP: 002b:00007fc2600d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3087.035169][T24467] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3087.043144][T24467] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3087.051114][T24467] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3087.059090][T24467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc2600d76d4 [ 3087.067065][T24467] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3087.140768][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3087.153678][T24467] memory: usage 3224kB, limit 0kB, failcnt 1342 [ 3087.174094][T24467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3087.181325][T24467] Memory cgroup stats for /syz0: [ 3087.183924][T24467] anon 2211840 [ 3087.183924][T24467] file 20480 [ 3087.183924][T24467] kernel_stack 65536 [ 3087.183924][T24467] slab 962560 [ 3087.183924][T24467] sock 0 [ 3087.183924][T24467] shmem 0 [ 3087.183924][T24467] file_mapped 0 [ 3087.183924][T24467] file_dirty 0 [ 3087.183924][T24467] file_writeback 0 [ 3087.183924][T24467] anon_thp 2097152 [ 3087.183924][T24467] inactive_anon 0 [ 3087.183924][T24467] active_anon 2211840 [ 3087.183924][T24467] inactive_file 0 [ 3087.183924][T24467] active_file 0 [ 3087.183924][T24467] unevictable 0 [ 3087.183924][T24467] slab_reclaimable 270336 [ 3087.183924][T24467] slab_unreclaimable 692224 [ 3087.183924][T24467] pgfault 19338 [ 3087.183924][T24467] pgmajfault 0 [ 3087.183924][T24467] workingset_refault 0 [ 3087.183924][T24467] workingset_activate 0 [ 3087.183924][T24467] workingset_nodereclaim 0 [ 3087.183924][T24467] pgrefill 66 [ 3087.183924][T24467] pgscan 66 [ 3087.183924][T24467] pgsteal 0 [ 3087.183924][T24467] pgactivate 33 [ 3087.286829][T24467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24465,uid=0 [ 3087.324011][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3087.332683][T24467] Memory cgroup out of memory: Killed process 24465 (syz-executor.0) total-vm:72576kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3087.342840][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3087.355498][ T1066] oom_reaper: reaped process 24465 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 3087.371455][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3087.417149][T24469] IPVS: ftp: loaded support on port[0] = 21 20:15:57 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:15:57 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 20:15:57 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3087.484499][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3087.503071][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3087.583547][T24431] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3087.593834][T24471] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3087.602017][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3087.602807][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3087.618143][T24431] CPU: 1 PID: 24431 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3087.625685][T24431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3087.635855][T24431] Call Trace: [ 3087.639151][T24431] dump_stack+0x172/0x1f0 [ 3087.643504][T24431] dump_header+0x10b/0x82d [ 3087.647925][T24431] ? oom_kill_process+0x94/0x3f0 [ 3087.651754][T24471] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3087.652964][T24431] oom_kill_process.cold+0x10/0x15 [ 3087.652995][T24431] out_of_memory+0x334/0x1340 [ 3087.653051][T24431] ? lock_downgrade+0x920/0x920 [ 3087.677113][T24431] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3087.682932][T24431] ? oom_killer_disable+0x280/0x280 [ 3087.688146][T24431] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3087.693694][T24431] ? memcg_stat_show+0xc40/0xc40 [ 3087.698632][T24431] ? do_raw_spin_unlock+0x57/0x270 [ 3087.703746][T24431] ? _raw_spin_unlock+0x2d/0x50 [ 3087.708601][T24431] try_charge+0xf4b/0x1440 [ 3087.713032][T24431] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3087.718577][T24431] ? percpu_ref_tryget_live+0x111/0x290 [ 3087.724128][T24431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3087.730368][T24431] ? __kasan_check_read+0x11/0x20 [ 3087.735395][T24431] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3087.740972][T24431] mem_cgroup_try_charge+0x136/0x590 [ 3087.746287][T24431] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3087.751918][T24431] wp_page_copy+0x407/0x1860 [ 3087.756509][T24431] ? find_held_lock+0x35/0x130 [ 3087.761274][T24431] ? do_wp_page+0x53b/0x15c0 [ 3087.765865][T24431] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3087.771680][T24431] ? lock_downgrade+0x920/0x920 [ 3087.776547][T24431] ? swp_swapcount+0x540/0x540 [ 3087.781309][T24431] ? __kasan_check_read+0x11/0x20 [ 3087.786332][T24431] ? do_raw_spin_unlock+0x57/0x270 [ 3087.791444][T24431] do_wp_page+0x543/0x15c0 [ 3087.795862][T24431] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3087.801241][T24431] __handle_mm_fault+0x23ec/0x4040 [ 3087.806353][T24431] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3087.811897][T24431] ? handle_mm_fault+0x292/0xaa0 [ 3087.816859][T24431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3087.823102][T24431] ? __kasan_check_read+0x11/0x20 [ 3087.828128][T24431] handle_mm_fault+0x3b7/0xaa0 [ 3087.832898][T24431] __do_page_fault+0x536/0xdd0 [ 3087.837672][T24431] do_page_fault+0x38/0x590 [ 3087.842186][T24431] page_fault+0x39/0x40 [ 3087.846339][T24431] RIP: 0033:0x430b06 [ 3087.850231][T24431] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3087.869837][T24431] RSP: 002b:00007ffee95556b0 EFLAGS: 00010206 [ 3087.875918][T24431] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3087.883899][T24431] RDX: 000000000152e930 RSI: 0000000001536970 RDI: 0000000000000003 [ 3087.891877][T24431] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000152d940 [ 3087.899845][T24431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3087.907811][T24431] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3087.946317][T24431] memory: usage 900kB, limit 0kB, failcnt 1350 [ 3087.952747][T24431] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3087.959653][T24431] Memory cgroup stats for /syz0: [ 3087.959776][T24431] anon 0 [ 3087.959776][T24431] file 20480 [ 3087.959776][T24431] kernel_stack 0 [ 3087.959776][T24431] slab 962560 [ 3087.959776][T24431] sock 0 [ 3087.959776][T24431] shmem 0 [ 3087.959776][T24431] file_mapped 0 [ 3087.959776][T24431] file_dirty 0 [ 3087.959776][T24431] file_writeback 0 [ 3087.959776][T24431] anon_thp 0 [ 3087.959776][T24431] inactive_anon 0 [ 3087.959776][T24431] active_anon 0 [ 3087.959776][T24431] inactive_file 0 [ 3087.959776][T24431] active_file 0 [ 3087.959776][T24431] unevictable 0 [ 3087.959776][T24431] slab_reclaimable 270336 [ 3087.959776][T24431] slab_unreclaimable 692224 [ 3087.959776][T24431] pgfault 19338 [ 3087.959776][T24431] pgmajfault 0 [ 3087.959776][T24431] workingset_refault 0 [ 3087.959776][T24431] workingset_activate 0 [ 3087.959776][T24431] workingset_nodereclaim 0 [ 3087.959776][T24431] pgrefill 66 [ 3087.959776][T24431] pgscan 66 [ 3087.959776][T24431] pgsteal 0 [ 3087.959776][T24431] pgactivate 33 [ 3087.959776][T24431] pgdeactivate 66 [ 3088.068827][T24448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3088.080215][T24431] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24431,uid=0 [ 3088.095826][T24431] Memory cgroup out of memory: Killed process 24431 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3088.116792][ T1066] oom_reaper: reaped process 24431 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3088.194090][T24451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3088.576074][T24448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3088.630215][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3088.662761][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3088.753376][T24451] 8021q: adding VLAN 0 to HW filter on device team0 [ 3088.794026][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3088.812701][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3088.821234][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3088.828345][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3088.892866][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3088.901583][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3088.913781][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3088.923350][T13492] bridge0: port 2(bridge_slave_1) entered blocking state [ 3088.930418][T13492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3089.033023][T24482] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3089.099231][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3089.140712][T24482] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3089.147673][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3089.171694][T24482] CPU: 0 PID: 24482 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3089.179274][T24482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3089.189332][T24482] Call Trace: [ 3089.192627][T24482] dump_stack+0x172/0x1f0 [ 3089.196959][T24482] dump_header+0x10b/0x82d [ 3089.196981][T24482] oom_kill_process.cold+0x10/0x15 [ 3089.206468][T24482] out_of_memory+0x334/0x1340 [ 3089.206488][T24482] ? __sched_text_start+0x8/0x8 [ 3089.206506][T24482] ? oom_killer_disable+0x280/0x280 [ 3089.206538][T24482] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3089.216225][T24483] IPVS: ftp: loaded support on port[0] = 21 [ 3089.221192][T24482] ? memcg_stat_show+0xc40/0xc40 [ 3089.232588][T24482] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3089.232610][T24482] ? cgroup_file_notify+0x140/0x1b0 [ 3089.243308][T24482] memory_max_write+0x262/0x3a0 [ 3089.243328][T24482] ? mem_cgroup_write+0x370/0x370 [ 3089.243345][T24482] ? lock_acquire+0x190/0x410 [ 3089.243366][T24482] ? kernfs_fop_write+0x227/0x480 [ 3089.253372][T24482] cgroup_file_write+0x241/0x790 [ 3089.253391][T24482] ? mem_cgroup_write+0x370/0x370 [ 3089.253406][T24482] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3089.253429][T24482] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3089.263088][T24482] kernfs_fop_write+0x2b8/0x480 [ 3089.263108][T24482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3089.263128][T24482] __vfs_write+0x8a/0x110 [ 3089.263145][T24482] ? kernfs_fop_open+0xd80/0xd80 [ 3089.273059][T24482] vfs_write+0x268/0x5d0 [ 3089.273078][T24482] ksys_write+0x14f/0x290 [ 3089.273095][T24482] ? __ia32_sys_read+0xb0/0xb0 [ 3089.273118][T24482] ? do_syscall_64+0x26/0x760 [ 3089.283731][T24482] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3089.283748][T24482] ? do_syscall_64+0x26/0x760 [ 3089.283768][T24482] __x64_sys_write+0x73/0xb0 [ 3089.283788][T24482] do_syscall_64+0xfa/0x760 [ 3089.294230][T24482] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3089.294243][T24482] RIP: 0033:0x459a29 [ 3089.294259][T24482] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3089.294271][T24482] RSP: 002b:00007f5fd4fbbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3089.304790][T24482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3089.304799][T24482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3089.304808][T24482] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3089.304817][T24482] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5fd4fbc6d4 [ 3089.304825][T24482] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3089.441590][T24482] memory: usage 3260kB, limit 0kB, failcnt 1392 [ 3089.447955][T24482] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3089.455226][T24482] Memory cgroup stats for /syz2: [ 3089.455350][T24482] anon 2191360 [ 3089.455350][T24482] file 20480 [ 3089.455350][T24482] kernel_stack 65536 [ 3089.455350][T24482] slab 946176 [ 3089.455350][T24482] sock 0 [ 3089.455350][T24482] shmem 0 [ 3089.455350][T24482] file_mapped 0 [ 3089.455350][T24482] file_dirty 135168 [ 3089.455350][T24482] file_writeback 0 [ 3089.455350][T24482] anon_thp 2097152 [ 3089.455350][T24482] inactive_anon 0 [ 3089.455350][T24482] active_anon 2191360 [ 3089.455350][T24482] inactive_file 0 [ 3089.455350][T24482] active_file 0 [ 3089.455350][T24482] unevictable 0 [ 3089.455350][T24482] slab_reclaimable 270336 [ 3089.455350][T24482] slab_unreclaimable 675840 [ 3089.455350][T24482] pgfault 19074 [ 3089.455350][T24482] pgmajfault 0 [ 3089.455350][T24482] workingset_refault 0 [ 3089.455350][T24482] workingset_activate 0 [ 3089.455350][T24482] workingset_nodereclaim 0 [ 3089.455350][T24482] pgrefill 99 [ 3089.455350][T24482] pgscan 99 [ 3089.455350][T24482] pgsteal 0 [ 3089.455350][T24482] pgactivate 66 [ 3089.557360][T24482] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24478,uid=0 [ 3089.597196][T24482] Memory cgroup out of memory: Killed process 24478 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3089.628548][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3089.639707][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3089.650129][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3089.660474][ T1066] oom_reaper: reaped process 24478 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 3089.663300][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3089.698449][T24469] chnl_net:caif_netlink_parms(): no params data found [ 3089.721985][T24448] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3089.732272][T24448] CPU: 0 PID: 24448 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3089.739804][T24448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3089.749851][T24448] Call Trace: [ 3089.753152][T24448] dump_stack+0x172/0x1f0 [ 3089.757482][T24448] dump_header+0x10b/0x82d [ 3089.761898][T24448] ? oom_kill_process+0x94/0x3f0 [ 3089.766849][T24448] oom_kill_process.cold+0x10/0x15 [ 3089.771971][T24448] out_of_memory+0x334/0x1340 [ 3089.776640][T24448] ? lock_downgrade+0x920/0x920 [ 3089.781487][T24448] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3089.787288][T24448] ? oom_killer_disable+0x280/0x280 [ 3089.792490][T24448] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3089.798023][T24448] ? memcg_stat_show+0xc40/0xc40 [ 3089.802979][T24448] ? do_raw_spin_unlock+0x57/0x270 [ 3089.808071][T24448] ? _raw_spin_unlock+0x2d/0x50 [ 3089.812901][T24448] try_charge+0xf4b/0x1440 [ 3089.817300][T24448] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3089.822819][T24448] ? percpu_ref_tryget_live+0x111/0x290 [ 3089.828351][T24448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3089.834571][T24448] ? __kasan_check_read+0x11/0x20 [ 3089.839574][T24448] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3089.845098][T24448] mem_cgroup_try_charge+0x136/0x590 [ 3089.850366][T24448] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3089.855976][T24448] wp_page_copy+0x407/0x1860 [ 3089.860577][T24448] ? find_held_lock+0x35/0x130 [ 3089.865316][T24448] ? do_wp_page+0x53b/0x15c0 [ 3089.869881][T24448] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3089.875663][T24448] ? lock_downgrade+0x920/0x920 [ 3089.880492][T24448] ? swp_swapcount+0x540/0x540 [ 3089.885229][T24448] ? __kasan_check_read+0x11/0x20 [ 3089.890228][T24448] ? do_raw_spin_unlock+0x57/0x270 [ 3089.895344][T24448] do_wp_page+0x543/0x15c0 [ 3089.899770][T24448] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3089.905122][T24448] __handle_mm_fault+0x23ec/0x4040 [ 3089.910212][T24448] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3089.915731][T24448] ? handle_mm_fault+0x292/0xaa0 [ 3089.920651][T24448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3089.926898][T24448] ? __kasan_check_read+0x11/0x20 [ 3089.931898][T24448] handle_mm_fault+0x3b7/0xaa0 [ 3089.936642][T24448] __do_page_fault+0x536/0xdd0 [ 3089.941388][T24448] do_page_fault+0x38/0x590 [ 3089.945908][T24448] page_fault+0x39/0x40 [ 3089.950072][T24448] RIP: 0033:0x430b06 [ 3089.953947][T24448] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3089.973525][T24448] RSP: 002b:00007ffef51531b0 EFLAGS: 00010206 [ 3089.979565][T24448] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3089.987510][T24448] RDX: 000000000102d930 RSI: 0000000001035970 RDI: 0000000000000003 [ 3089.995461][T24448] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000102c940 [ 3090.003407][T24448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3090.011368][T24448] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3090.023251][T24448] memory: usage 888kB, limit 0kB, failcnt 1400 [ 3090.029461][T24448] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3090.036383][T24448] Memory cgroup stats for /syz2: [ 3090.036470][T24448] anon 147456 [ 3090.036470][T24448] file 20480 [ 3090.036470][T24448] kernel_stack 0 [ 3090.036470][T24448] slab 946176 [ 3090.036470][T24448] sock 0 [ 3090.036470][T24448] shmem 0 [ 3090.036470][T24448] file_mapped 0 [ 3090.036470][T24448] file_dirty 135168 [ 3090.036470][T24448] file_writeback 0 [ 3090.036470][T24448] anon_thp 0 [ 3090.036470][T24448] inactive_anon 0 [ 3090.036470][T24448] active_anon 147456 [ 3090.036470][T24448] inactive_file 0 [ 3090.036470][T24448] active_file 0 [ 3090.036470][T24448] unevictable 0 [ 3090.036470][T24448] slab_reclaimable 270336 [ 3090.036470][T24448] slab_unreclaimable 675840 [ 3090.036470][T24448] pgfault 19074 [ 3090.036470][T24448] pgmajfault 0 [ 3090.036470][T24448] workingset_refault 0 [ 3090.036470][T24448] workingset_activate 0 [ 3090.036470][T24448] workingset_nodereclaim 0 [ 3090.036470][T24448] pgrefill 99 [ 3090.036470][T24448] pgscan 99 [ 3090.036470][T24448] pgsteal 0 [ 3090.036470][T24448] pgactivate 66 [ 3090.130190][T24448] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24448,uid=0 [ 3090.145767][T24448] Memory cgroup out of memory: Killed process 24448 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3090.165035][ T1066] oom_reaper: reaped process 24448 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3090.192741][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3090.203080][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3090.213368][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3090.335529][T24451] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3090.354297][T24451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3090.363288][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3090.373049][T20707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3090.841366][T24469] bridge0: port 1(bridge_slave_0) entered blocking state [ 3090.862587][T24469] bridge0: port 1(bridge_slave_0) entered disabled state [ 3090.881988][T24469] device bridge_slave_0 entered promiscuous mode [ 3090.903275][T24469] bridge0: port 2(bridge_slave_1) entered blocking state [ 3090.910373][T24469] bridge0: port 2(bridge_slave_1) entered disabled state [ 3090.923400][T24469] device bridge_slave_1 entered promiscuous mode [ 3090.956388][T24451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3091.079568][T24469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3091.133021][T24469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3091.357070][T24490] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3091.367909][T24490] CPU: 0 PID: 24490 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3091.375446][T24490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3091.385495][T24490] Call Trace: [ 3091.388793][T24490] dump_stack+0x172/0x1f0 [ 3091.393130][T24490] dump_header+0x10b/0x82d [ 3091.397547][T24490] oom_kill_process.cold+0x10/0x15 [ 3091.402656][T24490] out_of_memory+0x334/0x1340 [ 3091.407329][T24490] ? __sched_text_start+0x8/0x8 [ 3091.412176][T24490] ? oom_killer_disable+0x280/0x280 [ 3091.417382][T24490] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3091.422923][T24490] ? memcg_stat_show+0xc40/0xc40 [ 3091.427855][T24490] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3091.433640][T24490] ? cgroup_file_notify+0x140/0x1b0 [ 3091.438816][T24490] memory_max_write+0x262/0x3a0 [ 3091.443646][T24490] ? mem_cgroup_write+0x370/0x370 [ 3091.448645][T24490] ? cgroup_file_write+0x188/0x790 [ 3091.453734][T24490] cgroup_file_write+0x241/0x790 [ 3091.458646][T24490] ? mem_cgroup_write+0x370/0x370 [ 3091.463647][T24490] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3091.469260][T24490] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3091.474872][T24490] kernfs_fop_write+0x2b8/0x480 [ 3091.479701][T24490] __vfs_write+0x8a/0x110 [ 3091.484005][T24490] ? kernfs_fop_open+0xd80/0xd80 [ 3091.488931][T24490] vfs_write+0x268/0x5d0 [ 3091.493156][T24490] ksys_write+0x14f/0x290 [ 3091.497463][T24490] ? __ia32_sys_read+0xb0/0xb0 [ 3091.502206][T24490] __x64_sys_write+0x73/0xb0 [ 3091.506776][T24490] do_syscall_64+0xfa/0x760 [ 3091.511323][T24490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3091.517199][T24490] RIP: 0033:0x459a29 [ 3091.521079][T24490] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3091.540665][T24490] RSP: 002b:00007f8a7b51ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3091.549058][T24490] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3091.557006][T24490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3091.564969][T24490] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3091.572933][T24490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a7b51f6d4 [ 3091.580888][T24490] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3091.611897][T24490] memory: usage 3304kB, limit 0kB, failcnt 1394 [ 3091.618369][T24490] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3091.640270][T24469] team0: Port device team_slave_0 added [ 3091.641735][T24490] Memory cgroup stats for /syz5: [ 3091.642349][T24490] anon 2158592 [ 3091.642349][T24490] file 0 [ 3091.642349][T24490] kernel_stack 131072 [ 3091.642349][T24490] slab 811008 [ 3091.642349][T24490] sock 4096 [ 3091.642349][T24490] shmem 77824 [ 3091.642349][T24490] file_mapped 0 [ 3091.642349][T24490] file_dirty 0 [ 3091.642349][T24490] file_writeback 0 [ 3091.642349][T24490] anon_thp 2097152 [ 3091.642349][T24490] inactive_anon 135168 [ 3091.642349][T24490] active_anon 2158592 [ 3091.642349][T24490] inactive_file 0 [ 3091.642349][T24490] active_file 0 [ 3091.642349][T24490] unevictable 0 [ 3091.642349][T24490] slab_reclaimable 135168 [ 3091.642349][T24490] slab_unreclaimable 675840 [ 3091.642349][T24490] pgfault 22044 [ 3091.642349][T24490] pgmajfault 0 [ 3091.642349][T24490] workingset_refault 0 [ 3091.642349][T24490] workingset_activate 0 [ 3091.642349][T24490] workingset_nodereclaim 0 [ 3091.642349][T24490] pgrefill 165 [ 3091.642349][T24490] pgscan 253 [ 3091.642349][T24490] pgsteal 69 [ 3091.642349][T24490] pgactivate 66 [ 3091.657935][T24469] team0: Port device team_slave_1 added [ 3091.750213][T24490] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24489,uid=0 [ 3091.768474][T24490] Memory cgroup out of memory: Killed process 24489 (syz-executor.5) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3091.797672][ T1066] oom_reaper: reaped process 24489 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3091.843501][T24483] chnl_net:caif_netlink_parms(): no params data found [ 3091.938755][T24451] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3091.949735][T24451] CPU: 0 PID: 24451 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3091.957278][T24451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3091.967328][T24451] Call Trace: [ 3091.970622][T24451] dump_stack+0x172/0x1f0 [ 3091.974962][T24451] dump_header+0x10b/0x82d [ 3091.979375][T24451] ? oom_kill_process+0x94/0x3f0 [ 3091.984310][T24451] oom_kill_process.cold+0x10/0x15 [ 3091.984327][T24451] out_of_memory+0x334/0x1340 [ 3091.984344][T24451] ? lock_downgrade+0x920/0x920 [ 3091.984362][T24451] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3091.984379][T24451] ? oom_killer_disable+0x280/0x280 [ 3092.004747][T24451] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3092.004761][T24451] ? memcg_stat_show+0xc40/0xc40 [ 3092.004781][T24451] ? do_raw_spin_unlock+0x57/0x270 [ 3092.004801][T24451] ? _raw_spin_unlock+0x2d/0x50 [ 3092.025508][T24451] try_charge+0xf4b/0x1440 [ 3092.025531][T24451] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3092.034741][T24451] ? percpu_ref_tryget_live+0x111/0x290 [ 3092.034760][T24451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3092.034778][T24451] ? __kasan_check_read+0x11/0x20 [ 3092.034797][T24451] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3092.045838][T24451] mem_cgroup_try_charge+0x136/0x590 [ 3092.045859][T24451] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3092.062609][T24451] __handle_mm_fault+0x1f0d/0x4040 [ 3092.062629][T24451] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3092.073509][T24451] ? handle_mm_fault+0x292/0xaa0 [ 3092.073539][T24451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3092.084133][T24451] ? __kasan_check_read+0x11/0x20 [ 3092.084153][T24451] handle_mm_fault+0x3b7/0xaa0 [ 3092.084176][T24451] __do_page_fault+0x536/0xdd0 [ 3092.105045][T24451] do_page_fault+0x38/0x590 [ 3092.105068][T24451] page_fault+0x39/0x40 [ 3092.114272][T24451] RIP: 0033:0x4034f2 20:16:01 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:16:01 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7a00}, 0x0) 20:16:01 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:16:01 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3092.114287][T24451] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3092.114295][T24451] RSP: 002b:00007ffd025bae80 EFLAGS: 00010246 [ 3092.114307][T24451] RAX: 0000000000000000 RBX: 00000000002f2b79 RCX: 0000000000413630 [ 3092.114314][T24451] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd025bbfb0 [ 3092.114325][T24451] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000014cf940 [ 3092.141906][T24451] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd025bbfb0 [ 3092.141914][T24451] R13: 00007ffd025bbfa0 R14: 0000000000000000 R15: 00007ffd025bbfb0 [ 3092.169298][T24494] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3092.203129][T24494] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3092.212912][T24451] memory: usage 940kB, limit 0kB, failcnt 1402 [ 3092.219185][T24451] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3092.227581][T24451] Memory cgroup stats for /syz5: [ 3092.227676][T24451] anon 61440 [ 3092.227676][T24451] file 0 [ 3092.227676][T24451] kernel_stack 65536 [ 3092.227676][T24451] slab 811008 [ 3092.227676][T24451] sock 4096 [ 3092.227676][T24451] shmem 77824 [ 3092.227676][T24451] file_mapped 0 [ 3092.227676][T24451] file_dirty 0 [ 3092.227676][T24451] file_writeback 0 [ 3092.227676][T24451] anon_thp 0 [ 3092.227676][T24451] inactive_anon 135168 [ 3092.227676][T24451] active_anon 61440 [ 3092.227676][T24451] inactive_file 0 [ 3092.227676][T24451] active_file 0 [ 3092.227676][T24451] unevictable 0 [ 3092.227676][T24451] slab_reclaimable 135168 [ 3092.227676][T24451] slab_unreclaimable 675840 [ 3092.227676][T24451] pgfault 22044 [ 3092.227676][T24451] pgmajfault 0 [ 3092.227676][T24451] workingset_refault 0 [ 3092.227676][T24451] workingset_activate 0 [ 3092.227676][T24451] workingset_nodereclaim 0 [ 3092.227676][T24451] pgrefill 165 [ 3092.227676][T24451] pgscan 253 [ 3092.227676][T24451] pgsteal 69 [ 3092.227676][T24451] pgactivate 66 [ 3092.425012][T24451] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24451,uid=0 [ 3092.454415][T24451] Memory cgroup out of memory: Killed process 24451 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3092.473758][ T1066] oom_reaper: reaped process 24451 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 20:16:02 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf000}, 0x0) [ 3092.594654][T24469] device hsr_slave_0 entered promiscuous mode [ 3092.652613][T24469] device hsr_slave_1 entered promiscuous mode [ 3092.680268][T24497] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3092.691840][T24469] debugfs: Directory 'hsr0' with parent '/' already present! [ 3092.700215][T24497] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:16:02 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:16:02 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x30000}, 0x0) 20:16:02 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3093.246676][T24483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3093.271837][T24483] bridge0: port 1(bridge_slave_0) entered disabled state [ 3093.281404][T24500] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3093.303446][T24500] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3093.306318][T24483] device bridge_slave_0 entered promiscuous mode [ 3093.380199][T24483] bridge0: port 2(bridge_slave_1) entered blocking state [ 3093.411872][T24483] bridge0: port 2(bridge_slave_1) entered disabled state [ 3093.437159][T24483] device bridge_slave_1 entered promiscuous mode [ 3093.564462][T24483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3093.653879][T24483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3093.735698][ T154] device bridge_slave_1 left promiscuous mode [ 3093.746701][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3093.793446][ T154] device bridge_slave_0 left promiscuous mode [ 3093.799674][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3093.856353][ T154] device bridge_slave_1 left promiscuous mode [ 3093.865521][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3093.943057][ T154] device bridge_slave_0 left promiscuous mode [ 3093.949297][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3094.004351][ T154] device bridge_slave_1 left promiscuous mode [ 3094.010585][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3094.102447][ T154] device bridge_slave_0 left promiscuous mode [ 3094.108700][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3094.204466][ T154] device bridge_slave_1 left promiscuous mode [ 3094.210694][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3094.253122][ T154] device bridge_slave_0 left promiscuous mode [ 3094.259308][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3094.384414][ T154] device bridge_slave_1 left promiscuous mode [ 3094.390638][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3094.513373][ T154] device bridge_slave_0 left promiscuous mode [ 3094.519750][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3106.612446][ T154] device hsr_slave_0 left promiscuous mode [ 3106.662249][ T154] device hsr_slave_1 left promiscuous mode [ 3106.735514][ T154] team0 (unregistering): Port device team_slave_1 removed [ 3106.750868][ T154] team0 (unregistering): Port device team_slave_0 removed [ 3106.768074][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3106.854292][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3106.977887][ T154] bond0 (unregistering): Released all slaves [ 3107.222981][ T154] device hsr_slave_0 left promiscuous mode [ 3107.271845][ T154] device hsr_slave_1 left promiscuous mode [ 3107.412426][ T154] team0 (unregistering): Port device team_slave_1 removed [ 3107.428284][ T154] team0 (unregistering): Port device team_slave_0 removed [ 3107.445526][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3107.546019][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3107.684386][ T154] bond0 (unregistering): Released all slaves [ 3107.952273][ T154] device hsr_slave_0 left promiscuous mode [ 3107.991831][ T154] device hsr_slave_1 left promiscuous mode [ 3108.057657][ T154] team0 (unregistering): Port device team_slave_1 removed [ 3108.074644][ T154] team0 (unregistering): Port device team_slave_0 removed [ 3108.117653][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3108.161213][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3108.301397][ T154] bond0 (unregistering): Released all slaves [ 3108.562663][ T154] device hsr_slave_0 left promiscuous mode [ 3108.721953][ T154] device hsr_slave_1 left promiscuous mode [ 3108.785394][ T154] team0 (unregistering): Port device team_slave_1 removed [ 3108.804261][ T154] team0 (unregistering): Port device team_slave_0 removed [ 3108.826879][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3108.894440][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3109.019155][ T154] bond0 (unregistering): Released all slaves [ 3109.212712][ T154] device hsr_slave_0 left promiscuous mode [ 3109.322726][ T154] device hsr_slave_1 left promiscuous mode [ 3109.387483][ T154] team0 (unregistering): Port device team_slave_1 removed [ 3109.404898][ T154] team0 (unregistering): Port device team_slave_0 removed [ 3109.419813][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3109.495136][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3109.614500][ T154] bond0 (unregistering): Released all slaves [ 3109.888841][T24503] IPVS: ftp: loaded support on port[0] = 21 [ 3109.901696][T24505] IPVS: ftp: loaded support on port[0] = 21 [ 3109.914272][T24483] team0: Port device team_slave_0 added [ 3109.933857][T24507] IPVS: ftp: loaded support on port[0] = 21 [ 3109.944601][T24483] team0: Port device team_slave_1 added [ 3110.105278][T24483] device hsr_slave_0 entered promiscuous mode [ 3110.222980][T24483] device hsr_slave_1 entered promiscuous mode [ 3110.317709][T24469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3110.397843][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3110.406331][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3110.454594][T24469] 8021q: adding VLAN 0 to HW filter on device team0 [ 3110.572836][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3110.581529][T13492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3110.597812][T13492] bridge0: port 1(bridge_slave_0) entered blocking state [ 3110.604923][T13492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3110.634440][T24507] chnl_net:caif_netlink_parms(): no params data found [ 3110.651570][T24503] chnl_net:caif_netlink_parms(): no params data found [ 3110.673941][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3110.683271][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3110.692395][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3110.700819][T16202] bridge0: port 2(bridge_slave_1) entered blocking state [ 3110.707916][T16202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3110.751842][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3110.804475][T24505] chnl_net:caif_netlink_parms(): no params data found [ 3110.816308][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3110.885849][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3110.895470][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3110.904504][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3110.913940][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3110.952710][T24503] bridge0: port 1(bridge_slave_0) entered blocking state [ 3110.959785][T24503] bridge0: port 1(bridge_slave_0) entered disabled state [ 3110.969031][T24503] device bridge_slave_0 entered promiscuous mode [ 3110.978786][T24503] bridge0: port 2(bridge_slave_1) entered blocking state [ 3110.987309][T24503] bridge0: port 2(bridge_slave_1) entered disabled state [ 3110.996253][T24503] device bridge_slave_1 entered promiscuous mode [ 3111.008158][T24507] bridge0: port 1(bridge_slave_0) entered blocking state [ 3111.016740][T24507] bridge0: port 1(bridge_slave_0) entered disabled state [ 3111.025551][T24507] device bridge_slave_0 entered promiscuous mode [ 3111.034472][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3111.043930][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3111.054777][T16202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3111.169665][T24505] bridge0: port 1(bridge_slave_0) entered blocking state [ 3111.178080][T24505] bridge0: port 1(bridge_slave_0) entered disabled state [ 3111.186908][T24505] device bridge_slave_0 entered promiscuous mode [ 3111.198260][T24505] bridge0: port 2(bridge_slave_1) entered blocking state [ 3111.205919][T24505] bridge0: port 2(bridge_slave_1) entered disabled state [ 3111.214825][T24505] device bridge_slave_1 entered promiscuous mode [ 3111.231092][T24507] bridge0: port 2(bridge_slave_1) entered blocking state [ 3111.239200][T24507] bridge0: port 2(bridge_slave_1) entered disabled state [ 3111.247937][T24507] device bridge_slave_1 entered promiscuous mode [ 3111.366889][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3111.376678][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3111.518826][T24469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3111.536431][T24503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3111.605982][T24503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3111.622929][T24507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3111.636342][T24505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3111.667913][T24507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3111.686690][T24483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3111.703567][T24505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3111.762981][T24503] team0: Port device team_slave_0 added [ 3111.776606][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3111.793207][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3111.816426][T24469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3111.834131][T24507] team0: Port device team_slave_0 added [ 3111.853811][T24503] team0: Port device team_slave_1 added [ 3111.863734][T24483] 8021q: adding VLAN 0 to HW filter on device team0 [ 3111.874130][T24505] team0: Port device team_slave_0 added [ 3111.884140][T24505] team0: Port device team_slave_1 added [ 3111.917434][T24507] team0: Port device team_slave_1 added [ 3111.949051][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3111.960195][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3111.969570][T14269] bridge0: port 1(bridge_slave_0) entered blocking state [ 3111.976677][T14269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3112.065311][T24503] device hsr_slave_0 entered promiscuous mode [ 3112.102664][T24503] device hsr_slave_1 entered promiscuous mode [ 3112.142803][T24503] debugfs: Directory 'hsr0' with parent '/' already present! [ 3112.202762][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3112.211012][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3112.242638][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3112.261582][T22393] bridge0: port 2(bridge_slave_1) entered blocking state [ 3112.268670][T22393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3112.278427][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3112.325144][T24505] device hsr_slave_0 entered promiscuous mode [ 3112.382769][T24505] device hsr_slave_1 entered promiscuous mode [ 3112.441795][T24505] debugfs: Directory 'hsr0' with parent '/' already present! [ 3112.495956][T24507] device hsr_slave_0 entered promiscuous mode [ 3112.562722][T24507] device hsr_slave_1 entered promiscuous mode [ 3112.601818][T24507] debugfs: Directory 'hsr0' with parent '/' already present! [ 3112.694903][T14269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3112.750003][T24518] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3112.760668][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3112.792904][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3112.812660][T22393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3112.840358][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3112.855321][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3112.894756][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3112.904318][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3112.940761][T24483] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3112.979399][T24483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3113.013711][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3113.027004][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3113.198474][T24483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3113.294110][T24505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3113.315462][T24503] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3113.355615][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3113.367787][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3113.389407][T24505] 8021q: adding VLAN 0 to HW filter on device team0 [ 3113.420364][T24507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3113.429088][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3113.438075][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3113.456815][T24503] 8021q: adding VLAN 0 to HW filter on device team0 [ 3113.484998][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3113.495555][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3113.504525][T12724] bridge0: port 1(bridge_slave_0) entered blocking state [ 3113.511590][T12724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3113.520393][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 20:16:23 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x0, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:16:23 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x34000}, 0x0) [ 3113.542561][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3113.551025][T12724] bridge0: port 2(bridge_slave_1) entered blocking state [ 3113.558125][T12724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3113.600876][T24529] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3113.646664][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3113.654685][T24529] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:16:23 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x400300}, 0x0) [ 3113.724758][T24507] 8021q: adding VLAN 0 to HW filter on device team0 [ 3113.745408][T24527] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3113.766137][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3113.808458][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3113.830441][T24535] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3113.830628][T24527] CPU: 1 PID: 24527 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3113.846061][T24527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3113.856108][T24527] Call Trace: [ 3113.859403][T24527] dump_stack+0x172/0x1f0 [ 3113.861840][T24535] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3113.863735][T24527] dump_header+0x10b/0x82d [ 3113.863752][T24527] oom_kill_process.cold+0x10/0x15 [ 3113.863770][T24527] out_of_memory+0x334/0x1340 [ 3113.887189][T24527] ? preempt_schedule_irq+0xf3/0x160 [ 3113.892473][T24527] ? retint_kernel+0x2b/0x2b [ 3113.897063][T24527] ? oom_killer_disable+0x280/0x280 [ 3113.902263][T24527] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3113.907988][T24527] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3113.913534][T24527] ? memcg_stat_show+0xc40/0xc40 [ 3113.918478][T24527] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3113.924284][T24527] ? cgroup_file_notify+0x140/0x1b0 [ 3113.929489][T24527] memory_max_write+0x262/0x3a0 [ 3113.934342][T24527] ? mem_cgroup_write+0x370/0x370 [ 3113.939371][T24527] ? cgroup_file_write+0x86/0x790 [ 3113.944399][T24527] cgroup_file_write+0x241/0x790 [ 3113.949334][T24527] ? mem_cgroup_write+0x370/0x370 [ 3113.954356][T24527] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3113.959992][T24527] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3113.965624][T24527] kernfs_fop_write+0x2b8/0x480 [ 3113.970472][T24527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3113.976713][T24527] __vfs_write+0x8a/0x110 [ 3113.981040][T24527] ? kernfs_fop_open+0xd80/0xd80 [ 3113.985975][T24527] vfs_write+0x268/0x5d0 [ 3113.990216][T24527] ksys_write+0x14f/0x290 [ 3113.994545][T24527] ? __ia32_sys_read+0xb0/0xb0 [ 3113.999311][T24527] ? do_syscall_64+0x26/0x760 [ 3114.003983][T24527] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3114.010048][T24527] ? do_syscall_64+0x26/0x760 [ 3114.014730][T24527] __x64_sys_write+0x73/0xb0 [ 3114.019320][T24527] do_syscall_64+0xfa/0x760 [ 3114.023831][T24527] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3114.029717][T24527] RIP: 0033:0x459a29 [ 3114.033613][T24527] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3114.053214][T24527] RSP: 002b:00007ff7df026c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3114.061625][T24527] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3114.069577][T24527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 3114.077525][T24527] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3114.085473][T24527] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff7df0276d4 [ 3114.093421][T24527] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3114.140864][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3114.149744][T16666] bridge0: port 1(bridge_slave_0) entered blocking state [ 3114.156857][T16666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3114.165629][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3114.175240][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3114.181855][T24527] memory: usage 3052kB, limit 0kB, failcnt 1320 [ 3114.186401][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3114.194558][T24527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3114.198316][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3114.213025][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3114.247531][T24527] Memory cgroup stats for /syz4: [ 3114.248710][T24527] anon 2142208 [ 3114.248710][T24527] file 28672 [ 3114.248710][T24527] kernel_stack 0 [ 3114.248710][T24527] slab 831488 [ 3114.248710][T24527] sock 0 [ 3114.248710][T24527] shmem 0 [ 3114.248710][T24527] file_mapped 0 [ 3114.248710][T24527] file_dirty 135168 [ 3114.248710][T24527] file_writeback 0 [ 3114.248710][T24527] anon_thp 2097152 [ 3114.248710][T24527] inactive_anon 0 [ 3114.248710][T24527] active_anon 2142208 [ 3114.248710][T24527] inactive_file 135168 [ 3114.248710][T24527] active_file 0 [ 3114.248710][T24527] unevictable 0 [ 3114.248710][T24527] slab_reclaimable 270336 [ 3114.248710][T24527] slab_unreclaimable 561152 [ 3114.248710][T24527] pgfault 20262 [ 3114.248710][T24527] pgmajfault 0 [ 3114.248710][T24527] workingset_refault 0 [ 3114.248710][T24527] workingset_activate 0 [ 3114.248710][T24527] workingset_nodereclaim 0 [ 3114.248710][T24527] pgrefill 67 [ 3114.248710][T24527] pgscan 110 [ 3114.248710][T24527] pgsteal 70 [ 3114.248710][T24527] pgactivate 33 [ 3114.250256][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3114.292867][T24527] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24526,uid=0 [ 3114.348736][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3114.378071][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3114.396748][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3114.418098][T12724] bridge0: port 2(bridge_slave_1) entered blocking state [ 3114.425246][T12724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3114.434931][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3114.453242][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3114.472822][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3114.491036][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3114.508339][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3114.521545][T12724] bridge0: port 1(bridge_slave_0) entered blocking state [ 3114.528665][T12724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3114.537032][T24527] Memory cgroup out of memory: Killed process 24527 (syz-executor.4) total-vm:72576kB, anon-rss:2184kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3114.572946][T24469] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 3114.574682][ T1066] oom_reaper: reaped process 24527 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3114.585935][T24469] CPU: 1 PID: 24469 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 3114.603941][T24469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3114.613988][T24469] Call Trace: [ 3114.617284][T24469] dump_stack+0x172/0x1f0 [ 3114.621617][T24469] dump_header+0x10b/0x82d [ 3114.626030][T24469] ? oom_kill_process+0x94/0x3f0 [ 3114.630969][T24469] oom_kill_process.cold+0x10/0x15 [ 3114.636086][T24469] out_of_memory+0x334/0x1340 [ 3114.640765][T24469] ? lock_downgrade+0x920/0x920 [ 3114.645620][T24469] ? oom_killer_disable+0x280/0x280 [ 3114.650822][T24469] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3114.656371][T24469] ? memcg_stat_show+0xc40/0xc40 [ 3114.661316][T24469] ? do_raw_spin_unlock+0x57/0x270 [ 3114.666519][T24469] ? _raw_spin_unlock+0x2d/0x50 [ 3114.671371][T24469] try_charge+0xf4b/0x1440 [ 3114.675802][T24469] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3114.681346][T24469] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3114.686900][T24469] ? cache_grow_begin+0x122/0xd20 [ 3114.691925][T24469] ? find_held_lock+0x35/0x130 [ 3114.696692][T24469] ? cache_grow_begin+0x122/0xd20 [ 3114.701721][T24469] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3114.707263][T24469] ? lock_downgrade+0x920/0x920 [ 3114.712109][T24469] ? memcg_kmem_put_cache+0x50/0x50 [ 3114.717305][T24469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3114.723543][T24469] ? __kasan_check_read+0x11/0x20 [ 3114.728572][T24469] cache_grow_begin+0x629/0xd20 [ 3114.733423][T24469] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 3114.739056][T24469] ? mempolicy_slab_node+0x139/0x390 [ 3114.744340][T24469] fallback_alloc+0x1fd/0x2d0 [ 3114.749023][T24469] ____cache_alloc_node+0x1bc/0x1d0 [ 3114.754217][T24469] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3114.760463][T24469] kmem_cache_alloc+0x1ef/0x710 [ 3114.765310][T24469] ? lock_downgrade+0x920/0x920 [ 3114.770157][T24469] ? rwlock_bug.part.0+0x90/0x90 [ 3114.775095][T24469] ? ratelimit_state_init+0xb0/0xb0 [ 3114.780289][T24469] ext4_alloc_inode+0x1f/0x640 [ 3114.785045][T24469] ? ratelimit_state_init+0xb0/0xb0 [ 3114.790236][T24469] alloc_inode+0x68/0x1e0 [ 3114.794568][T24469] iget_locked+0x1a6/0x4b0 [ 3114.798990][T24469] __ext4_iget+0x265/0x3e20 [ 3114.803493][T24469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3114.809739][T24469] ? ext4_get_projid+0x190/0x190 [ 3114.814674][T24469] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3114.820215][T24469] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3114.826191][T24469] ? d_alloc_parallel+0xa78/0x1c30 [ 3114.831304][T24469] ext4_lookup+0x3b1/0x7a0 [ 3114.835720][T24469] ? ext4_cross_rename+0x1430/0x1430 [ 3114.841001][T24469] ? __lock_acquire+0x16f2/0x4a00 [ 3114.846017][T24469] ? __kasan_check_read+0x11/0x20 [ 3114.851046][T24469] ? lockdep_init_map+0x1be/0x6d0 [ 3114.856070][T24469] __lookup_slow+0x279/0x500 [ 3114.860656][T24469] ? vfs_unlink+0x620/0x620 [ 3114.865185][T24469] lookup_slow+0x58/0x80 [ 3114.869426][T24469] path_mountpoint+0x5d2/0x1e60 [ 3114.874274][T24469] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3114.879817][T24469] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3114.885802][T24469] ? path_openat+0x46d0/0x46d0 [ 3114.890574][T24469] filename_mountpoint+0x18e/0x390 [ 3114.895684][T24469] ? filename_parentat.isra.0+0x410/0x410 [ 3114.901396][T24469] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3114.907557][T24469] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3114.913797][T24469] ? __phys_addr_symbol+0x30/0x70 [ 3114.918815][T24469] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3114.924526][T24469] ? __check_object_size+0x3d/0x437 [ 3114.929727][T24469] ? strncpy_from_user+0x2b4/0x400 [ 3114.934837][T24469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3114.941070][T24469] ? getname_flags+0x277/0x5b0 [ 3114.945832][T24469] user_path_mountpoint_at+0x3a/0x50 [ 3114.951117][T24469] ksys_umount+0x164/0xf00 [ 3114.955528][T24469] ? __ia32_sys_rmdir+0x40/0x40 [ 3114.960382][T24469] ? __detach_mounts+0x2a0/0x2a0 [ 3114.965312][T24469] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3114.971549][T24469] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3114.977001][T24469] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3114.982455][T24469] ? do_syscall_64+0x26/0x760 [ 3114.987129][T24469] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3114.993191][T24469] ? do_syscall_64+0x26/0x760 [ 3114.997867][T24469] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3115.003152][T24469] __x64_sys_umount+0x54/0x80 [ 3115.007823][T24469] do_syscall_64+0xfa/0x760 [ 3115.012327][T24469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3115.018210][T24469] RIP: 0033:0x45c457 [ 3115.022097][T24469] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3115.041693][T24469] RSP: 002b:00007ffd44233de8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 3115.050104][T24469] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c457 [ 3115.058077][T24469] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffd44233e90 [ 3115.066047][T24469] RBP: 0000000000000006 R08: 0000000000000000 R09: 000000000000000e 20:16:24 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 20:16:24 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf0ffff}, 0x0) 20:16:24 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x0, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 3115.074007][T24469] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffd44234f20 [ 3115.081968][T24469] R13: 000000000134b940 R14: 0000000000000000 R15: 00007ffd44234f20 [ 3115.086451][T24507] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3115.106816][T24469] memory: usage 8664kB, limit 0kB, failcnt 179 [ 3115.113029][T24469] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3115.125682][T24469] Memory cgroup stats for /syz3: [ 3115.125785][T24538] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3115.125798][T24469] anon 188416 [ 3115.125798][T24469] file 90112 [ 3115.125798][T24469] kernel_stack 0 [ 3115.125798][T24469] slab 8904704 [ 3115.125798][T24469] sock 0 [ 3115.125798][T24469] shmem 0 [ 3115.125798][T24469] file_mapped 0 [ 3115.125798][T24469] file_dirty 0 [ 3115.125798][T24469] file_writeback 0 [ 3115.125798][T24469] anon_thp 0 [ 3115.125798][T24469] inactive_anon 0 [ 3115.125798][T24469] active_anon 36864 [ 3115.125798][T24469] inactive_file 135168 [ 3115.125798][T24469] active_file 0 [ 3115.125798][T24469] unevictable 0 [ 3115.125798][T24469] slab_reclaimable 8380416 [ 3115.125798][T24469] slab_unreclaimable 524288 [ 3115.125798][T24469] pgfault 46629 [ 3115.125798][T24469] pgmajfault 0 [ 3115.125798][T24469] workingset_refault 0 [ 3115.125798][T24469] workingset_activate 0 [ 3115.125798][T24469] workingset_nodereclaim 0 [ 3115.125798][T24469] pgrefill 349 [ 3115.125798][T24469] pgscan 343 [ 3115.125798][T24469] pgsteal 33 [ 3115.125798][T24469] pgactivate 297 [ 3115.125821][T24469] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24469,uid=0 [ 3115.139081][T24538] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3115.233164][T24507] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3115.282022][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3115.290447][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3115.299976][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3115.313710][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3115.323449][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3115.332810][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3115.341301][T16666] bridge0: port 2(bridge_slave_1) entered blocking state [ 3115.348424][T16666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3115.357563][T24469] Memory cgroup out of memory: Killed process 24469 (syz-executor.3) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3115.376550][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3115.386461][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3115.395375][ T1066] oom_reaper: reaped process 24469 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3115.396771][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3115.406674][T24483] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3115.415871][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3115.441794][T24483] CPU: 0 PID: 24483 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 3115.447199][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3115.449356][T24483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3115.458725][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3115.467257][T24483] Call Trace: [ 3115.467281][T24483] dump_stack+0x172/0x1f0 [ 3115.467301][T24483] dump_header+0x10b/0x82d [ 3115.467311][T24483] ? oom_kill_process+0x94/0x3f0 [ 3115.467326][T24483] oom_kill_process.cold+0x10/0x15 [ 3115.467341][T24483] out_of_memory+0x334/0x1340 [ 3115.467357][T24483] ? lock_downgrade+0x920/0x920 [ 3115.467373][T24483] ? oom_killer_disable+0x280/0x280 [ 3115.467396][T24483] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3115.467409][T24483] ? memcg_stat_show+0xc40/0xc40 [ 3115.467426][T24483] ? do_raw_spin_unlock+0x57/0x270 [ 3115.467444][T24483] ? _raw_spin_unlock+0x2d/0x50 [ 3115.467460][T24483] try_charge+0xf4b/0x1440 [ 3115.467484][T24483] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3115.467497][T24483] ? percpu_ref_tryget_live+0x111/0x290 [ 3115.467516][T24483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3115.467533][T24483] ? __kasan_check_read+0x11/0x20 [ 3115.467550][T24483] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3115.467569][T24483] mem_cgroup_try_charge+0x136/0x590 [ 3115.467591][T24483] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3115.467608][T24483] wp_page_copy+0x407/0x1860 [ 3115.467625][T24483] ? find_held_lock+0x35/0x130 [ 3115.476504][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3115.478695][T24483] ? do_wp_page+0x53b/0x15c0 [ 3115.483862][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3115.487391][T24483] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3115.493915][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3115.497388][T24483] ? lock_downgrade+0x920/0x920 [ 3115.497413][T24483] ? swp_swapcount+0x540/0x540 [ 3115.513142][T16666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3115.517581][T24483] ? __kasan_check_read+0x11/0x20 [ 3115.517601][T24483] ? do_raw_spin_unlock+0x57/0x270 [ 3115.581848][T24503] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3115.584813][T24483] do_wp_page+0x543/0x15c0 [ 3115.584832][T24483] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3115.605279][T24503] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3115.610670][T24483] __handle_mm_fault+0x23ec/0x4040 [ 3115.610690][T24483] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3115.681590][T24503] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3115.686895][T24483] ? handle_mm_fault+0x292/0xaa0 [ 3115.686926][T24483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3115.704797][T24483] ? __kasan_check_read+0x11/0x20 [ 3115.709821][T24483] handle_mm_fault+0x3b7/0xaa0 [ 3115.709845][T24483] __do_page_fault+0x536/0xdd0 [ 3115.709867][T24483] do_page_fault+0x38/0x590 [ 3115.723847][T24483] page_fault+0x39/0x40 [ 3115.727999][T24483] RIP: 0033:0x4034f2 [ 3115.731889][T24483] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3115.751490][T24483] RSP: 002b:00007ffcc7cc3c00 EFLAGS: 00010246 [ 3115.757551][T24483] RAX: 0000000000000000 RBX: 00000000002f8619 RCX: 0000000000413630 [ 3115.765514][T24483] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcc7cc4d30 [ 3115.773478][T24483] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001da3940 [ 3115.781442][T24483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc7cc4d30 [ 3115.789411][T24483] R13: 00007ffcc7cc4d20 R14: 0000000000000000 R15: 00007ffcc7cc4d30 [ 3115.821569][T24483] memory: usage 732kB, limit 0kB, failcnt 1328 [ 3115.828471][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3115.837858][T24483] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3115.846374][T24483] Memory cgroup stats for /syz4: [ 3115.846456][T24483] anon 0 [ 3115.846456][T24483] file 28672 [ 3115.846456][T24483] kernel_stack 0 [ 3115.846456][T24483] slab 831488 [ 3115.846456][T24483] sock 0 [ 3115.846456][T24483] shmem 0 [ 3115.846456][T24483] file_mapped 0 [ 3115.846456][T24483] file_dirty 135168 [ 3115.846456][T24483] file_writeback 0 [ 3115.846456][T24483] anon_thp 0 [ 3115.846456][T24483] inactive_anon 0 [ 3115.846456][T24483] active_anon 0 [ 3115.846456][T24483] inactive_file 135168 [ 3115.846456][T24483] active_file 0 [ 3115.846456][T24483] unevictable 0 [ 3115.846456][T24483] slab_reclaimable 270336 [ 3115.846456][T24483] slab_unreclaimable 561152 [ 3115.846456][T24483] pgfault 20262 [ 3115.846456][T24483] pgmajfault 0 [ 3115.846456][T24483] workingset_refault 0 [ 3115.846456][T24483] workingset_activate 0 [ 3115.846456][T24483] workingset_nodereclaim 0 [ 3115.846456][T24483] pgrefill 67 [ 3115.846456][T24483] pgscan 110 [ 3115.846456][T24483] pgsteal 70 [ 3115.846456][T24483] pgactivate 33 [ 3115.846746][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3115.851414][T24483] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24483,uid=0 [ 3115.974672][T24483] Memory cgroup out of memory: Killed process 24483 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3115.995392][ T1066] oom_reaper: reaped process 24483 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3116.003109][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3116.042890][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3116.052054][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3116.061306][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3116.070160][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3116.079573][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3116.088701][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3116.097347][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3116.108589][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3116.117248][T12724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3116.127278][T24505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3116.420684][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3116.441011][T16062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3116.729261][T24507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3116.790610][T24505] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3116.936002][T24552] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3117.094297][T24552] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3117.120074][T24561] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 3117.145856][T24552] CPU: 1 PID: 24552 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3117.153455][T24552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3117.163522][T24552] Call Trace: [ 3117.166822][T24552] dump_stack+0x172/0x1f0 [ 3117.171168][T24552] dump_header+0x10b/0x82d [ 3117.175595][T24552] oom_kill_process.cold+0x10/0x15 [ 3117.180718][T24552] out_of_memory+0x334/0x1340 [ 3117.185401][T24552] ? __sched_text_start+0x8/0x8 [ 3117.190268][T24552] ? oom_killer_disable+0x280/0x280 [ 3117.195486][T24552] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3117.201036][T24552] ? memcg_stat_show+0xc40/0xc40 [ 3117.205991][T24552] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3117.211802][T24552] ? cgroup_file_notify+0x140/0x1b0 [ 3117.217012][T24552] memory_max_write+0x262/0x3a0 [ 3117.221871][T24552] ? mem_cgroup_write+0x370/0x370 [ 3117.226907][T24552] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3117.232379][T24552] cgroup_file_write+0x241/0x790 [ 3117.237320][T24552] ? mem_cgroup_write+0x370/0x370 [ 3117.242348][T24552] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3117.247991][T24552] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3117.253626][T24552] kernfs_fop_write+0x2b8/0x480 [ 3117.258483][T24552] __vfs_write+0x8a/0x110 [ 3117.262811][T24552] ? kernfs_fop_open+0xd80/0xd80 [ 3117.267749][T24552] vfs_write+0x268/0x5d0 [ 3117.271991][T24552] ksys_write+0x14f/0x290 [ 3117.276316][T24552] ? __ia32_sys_read+0xb0/0xb0 [ 3117.281083][T24552] ? do_syscall_64+0x26/0x760 [ 3117.285758][T24552] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3117.291820][T24552] ? do_syscall_64+0x26/0x760 [ 3117.296503][T24552] __x64_sys_write+0x73/0xb0 [ 3117.301097][T24552] do_syscall_64+0xfa/0x760 [ 3117.305610][T24552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3117.311494][T24552] RIP: 0033:0x459a29 [ 3117.315390][T24552] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3117.334990][T24552] RSP: 002b:00007fde94c69c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3117.343401][T24552] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3117.351366][T24552] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 3117.359335][T24552] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3117.367302][T24552] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde94c6a6d4 [ 3117.375268][T24552] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff [ 3117.413714][T24552] memory: usage 3184kB, limit 0kB, failcnt 1351 [ 3117.420369][T24552] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3117.428696][T24552] Memory cgroup stats for /syz0: [ 3117.429350][T24552] anon 2113536 [ 3117.429350][T24552] file 20480 [ 3117.429350][T24552] kernel_stack 65536 [ 3117.429350][T24552] slab 962560 [ 3117.429350][T24552] sock 0 [ 3117.429350][T24552] shmem 0 [ 3117.429350][T24552] file_mapped 0 [ 3117.429350][T24552] file_dirty 0 [ 3117.429350][T24552] file_writeback 0 [ 3117.429350][T24552] anon_thp 2097152 [ 3117.429350][T24552] inactive_anon 0 [ 3117.429350][T24552] active_anon 2113536 [ 3117.429350][T24552] inactive_file 0 [ 3117.429350][T24552] active_file 0 [ 3117.429350][T24552] unevictable 0 [ 3117.429350][T24552] slab_reclaimable 270336 [ 3117.429350][T24552] slab_unreclaimable 692224 [ 3117.429350][T24552] pgfault 19404 [ 3117.429350][T24552] pgmajfault 0 [ 3117.429350][T24552] workingset_refault 0 [ 3117.429350][T24552] workingset_activate 0 [ 3117.429350][T24552] workingset_nodereclaim 0 [ 3117.429350][T24552] pgrefill 66 [ 3117.429350][T24552] pgscan 66 [ 3117.429350][T24552] pgsteal 0 [ 3117.429350][T24552] pgactivate 33 [ 3117.536019][T24552] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24550,uid=0 20:16:27 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x1000000}, 0x0) [ 3117.562302][T24552] Memory cgroup out of memory: Killed process 24550 (syz-executor.0) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3117.587162][T24560] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3117.633438][T24568] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3117.658698][T24560] CPU: 0 PID: 24560 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3117.666276][T24560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3117.676332][T24560] Call Trace: [ 3117.679633][T24560] dump_stack+0x172/0x1f0 [ 3117.683968][T24560] dump_header+0x10b/0x82d [ 3117.688389][T24560] oom_kill_process.cold+0x10/0x15 [ 3117.693505][T24560] out_of_memory+0x334/0x1340 [ 3117.698181][T24560] ? trace_hardirqs_on_caller+0x6a/0x240 [ 3117.703820][T24560] ? cgroup_file_notify+0x140/0x1b0 [ 3117.709027][T24560] ? oom_killer_disable+0x280/0x280 [ 3117.714248][T24560] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3117.719795][T24560] ? memcg_stat_show+0xc40/0xc40 [ 3117.724751][T24560] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3117.730563][T24560] ? cgroup_file_notify+0x140/0x1b0 [ 3117.735768][T24560] memory_max_write+0x262/0x3a0 [ 3117.740632][T24560] ? mem_cgroup_write+0x370/0x370 [ 3117.745664][T24560] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3117.751144][T24560] cgroup_file_write+0x241/0x790 [ 3117.756089][T24560] ? mem_cgroup_write+0x370/0x370 [ 3117.761116][T24560] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3117.766755][T24560] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3117.772388][T24560] kernfs_fop_write+0x2b8/0x480 [ 3117.777246][T24560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3117.783497][T24560] __vfs_write+0x8a/0x110 [ 3117.787835][T24560] ? kernfs_fop_open+0xd80/0xd80 [ 3117.792782][T24560] vfs_write+0x268/0x5d0 [ 3117.797030][T24560] ksys_write+0x14f/0x290 [ 3117.801359][T24560] ? __ia32_sys_read+0xb0/0xb0 [ 3117.806129][T24560] ? do_syscall_64+0x26/0x760 [ 3117.810805][T24560] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3117.816872][T24560] ? do_syscall_64+0x26/0x760 [ 3117.821554][T24560] __x64_sys_write+0x73/0xb0 [ 3117.826148][T24560] do_syscall_64+0xfa/0x760 [ 3117.830655][T24560] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3117.836545][T24560] RIP: 0033:0x459a29 [ 3117.840438][T24560] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3117.860042][T24560] RSP: 002b:00007f81828bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3117.868452][T24560] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 3117.876419][T24560] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3117.884385][T24560] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3117.892351][T24560] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81828c06d4 [ 3117.900318][T24560] R13: 00000000004c9e0f R14: 00000000004e1a10 R15: 00000000ffffffff 20:16:27 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:16:27 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext, 0x452f30e498ad3605, 0x0, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:16:27 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) 20:16:27 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x0, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, 0x0, 0xe, r2, 0xc6861fa405dd3ee3) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f}, 0x20) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r4, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3118.011728][T24568] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3118.026323][T24560] memory: usage 3136kB, limit 0kB, failcnt 1403 [ 3118.032779][T24560] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3118.061747][T24560] Memory cgroup stats for /syz5: [ 3118.061865][T24560] anon 2138112 [ 3118.061865][T24560] file 0 [ 3118.061865][T24560] kernel_stack 65536 [ 3118.061865][T24560] slab 811008 [ 3118.061865][T24560] sock 4096 [ 3118.061865][T24560] shmem 77824 [ 3118.061865][T24560] file_mapped 0 [ 3118.061865][T24560] file_dirty 0 [ 3118.061865][T24560] file_writeback 0 [ 3118.061865][T24560] anon_thp 2097152 [ 3118.061865][T24560] inactive_anon 135168 [ 3118.061865][T24560] active_anon 2138112 [ 3118.061865][T24560] inactive_file 0 [ 3118.061865][T24560] active_file 0 [ 3118.061865][T24560] unevictable 0 [ 3118.061865][T24560] slab_reclaimable 135168 [ 3118.061865][T24560] slab_unreclaimable 675840 [ 3118.061865][T24560] pgfault 22077 [ 3118.061865][T24560] pgmajfault 0 [ 3118.061865][T24560] workingset_refault 0 [ 3118.061865][T24560] workingset_activate 0 [ 3118.061865][T24560] workingset_nodereclaim 0 [ 3118.061865][T24560] pgrefill 165 [ 3118.061865][T24560] pgscan 253 [ 3118.061865][T24560] pgsteal 69 [ 3118.061865][T24560] pgactivate 66 [ 3118.301894][T24560] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24557,uid=0 [ 3118.344926][T24560] Memory cgroup out of memory: Killed process 24560 (syz-executor.5) total-vm:72576kB, anon-rss:2180kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3118.382042][T24503] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3118.391400][ T1066] oom_reaper: reaped process 24560 (syz-executor.5), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3118.392727][T24503] CPU: 1 PID: 24503 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 3118.410672][T24503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3118.420727][T24503] Call Trace: [ 3118.424027][T24503] dump_stack+0x172/0x1f0 [ 3118.428381][T24503] dump_header+0x10b/0x82d [ 3118.432798][T24503] ? oom_kill_process+0x94/0x3f0 [ 3118.437738][T24503] oom_kill_process.cold+0x10/0x15 [ 3118.442856][T24503] out_of_memory+0x334/0x1340 [ 3118.447539][T24503] ? lock_downgrade+0x920/0x920 [ 3118.452397][T24503] ? oom_killer_disable+0x280/0x280 [ 3118.457610][T24503] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3118.463155][T24503] ? memcg_stat_show+0xc40/0xc40 [ 3118.468091][T24503] ? do_raw_spin_unlock+0x57/0x270 [ 3118.473210][T24503] ? _raw_spin_unlock+0x2d/0x50 [ 3118.478068][T24503] try_charge+0xf4b/0x1440 [ 3118.482497][T24503] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3118.488039][T24503] ? percpu_ref_tryget_live+0x111/0x290 [ 3118.493596][T24503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3118.499841][T24503] ? __kasan_check_read+0x11/0x20 [ 3118.504871][T24503] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3118.510418][T24503] mem_cgroup_try_charge+0x136/0x590 [ 3118.515704][T24503] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3118.521339][T24503] __handle_mm_fault+0x1f0d/0x4040 [ 3118.526455][T24503] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3118.532000][T24503] ? handle_mm_fault+0x292/0xaa0 [ 3118.536947][T24503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3118.543186][T24503] ? __kasan_check_read+0x11/0x20 [ 3118.548213][T24503] handle_mm_fault+0x3b7/0xaa0 [ 3118.552980][T24503] __do_page_fault+0x536/0xdd0 [ 3118.557745][T24503] do_page_fault+0x38/0x590 [ 3118.562262][T24503] page_fault+0x39/0x40 [ 3118.566410][T24503] RIP: 0033:0x4034f2 [ 3118.570300][T24503] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 3118.589904][T24503] RSP: 002b:00007ffe7a74ee70 EFLAGS: 00010246 [ 3118.595969][T24503] RAX: 0000000000000000 RBX: 00000000002f8fcb RCX: 0000000000413630 [ 3118.603935][T24503] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe7a74ffa0 [ 3118.611900][T24503] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002155940 [ 3118.619867][T24503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7a74ffa0 [ 3118.627833][T24503] R13: 00007ffe7a74ff90 R14: 0000000000000000 R15: 00007ffe7a74ffa0 20:16:28 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 3118.661472][T24503] memory: usage 864kB, limit 0kB, failcnt 1359 [ 3118.683407][T24503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3118.690266][T24503] Memory cgroup stats for /syz0: [ 3118.690365][T24503] anon 0 [ 3118.690365][T24503] file 20480 [ 3118.690365][T24503] kernel_stack 0 [ 3118.690365][T24503] slab 962560 [ 3118.690365][T24503] sock 0 [ 3118.690365][T24503] shmem 0 [ 3118.690365][T24503] file_mapped 0 [ 3118.690365][T24503] file_dirty 0 [ 3118.690365][T24503] file_writeback 0 [ 3118.690365][T24503] anon_thp 0 [ 3118.690365][T24503] inactive_anon 0 [ 3118.690365][T24503] active_anon 0 [ 3118.690365][T24503] inactive_file 0 [ 3118.690365][T24503] active_file 0 [ 3118.690365][T24503] unevictable 0 [ 3118.690365][T24503] slab_reclaimable 270336 [ 3118.690365][T24503] slab_unreclaimable 692224 [ 3118.690365][T24503] pgfault 19404 [ 3118.690365][T24503] pgmajfault 0 [ 3118.690365][T24503] workingset_refault 0 20:16:28 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x2000000}, 0x0) [ 3118.690365][T24503] workingset_activate 0 [ 3118.690365][T24503] workingset_nodereclaim 0 [ 3118.690365][T24503] pgrefill 66 [ 3118.690365][T24503] pgscan 66 [ 3118.690365][T24503] pgsteal 0 [ 3118.690365][T24503] pgactivate 33 [ 3118.690365][T24503] pgdeactivate 66 [ 3118.790792][T24503] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24503,uid=0 [ 3118.824737][T24584] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3118.832028][T24503] Memory cgroup out of memory: Killed process 24503 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3118.861742][T24584] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3118.870279][T24505] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3118.871717][ T1066] oom_reaper: reaped process 24503 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3118.888746][T24505] CPU: 1 PID: 24505 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 3118.899467][T24505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3118.909519][T24505] Call Trace: [ 3118.912816][T24505] dump_stack+0x172/0x1f0 [ 3118.917150][T24505] dump_header+0x10b/0x82d [ 3118.921571][T24505] ? oom_kill_process+0x94/0x3f0 [ 3118.926512][T24505] oom_kill_process.cold+0x10/0x15 [ 3118.931620][T24505] out_of_memory+0x334/0x1340 [ 3118.936292][T24505] ? lock_downgrade+0x920/0x920 [ 3118.941143][T24505] ? oom_killer_disable+0x280/0x280 [ 3118.946361][T24505] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3118.952002][T24505] ? memcg_stat_show+0xc40/0xc40 [ 3118.956940][T24505] ? do_raw_spin_unlock+0x57/0x270 [ 3118.962053][T24505] ? _raw_spin_unlock+0x2d/0x50 [ 3118.966901][T24505] try_charge+0xf4b/0x1440 [ 3118.971327][T24505] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3118.976869][T24505] ? percpu_ref_tryget_live+0x111/0x290 [ 3118.982412][T24505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3118.988650][T24505] ? __kasan_check_read+0x11/0x20 [ 3118.993676][T24505] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3118.999218][T24505] mem_cgroup_try_charge+0x136/0x590 [ 3119.004512][T24505] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3119.010150][T24505] wp_page_copy+0x407/0x1860 [ 3119.014735][T24505] ? find_held_lock+0x35/0x130 [ 3119.019498][T24505] ? do_wp_page+0x53b/0x15c0 [ 3119.024086][T24505] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3119.029887][T24505] ? lock_downgrade+0x920/0x920 [ 3119.034735][T24505] ? swp_swapcount+0x540/0x540 [ 3119.039499][T24505] ? __kasan_check_read+0x11/0x20 [ 3119.044516][T24505] ? do_raw_spin_unlock+0x57/0x270 [ 3119.049628][T24505] do_wp_page+0x543/0x15c0 [ 3119.054050][T24505] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3119.059427][T24505] __handle_mm_fault+0x23ec/0x4040 [ 3119.064539][T24505] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3119.070078][T24505] ? handle_mm_fault+0x292/0xaa0 [ 3119.075023][T24505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3119.081260][T24505] ? __kasan_check_read+0x11/0x20 [ 3119.086284][T24505] handle_mm_fault+0x3b7/0xaa0 [ 3119.091053][T24505] __do_page_fault+0x536/0xdd0 [ 3119.095821][T24505] do_page_fault+0x38/0x590 [ 3119.100323][T24505] page_fault+0x39/0x40 [ 3119.104477][T24505] RIP: 0033:0x430b06 [ 3119.108372][T24505] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3119.127967][T24505] RSP: 002b:00007ffc06020260 EFLAGS: 00010206 [ 3119.134025][T24505] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3119.141991][T24505] RDX: 0000000002435930 RSI: 000000000243d970 RDI: 0000000000000003 [ 3119.149958][T24505] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002434940 [ 3119.157917][T24505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3119.165862][T24505] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 20:16:28 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x3000000}, 0x0) [ 3119.177823][T24505] memory: usage 876kB, limit 0kB, failcnt 1409 [ 3119.184050][T24505] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3119.190888][T24505] Memory cgroup stats for /syz2: [ 3119.190991][T24505] anon 61440 [ 3119.190991][T24505] file 20480 [ 3119.190991][T24505] kernel_stack 65536 [ 3119.190991][T24505] slab 946176 [ 3119.190991][T24505] sock 0 [ 3119.190991][T24505] shmem 0 [ 3119.190991][T24505] file_mapped 0 [ 3119.190991][T24505] file_dirty 135168 [ 3119.190991][T24505] file_writeback 0 [ 3119.190991][T24505] anon_thp 0 [ 3119.190991][T24505] inactive_anon 0 [ 3119.190991][T24505] active_anon 0 [ 3119.190991][T24505] inactive_file 0 [ 3119.190991][T24505] active_file 0 [ 3119.190991][T24505] unevictable 0 [ 3119.190991][T24505] slab_reclaimable 270336 [ 3119.190991][T24505] slab_unreclaimable 675840 [ 3119.190991][T24505] pgfault 19140 [ 3119.190991][T24505] pgmajfault 0 [ 3119.190991][T24505] workingset_refault 0 [ 3119.190991][T24505] workingset_activate 0 [ 3119.190991][T24505] workingset_nodereclaim 0 [ 3119.190991][T24505] pgrefill 99 [ 3119.190991][T24505] pgscan 99 [ 3119.190991][T24505] pgsteal 0 [ 3119.190991][T24505] pgactivate 66 [ 3119.293235][T24505] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24505,uid=0 [ 3119.309357][T24505] Memory cgroup out of memory: Killed process 24505 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 3119.327054][T24586] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3119.335288][T24586] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3119.345173][T24507] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3119.345679][ T1066] oom_reaper: reaped process 24505 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3119.355324][T24507] CPU: 1 PID: 24507 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 3119.373769][T24507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3119.383821][T24507] Call Trace: [ 3119.387115][T24507] dump_stack+0x172/0x1f0 [ 3119.391447][T24507] dump_header+0x10b/0x82d [ 3119.395870][T24507] ? oom_kill_process+0x94/0x3f0 [ 3119.400810][T24507] oom_kill_process.cold+0x10/0x15 [ 3119.405921][T24507] out_of_memory+0x334/0x1340 [ 3119.410604][T24507] ? lock_downgrade+0x920/0x920 [ 3119.415461][T24507] ? oom_killer_disable+0x280/0x280 [ 3119.420668][T24507] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3119.426209][T24507] ? memcg_stat_show+0xc40/0xc40 [ 3119.431151][T24507] ? do_raw_spin_unlock+0x57/0x270 [ 3119.436262][T24507] ? _raw_spin_unlock+0x2d/0x50 [ 3119.441110][T24507] try_charge+0xf4b/0x1440 [ 3119.445526][T24507] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3119.451071][T24507] ? percpu_ref_tryget_live+0x111/0x290 [ 3119.456620][T24507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3119.462859][T24507] ? __kasan_check_read+0x11/0x20 [ 3119.467891][T24507] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3119.473440][T24507] mem_cgroup_try_charge+0x136/0x590 [ 3119.478731][T24507] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3119.484352][T24507] wp_page_copy+0x407/0x1860 [ 3119.488926][T24507] ? find_held_lock+0x35/0x130 [ 3119.493669][T24507] ? do_wp_page+0x53b/0x15c0 [ 3119.498237][T24507] ? pmd_devmap_trans_unstable+0x220/0x220 [ 3119.504032][T24507] ? lock_downgrade+0x920/0x920 [ 3119.508868][T24507] ? swp_swapcount+0x540/0x540 [ 3119.513662][T24507] ? __kasan_check_read+0x11/0x20 [ 3119.518673][T24507] ? do_raw_spin_unlock+0x57/0x270 [ 3119.523765][T24507] do_wp_page+0x543/0x15c0 [ 3119.528161][T24507] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 3119.533516][T24507] __handle_mm_fault+0x23ec/0x4040 [ 3119.538640][T24507] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3119.544192][T24507] ? handle_mm_fault+0x292/0xaa0 [ 3119.549114][T24507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3119.555330][T24507] ? __kasan_check_read+0x11/0x20 [ 3119.560336][T24507] handle_mm_fault+0x3b7/0xaa0 [ 3119.565091][T24507] __do_page_fault+0x536/0xdd0 [ 3119.569880][T24507] do_page_fault+0x38/0x590 [ 3119.574365][T24507] page_fault+0x39/0x40 [ 3119.578495][T24507] RIP: 0033:0x430b06 [ 3119.582367][T24507] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 44 64 00 85 c0 0f 84 [ 3119.601944][T24507] RSP: 002b:00007ffc4661e4b0 EFLAGS: 00010206 [ 3119.607985][T24507] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 3119.615942][T24507] RDX: 0000000002a6e930 RSI: 0000000002a76970 RDI: 0000000000000003 [ 3119.623895][T24507] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002a6d940 [ 3119.631841][T24507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 3119.639785][T24507] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 3119.653882][T24507] memory: usage 840kB, limit 0kB, failcnt 1411 [ 3119.660189][T24507] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3119.669191][T24507] Memory cgroup stats for /syz5: [ 3119.669291][T24507] anon 28672 [ 3119.669291][T24507] file 0 [ 3119.669291][T24507] kernel_stack 0 [ 3119.669291][T24507] slab 811008 [ 3119.669291][T24507] sock 4096 [ 3119.669291][T24507] shmem 77824 [ 3119.669291][T24507] file_mapped 0 [ 3119.669291][T24507] file_dirty 0 [ 3119.669291][T24507] file_writeback 0 [ 3119.669291][T24507] anon_thp 0 [ 3119.669291][T24507] inactive_anon 135168 [ 3119.669291][T24507] active_anon 28672 [ 3119.669291][T24507] inactive_file 0 [ 3119.669291][T24507] active_file 0 [ 3119.669291][T24507] unevictable 0 [ 3119.669291][T24507] slab_reclaimable 135168 [ 3119.669291][T24507] slab_unreclaimable 675840 [ 3119.669291][T24507] pgfault 22077 [ 3119.669291][T24507] pgmajfault 0 [ 3119.669291][T24507] workingset_refault 0 [ 3119.669291][T24507] workingset_activate 0 [ 3119.669291][T24507] workingset_nodereclaim 0 [ 3119.669291][T24507] pgrefill 165 [ 3119.669291][T24507] pgscan 253 [ 3119.669291][T24507] pgsteal 69 [ 3119.669291][T24507] pgactivate 66 [ 3119.765229][T24507] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24507,uid=0 [ 3119.781063][T24507] Memory cgroup out of memory: Killed process 24507 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 3119.803161][ T1066] oom_reaper: reaped process 24507 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 20:16:29 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4000000}, 0x0) [ 3120.181120][T24594] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3120.218035][T24594] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:16:30 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0xe, r2, 0xc6861fa405dd3ee3) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:16:30 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20531d200100003404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x5000000}, 0x0) [ 3120.938319][T24598] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3120.971705][T24598] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.1'. 20:16:30 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r1, 0xe, r2, 0xc6861fa405dd3ee3) r3 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r3, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r5, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 20:16:46 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x0, 0x0, 0x0, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x0, 0x5, 0x0, 0x8c5bf9cac50963bc, 0x0, 0x9989, 0x6}, 0x0, 0xe, r1, 0xc6861fa405dd3ee3) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8955, &(0x7f0000000ec0)) recvmsg(r3, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {&(0x7f0000000540)=""/194, 0xc2}, {&(0x7f0000000640)=""/113, 0xffffffffffffff21}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000140)}, {&(0x7f0000000740)=""/165, 0xa5}], 0x9}, 0xf4ad1e69669fbe32) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="9febefa8d3c5007f1836c390000000004a8fc4de5415d00bf205a54b818b69d31a7c811e2f08e4ca975b6f5e7351fde14086b34e18ef779f9a532ff1ffffd790ca43e7f807101086ca345cb5b2aa1f568a6f8fa813edf09a99c8182227260999baaa80caa3a6157365b850f06bb83dc3628178b045971c88361660afb0709c"], 0x0, 0x7f, 0x0, 0x1}, 0x20) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r4, 0x0, 0x0) 20:16:46 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x3f, 0x2, 0x80, 0x0, 0x2, 0x4c20, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0xb, @perf_config_ext={0x4, 0x400}, 0x452f30e498ad3605, 0x5, 0x101, 0x8c5bf9cac50963bc, 0xbe43, 0x9989, 0x6}, r2, 0xe, r3, 0xc6861fa405dd3ee3) r4 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x8955, &(0x7f0000000ec0)=0x4000000000000002) recvmsg(r5, &(0x7f00000008c0)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000000440)=""/103, 0x67}, {&(0x7f00000004c0)=""/89, 0x59}, {0x0}, {&(0x7f0000000640)=""/113, 0x71}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}], 0x8}, 0xf4ad1e69669fbe32) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x1}, 0x20) r8 = openat$cgroup_int(r6, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r7, r1, 0x0, 0x3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r9 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x89a2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r8, 0x0, 0x0) [ 3137.020466][T24595] IPVS: ftp: loaded support on port[0] = 21 [ 3137.021815][T24589] IPVS: ftp: loaded support on port[0] = 21 [ 3137.034676][T24601] IPVS: ftp: loaded support on port[0] = 21 [ 3153.246858][T24595] chnl_net:caif_netlink_parms(): no params data found [ 3161.353126][T24595] bridge0: port 1(bridge_slave_0) entered blocking state [ 3161.360198][T24595] bridge0: port 1(bridge_slave_0) entered disabled state [ 3161.371358][T24595] device bridge_slave_0 entered promiscuous mode [ 3161.383071][T24595] bridge0: port 2(bridge_slave_1) entered blocking state [ 3161.390111][T24595] bridge0: port 2(bridge_slave_1) entered disabled state [ 3161.402497][T24595] device bridge_slave_1 entered promiscuous mode [ 3161.409769][T24601] chnl_net:caif_netlink_parms(): no params data found [ 3161.480056][T24595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3161.508496][T24589] chnl_net:caif_netlink_parms(): no params data found [ 3161.521502][T24595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3161.561488][T24601] bridge0: port 1(bridge_slave_0) entered blocking state [ 3161.570507][T24601] bridge0: port 1(bridge_slave_0) entered disabled state [ 3161.579096][T24601] device bridge_slave_0 entered promiscuous mode [ 3169.506822][T24595] team0: Port device team_slave_0 added [ 3169.513369][T24601] bridge0: port 2(bridge_slave_1) entered blocking state [ 3169.520427][T24601] bridge0: port 2(bridge_slave_1) entered disabled state [ 3169.528851][T24601] device bridge_slave_1 entered promiscuous mode [ 3169.551850][T24595] team0: Port device team_slave_1 added [ 3169.567121][T24589] bridge0: port 1(bridge_slave_0) entered blocking state [ 3169.575462][T24589] bridge0: port 1(bridge_slave_0) entered disabled state [ 3169.583985][T24589] device bridge_slave_0 entered promiscuous mode [ 3169.614375][T24589] bridge0: port 2(bridge_slave_1) entered blocking state [ 3169.621442][T24589] bridge0: port 2(bridge_slave_1) entered disabled state [ 3169.631591][T24589] device bridge_slave_1 entered promiscuous mode [ 3169.675004][T24595] device hsr_slave_0 entered promiscuous mode [ 3169.722637][T24595] device hsr_slave_1 entered promiscuous mode [ 3169.791844][T24595] debugfs: Directory 'hsr0' with parent '/' already present! [ 3169.803498][T24601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3177.798991][T24601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3177.852953][T24589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3185.934915][T24589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3202.238781][T24610] IPVS: ftp: loaded support on port[0] = 21 [ 3202.411221][T24610] chnl_net:caif_netlink_parms(): no params data found [ 3202.498633][T24610] bridge0: port 1(bridge_slave_0) entered blocking state [ 3202.506831][T24610] bridge0: port 1(bridge_slave_0) entered disabled state [ 3202.515251][T24610] device bridge_slave_0 entered promiscuous mode [ 3202.574078][T24610] bridge0: port 2(bridge_slave_1) entered blocking state [ 3202.581168][T24610] bridge0: port 2(bridge_slave_1) entered disabled state [ 3202.603207][T24610] device bridge_slave_1 entered promiscuous mode [ 3202.648733][T24610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3202.727378][T24610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3202.818930][T24610] team0: Port device team_slave_0 added [ 3202.900699][T24610] team0: Port device team_slave_1 added [ 3202.913273][ T154] device bridge_slave_1 left promiscuous mode [ 3202.919700][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3202.953169][ T154] device bridge_slave_0 left promiscuous mode [ 3202.959386][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.014528][ T154] device bridge_slave_1 left promiscuous mode [ 3203.020730][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.114050][ T154] device bridge_slave_0 left promiscuous mode [ 3203.120271][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.194718][ T154] device bridge_slave_1 left promiscuous mode [ 3203.200947][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.323424][ T154] device bridge_slave_0 left promiscuous mode [ 3203.329656][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.434720][ T154] device bridge_slave_1 left promiscuous mode [ 3203.440947][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.503547][ T154] device bridge_slave_0 left promiscuous mode [ 3203.509763][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.604621][ T154] device bridge_slave_1 left promiscuous mode [ 3203.610845][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.663434][ T154] device bridge_slave_0 left promiscuous mode [ 3203.669723][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.744511][ T154] device bridge_slave_1 left promiscuous mode [ 3203.750726][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.823750][ T154] device bridge_slave_0 left promiscuous mode [ 3203.829987][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.884567][ T154] device bridge_slave_1 left promiscuous mode [ 3203.890787][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3204.003578][ T154] device bridge_slave_0 left promiscuous mode [ 3204.009817][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3204.114647][ T154] device bridge_slave_1 left promiscuous mode [ 3204.120868][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3204.233355][ T154] device bridge_slave_0 left promiscuous mode [ 3204.239591][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3204.374747][ T154] device bridge_slave_1 left promiscuous mode [ 3204.380992][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3204.533584][ T154] device bridge_slave_0 left promiscuous mode [ 3204.539804][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3204.624656][ T154] device bridge_slave_1 left promiscuous mode [ 3204.630877][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3204.723534][ T154] device bridge_slave_0 left promiscuous mode [ 3204.729750][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3204.787288][ T154] device bridge_slave_1 left promiscuous mode [ 3204.794374][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3204.913299][ T154] device bridge_slave_0 left promiscuous mode [ 3204.919522][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3205.034643][ T154] device bridge_slave_1 left promiscuous mode [ 3205.040850][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3205.104207][ T154] device bridge_slave_0 left promiscuous mode [ 3205.110415][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3205.244669][ T154] device bridge_slave_1 left promiscuous mode [ 3205.250873][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3205.323232][ T154] device bridge_slave_0 left promiscuous mode [ 3205.329433][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3205.404444][ T154] device bridge_slave_1 left promiscuous mode [ 3205.410636][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3205.483196][ T154] device bridge_slave_0 left promiscuous mode [ 3205.489402][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3205.554499][ T154] device bridge_slave_1 left promiscuous mode [ 3205.560701][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3205.633305][ T154] device bridge_slave_0 left promiscuous mode [ 3205.639534][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3205.724672][ T154] device bridge_slave_1 left promiscuous mode [ 3205.730885][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3205.803271][ T154] device bridge_slave_0 left promiscuous mode [ 3205.809474][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3205.934579][ T154] device bridge_slave_1 left promiscuous mode [ 3205.940795][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3206.093470][ T154] device bridge_slave_0 left promiscuous mode [ 3206.099707][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3206.275386][ T154] device bridge_slave_1 left promiscuous mode [ 3206.282614][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3206.383307][ T154] device bridge_slave_0 left promiscuous mode [ 3206.389532][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3206.454599][ T154] device bridge_slave_1 left promiscuous mode [ 3206.460823][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3206.553250][ T154] device bridge_slave_0 left promiscuous mode [ 3206.559469][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3206.704611][ T154] device bridge_slave_1 left promiscuous mode [ 3206.710837][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3206.773184][ T154] device bridge_slave_0 left promiscuous mode [ 3206.779404][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3206.824465][ T154] device bridge_slave_1 left promiscuous mode [ 3206.831464][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3206.922913][ T154] device bridge_slave_0 left promiscuous mode [ 3206.929116][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3206.986266][ T154] device bridge_slave_1 left promiscuous mode [ 3206.993226][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3207.083290][ T154] device bridge_slave_0 left promiscuous mode [ 3207.089499][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3207.184580][ T154] device bridge_slave_1 left promiscuous mode [ 3207.190799][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3207.243105][ T154] device bridge_slave_0 left promiscuous mode [ 3207.249312][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3207.294332][ T154] device bridge_slave_1 left promiscuous mode [ 3207.300536][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3207.433366][ T154] device bridge_slave_0 left promiscuous mode [ 3207.439588][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3207.534614][ T154] device bridge_slave_1 left promiscuous mode [ 3207.540863][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3207.633283][ T154] device bridge_slave_0 left promiscuous mode [ 3207.639509][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3207.734772][ T154] device bridge_slave_1 left promiscuous mode [ 3207.740989][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3207.813212][ T154] device bridge_slave_0 left promiscuous mode [ 3207.819418][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3207.874494][ T154] device bridge_slave_1 left promiscuous mode [ 3207.880707][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3207.933053][ T154] device bridge_slave_0 left promiscuous mode [ 3207.939257][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3208.054487][ T154] device bridge_slave_1 left promiscuous mode [ 3208.060700][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3208.153295][ T154] device bridge_slave_0 left promiscuous mode [ 3208.159510][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3208.214505][ T154] device bridge_slave_1 left promiscuous mode [ 3208.220750][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3208.333280][ T154] device bridge_slave_0 left promiscuous mode [ 3208.339493][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3208.404474][ T154] device bridge_slave_1 left promiscuous mode [ 3208.410722][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3208.523664][ T154] device bridge_slave_0 left promiscuous mode [ 3208.529878][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3208.584285][ T154] device bridge_slave_1 left promiscuous mode [ 3208.590510][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3208.643061][ T154] device bridge_slave_0 left promiscuous mode [ 3208.649272][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3208.784518][ T154] device bridge_slave_1 left promiscuous mode [ 3208.790780][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3208.834279][ T154] device bridge_slave_0 left promiscuous mode [ 3208.840509][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3208.944583][ T154] device bridge_slave_1 left promiscuous mode [ 3208.950806][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3209.103277][ T154] device bridge_slave_0 left promiscuous mode [ 3209.109497][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3209.184474][ T154] device bridge_slave_1 left promiscuous mode [ 3209.190697][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3209.273337][ T154] device bridge_slave_0 left promiscuous mode [ 3209.279563][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3209.334274][ T154] device bridge_slave_1 left promiscuous mode [ 3209.340491][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3209.422058][ T154] device bridge_slave_0 left promiscuous mode [ 3209.428279][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3209.504601][ T154] device bridge_slave_1 left promiscuous mode [ 3209.510832][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3209.593139][ T154] device bridge_slave_0 left promiscuous mode [ 3209.599391][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3209.664505][ T154] device bridge_slave_1 left promiscuous mode [ 3209.670741][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3209.733132][ T154] device bridge_slave_0 left promiscuous mode [ 3209.739377][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3209.836063][ T154] device bridge_slave_1 left promiscuous mode [ 3209.843252][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3209.895069][ T154] device bridge_slave_0 left promiscuous mode [ 3209.901294][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3209.945361][ T154] device bridge_slave_1 left promiscuous mode [ 3209.952756][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3210.033281][ T154] device bridge_slave_0 left promiscuous mode [ 3210.039505][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3210.184474][ T154] device bridge_slave_1 left promiscuous mode [ 3210.190702][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3210.283242][ T154] device bridge_slave_0 left promiscuous mode [ 3210.289451][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3210.384462][ T154] device bridge_slave_1 left promiscuous mode [ 3210.390671][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3210.463148][ T154] device bridge_slave_0 left promiscuous mode [ 3210.469371][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3210.594571][ T154] device bridge_slave_1 left promiscuous mode [ 3210.600822][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3210.763285][ T154] device bridge_slave_0 left promiscuous mode [ 3210.769575][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3210.924579][ T154] device bridge_slave_1 left promiscuous mode [ 3210.930812][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3211.073050][ T154] device bridge_slave_0 left promiscuous mode [ 3211.079277][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3211.164367][ T154] device bridge_slave_1 left promiscuous mode [ 3211.170593][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3211.213236][ T154] device bridge_slave_0 left promiscuous mode [ 3211.219458][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3211.294530][ T154] device bridge_slave_1 left promiscuous mode [ 3211.300768][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3211.403246][ T154] device bridge_slave_0 left promiscuous mode [ 3211.409474][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3211.524750][ T154] device bridge_slave_1 left promiscuous mode [ 3211.530987][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3211.593232][ T154] device bridge_slave_0 left promiscuous mode [ 3211.599450][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3211.654323][ T154] device bridge_slave_1 left promiscuous mode [ 3211.660564][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3211.803276][ T154] device bridge_slave_0 left promiscuous mode [ 3211.809499][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3211.884333][ T154] device bridge_slave_1 left promiscuous mode [ 3211.890546][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3211.983120][ T154] device bridge_slave_0 left promiscuous mode [ 3211.989335][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3212.064361][ T154] device bridge_slave_1 left promiscuous mode [ 3212.070584][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3212.123173][ T154] device bridge_slave_0 left promiscuous mode [ 3212.129388][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3212.264358][ T154] device bridge_slave_1 left promiscuous mode [ 3212.270581][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3212.363133][ T154] device bridge_slave_0 left promiscuous mode [ 3212.369347][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3212.483339][ T154] device bridge_slave_1 left promiscuous mode [ 3212.489528][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3212.553399][ T154] device bridge_slave_0 left promiscuous mode [ 3212.559631][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3212.634208][ T154] device bridge_slave_1 left promiscuous mode [ 3212.640428][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3212.763276][ T154] device bridge_slave_0 left promiscuous mode [ 3212.769484][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3212.834276][ T154] device bridge_slave_1 left promiscuous mode [ 3212.840472][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3212.922924][ T154] device bridge_slave_0 left promiscuous mode [ 3212.929202][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.024717][ T154] device bridge_slave_1 left promiscuous mode [ 3213.030918][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.082914][ T154] device bridge_slave_0 left promiscuous mode [ 3213.089107][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.144277][ T154] device bridge_slave_1 left promiscuous mode [ 3213.150497][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.203130][ T154] device bridge_slave_0 left promiscuous mode [ 3213.209350][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.304450][ T154] device bridge_slave_1 left promiscuous mode [ 3213.310684][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.372883][ T154] device bridge_slave_0 left promiscuous mode [ 3213.379091][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.444260][ T154] device bridge_slave_1 left promiscuous mode [ 3213.450490][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.522183][ T154] device bridge_slave_0 left promiscuous mode [ 3213.528381][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.584261][ T154] device bridge_slave_1 left promiscuous mode [ 3213.590489][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.683194][ T154] device bridge_slave_0 left promiscuous mode [ 3213.689423][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.734311][ T154] device bridge_slave_1 left promiscuous mode [ 3213.740533][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.803149][ T154] device bridge_slave_0 left promiscuous mode [ 3213.809471][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.855285][ T154] device bridge_slave_1 left promiscuous mode [ 3213.861517][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.912910][ T154] device bridge_slave_0 left promiscuous mode [ 3213.919127][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.964335][ T154] device bridge_slave_1 left promiscuous mode [ 3213.970535][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.103161][ T154] device bridge_slave_0 left promiscuous mode [ 3214.109383][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3214.184375][ T154] device bridge_slave_1 left promiscuous mode [ 3214.190581][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.272925][ T154] device bridge_slave_0 left promiscuous mode [ 3214.279144][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3214.364303][ T154] device bridge_slave_1 left promiscuous mode [ 3214.370519][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.463048][ T154] device bridge_slave_0 left promiscuous mode [ 3214.469245][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3214.524281][ T154] device bridge_slave_1 left promiscuous mode [ 3214.530488][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.653036][ T154] device bridge_slave_0 left promiscuous mode [ 3214.659264][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3214.765257][ T154] device bridge_slave_1 left promiscuous mode [ 3214.771492][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.873072][ T154] device bridge_slave_0 left promiscuous mode [ 3214.879290][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3215.004714][ T154] device bridge_slave_1 left promiscuous mode [ 3215.010936][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3215.032989][ T154] device bridge_slave_0 left promiscuous mode [ 3215.039194][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3215.123331][ T154] device bridge_slave_1 left promiscuous mode [ 3215.129533][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3215.202915][ T154] device bridge_slave_0 left promiscuous mode [ 3215.209127][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3215.294274][ T154] device bridge_slave_1 left promiscuous mode [ 3215.300482][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3215.392996][ T154] device bridge_slave_0 left promiscuous mode [ 3215.399192][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3215.503506][ T154] device bridge_slave_1 left promiscuous mode [ 3215.509715][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3215.552924][ T154] device bridge_slave_0 left promiscuous mode [ 3215.559130][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3215.694307][ T154] device bridge_slave_1 left promiscuous mode [ 3215.700522][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3215.784314][ T154] device bridge_slave_0 left promiscuous mode [ 3215.790525][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3215.874236][ T154] device bridge_slave_1 left promiscuous mode [ 3215.880477][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3215.953028][ T154] device bridge_slave_0 left promiscuous mode [ 3215.959254][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3216.004238][ T154] device bridge_slave_1 left promiscuous mode [ 3216.010464][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3216.063554][ T154] device bridge_slave_0 left promiscuous mode [ 3216.069777][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3216.154180][ T154] device bridge_slave_1 left promiscuous mode [ 3216.160398][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 3216.242753][ T154] device bridge_slave_0 left promiscuous mode [ 3216.248970][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 3349.381858][ T1065] INFO: task kworker/1:2:22550 blocked for more than 143 seconds. [ 3349.389721][ T1065] Not tainted 5.3.0+ #0 [ 3349.402573][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3349.411261][ T1065] kworker/1:2 D27112 22550 2 0x80004000 [ 3349.441657][ T1065] Workqueue: events switchdev_deferred_process_work [ 3349.448279][ T1065] Call Trace: [ 3349.451580][ T1065] __schedule+0x94f/0x1e70 [ 3349.466132][ T1065] ? __sched_text_start+0x8/0x8 [ 3349.470982][ T1065] ? __kasan_check_read+0x11/0x20 [ 3349.491713][ T1065] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3349.496948][ T1065] schedule+0xd9/0x260 [ 3349.501021][ T1065] schedule_preempt_disabled+0x13/0x20 [ 3349.521651][ T1065] __mutex_lock+0x7b0/0x13c0 [ 3349.526268][ T1065] ? rtnl_lock+0x17/0x20 [ 3349.530512][ T1065] ? mutex_trylock+0x2d0/0x2d0 [ 3349.551706][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3349.557984][ T1065] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3349.564541][ T1065] mutex_lock_nested+0x16/0x20 [ 3349.569849][ T1065] ? mutex_lock_nested+0x16/0x20 [ 3349.575224][ T1065] rtnl_lock+0x17/0x20 [ 3349.579295][ T1065] switchdev_deferred_process_work+0xe/0x20 [ 3349.585513][ T1065] process_one_work+0x9af/0x1740 [ 3349.590466][ T1065] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3349.596195][ T1065] ? lock_acquire+0x190/0x410 [ 3349.600882][ T1065] worker_thread+0x98/0xe40 [ 3349.611677][ T1065] ? trace_hardirqs_on+0x67/0x240 [ 3349.616726][ T1065] kthread+0x361/0x430 [ 3349.620789][ T1065] ? process_one_work+0x1740/0x1740 [ 3349.641733][ T1065] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3349.648004][ T1065] ret_from_fork+0x24/0x30 [ 3349.661787][ T1065] INFO: task kworker/0:22:24580 blocked for more than 143 seconds. [ 3349.669685][ T1065] Not tainted 5.3.0+ #0 [ 3349.691625][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3349.700306][ T1065] kworker/0:22 D27112 24580 2 0x80004000 [ 3349.707077][ T1065] Workqueue: events linkwatch_event [ 3349.712551][ T1065] Call Trace: [ 3349.715847][ T1065] __schedule+0x94f/0x1e70 [ 3349.720264][ T1065] ? __sched_text_start+0x8/0x8 [ 3349.725460][ T1065] ? __kasan_check_read+0x11/0x20 [ 3349.730496][ T1065] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3349.735996][ T1065] schedule+0xd9/0x260 [ 3349.740070][ T1065] schedule_preempt_disabled+0x13/0x20 [ 3349.745890][ T1065] __mutex_lock+0x7b0/0x13c0 [ 3349.750486][ T1065] ? rtnl_lock+0x17/0x20 [ 3349.761677][ T1065] ? mutex_trylock+0x2d0/0x2d0 [ 3349.766458][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3349.772996][ T1065] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3349.779157][ T1065] mutex_lock_nested+0x16/0x20 [ 3349.784626][ T1065] ? mutex_lock_nested+0x16/0x20 [ 3349.789563][ T1065] rtnl_lock+0x17/0x20 [ 3349.794805][ T1065] linkwatch_event+0xf/0x70 [ 3349.799311][ T1065] process_one_work+0x9af/0x1740 [ 3349.804584][ T1065] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3349.809952][ T1065] ? lock_acquire+0x190/0x410 [ 3349.815061][ T1065] worker_thread+0x98/0xe40 [ 3349.819571][ T1065] ? trace_hardirqs_on+0x67/0x240 [ 3349.825079][ T1065] kthread+0x361/0x430 [ 3349.829150][ T1065] ? process_one_work+0x1740/0x1740 [ 3349.841672][ T1065] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3349.847925][ T1065] ret_from_fork+0x24/0x30 [ 3349.861773][ T1065] INFO: task syz-executor.0:24610 blocked for more than 143 seconds. [ 3349.869840][ T1065] Not tainted 5.3.0+ #0 [ 3349.876576][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3349.885582][ T1065] syz-executor.0 D24568 24610 1 0x00000004 [ 3349.892223][ T1065] Call Trace: [ 3349.895530][ T1065] __schedule+0x94f/0x1e70 [ 3349.899945][ T1065] ? __sched_text_start+0x8/0x8 [ 3349.905118][ T1065] ? lock_downgrade+0x920/0x920 [ 3349.909967][ T1065] ? rwlock_bug.part.0+0x90/0x90 [ 3349.915233][ T1065] schedule+0xd9/0x260 [ 3349.919303][ T1065] schedule_preempt_disabled+0x13/0x20 [ 3349.925941][ T1065] __mutex_lock+0x7b0/0x13c0 [ 3349.930543][ T1065] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3349.935971][ T1065] ? mutex_trylock+0x2d0/0x2d0 [ 3349.940733][ T1065] ? find_held_lock+0x35/0x130 [ 3349.945849][ T1065] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3349.950967][ T1065] ? lock_downgrade+0x920/0x920 [ 3349.956124][ T1065] ? rcu_read_lock_held_common+0x130/0x130 [ 3349.962214][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3349.968456][ T1065] mutex_lock_nested+0x16/0x20 [ 3349.973539][ T1065] ? mutex_lock_nested+0x16/0x20 [ 3349.978477][ T1065] rtnetlink_rcv_msg+0x40a/0xb00 [ 3349.983770][ T1065] ? rtnl_bridge_getlink+0x910/0x910 [ 3349.989055][ T1065] ? lock_downgrade+0x920/0x920 [ 3349.994372][ T1065] ? netlink_deliver_tap+0x22d/0xbf0 [ 3349.999661][ T1065] ? find_held_lock+0x35/0x130 [ 3350.021708][ T1065] netlink_rcv_skb+0x177/0x450 [ 3350.026499][ T1065] ? rtnl_bridge_getlink+0x910/0x910 [ 3350.041718][ T1065] ? netlink_ack+0xb50/0xb50 [ 3350.046324][ T1065] ? __kasan_check_read+0x11/0x20 [ 3350.051350][ T1065] ? netlink_deliver_tap+0x254/0xbf0 [ 3350.071698][ T1065] rtnetlink_rcv+0x1d/0x30 [ 3350.076136][ T1065] netlink_unicast+0x531/0x710 [ 3350.080904][ T1065] ? netlink_attachskb+0x7c0/0x7c0 [ 3350.086635][ T1065] ? _copy_from_iter_full+0x25d/0x8c0 [ 3350.092282][ T1065] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3350.097999][ T1065] ? __check_object_size+0x3d/0x437 [ 3350.103689][ T1065] netlink_sendmsg+0x8a5/0xd60 [ 3350.108464][ T1065] ? netlink_unicast+0x710/0x710 [ 3350.113783][ T1065] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3350.119329][ T1065] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3350.125245][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3350.131487][ T1065] ? security_socket_sendmsg+0x8d/0xc0 [ 3350.141730][ T1065] ? netlink_unicast+0x710/0x710 [ 3350.146681][ T1065] sock_sendmsg+0xd7/0x130 [ 3350.151094][ T1065] __sys_sendto+0x262/0x380 [ 3350.155931][ T1065] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3350.161319][ T1065] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3350.167852][ T1065] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3350.173669][ T1065] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3350.179649][ T1065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3350.186384][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3350.193002][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3350.198462][ T1065] ? do_syscall_64+0x26/0x760 [ 3350.203544][ T1065] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3350.209617][ T1065] __x64_sys_sendto+0xe1/0x1a0 [ 3350.214694][ T1065] do_syscall_64+0xfa/0x760 [ 3350.219203][ T1065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3350.225441][ T1065] RIP: 0033:0x413873 [ 3350.229334][ T1065] Code: ff ff ff 0f 1f 40 00 b8 18 fc ff ff e9 56 ff ff ff bf 97 30 44 00 b9 0d 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 80 39 41 00 e9 <37> ff ff ff bf a4 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 [ 3350.249276][ T1065] RSP: 002b:00007ffc1108e708 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3350.257955][ T1065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413873 [ 3350.266304][ T1065] RDX: 0000000000000034 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3350.274559][ T1065] RBP: 0000000000000000 R08: 00007ffc1108e710 R09: 000000000000000c [ 3350.282817][ T1065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3350.290787][ T1065] R13: 0000000000000003 R14: 0000000000000000 R15: 00000000004be831 [ 3350.299135][ T1065] INFO: task syz-executor.4:24613 blocked for more than 144 seconds. [ 3350.307435][ T1065] Not tainted 5.3.0+ #0 [ 3350.312348][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3350.321009][ T1065] syz-executor.4 D28136 24613 1 0x00000004 [ 3350.328555][ T1065] Call Trace: [ 3350.332146][ T1065] __schedule+0x94f/0x1e70 [ 3350.336567][ T1065] ? __sched_text_start+0x8/0x8 [ 3350.341413][ T1065] ? lock_downgrade+0x920/0x920 [ 3350.346744][ T1065] ? rwlock_bug.part.0+0x90/0x90 [ 3350.351973][ T1065] schedule+0xd9/0x260 [ 3350.356042][ T1065] schedule_preempt_disabled+0x13/0x20 [ 3350.361498][ T1065] __mutex_lock+0x7b0/0x13c0 [ 3350.366478][ T1065] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3350.371994][ T1065] ? mutex_trylock+0x2d0/0x2d0 [ 3350.376760][ T1065] ? find_held_lock+0x35/0x130 [ 3350.381525][ T1065] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3350.401642][ T1065] ? lock_downgrade+0x920/0x920 [ 3350.406507][ T1065] ? rcu_read_lock_held_common+0x130/0x130 [ 3350.421718][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3350.427971][ T1065] mutex_lock_nested+0x16/0x20 [ 3350.441644][ T1065] ? mutex_lock_nested+0x16/0x20 [ 3350.446589][ T1065] rtnetlink_rcv_msg+0x40a/0xb00 [ 3350.451524][ T1065] ? rtnl_bridge_getlink+0x910/0x910 [ 3350.481647][ T1065] ? lock_downgrade+0x920/0x920 [ 3350.486520][ T1065] ? netlink_deliver_tap+0x22d/0xbf0 [ 3350.492160][ T1065] ? find_held_lock+0x35/0x130 [ 3350.496930][ T1065] netlink_rcv_skb+0x177/0x450 [ 3350.502216][ T1065] ? rtnl_bridge_getlink+0x910/0x910 [ 3350.507508][ T1065] ? netlink_ack+0xb50/0xb50 [ 3350.512411][ T1065] ? __kasan_check_read+0x11/0x20 [ 3350.517449][ T1065] ? netlink_deliver_tap+0x254/0xbf0 [ 3350.523026][ T1065] rtnetlink_rcv+0x1d/0x30 [ 3350.527446][ T1065] netlink_unicast+0x531/0x710 [ 3350.532531][ T1065] ? netlink_attachskb+0x7c0/0x7c0 [ 3350.537642][ T1065] ? _copy_from_iter_full+0x25d/0x8c0 [ 3350.543334][ T1065] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3350.549052][ T1065] ? __check_object_size+0x3d/0x437 [ 3350.561648][ T1065] netlink_sendmsg+0x8a5/0xd60 [ 3350.566431][ T1065] ? netlink_unicast+0x710/0x710 [ 3350.571361][ T1065] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3350.591678][ T1065] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3350.597146][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3350.612112][ T1065] ? security_socket_sendmsg+0x8d/0xc0 [ 3350.617587][ T1065] ? netlink_unicast+0x710/0x710 [ 3350.622871][ T1065] sock_sendmsg+0xd7/0x130 [ 3350.627292][ T1065] __sys_sendto+0x262/0x380 [ 3350.632103][ T1065] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3350.637488][ T1065] ? lock_downgrade+0x920/0x920 [ 3350.642639][ T1065] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3350.647946][ T1065] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 3350.653922][ T1065] ? unlock_page_memcg+0x40/0x40 [ 3350.658869][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3350.664685][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3350.670144][ T1065] ? do_syscall_64+0x26/0x760 [ 3350.675126][ T1065] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3350.681196][ T1065] __x64_sys_sendto+0xe1/0x1a0 [ 3350.686253][ T1065] do_syscall_64+0xfa/0x760 [ 3350.690766][ T1065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3350.697128][ T1065] RIP: 0033:0x413873 [ 3350.701026][ T1065] Code: ff ff ff 0f 1f 40 00 b8 18 fc ff ff e9 56 ff ff ff bf 97 30 44 00 b9 0d 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 80 39 41 00 e9 <37> ff ff ff bf a4 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 [ 3350.721111][ T1065] RSP: 002b:00007ffcc0ca52d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3350.729816][ T1065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413873 [ 3350.738140][ T1065] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3350.747516][ T1065] RBP: 00007ffcc0ca5340 R08: 00007ffcc0ca52e0 R09: 000000000000000c [ 3350.755777][ T1065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3350.764028][ T1065] R13: 00007ffcc0ca5648 R14: 0000000000000000 R15: 0000000000000000 [ 3350.782162][ T1065] INFO: task syz-executor.3:24615 blocked for more than 144 seconds. [ 3350.790234][ T1065] Not tainted 5.3.0+ #0 [ 3350.811638][ T1065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3350.820317][ T1065] syz-executor.3 D28136 24615 1 0x00000004 [ 3350.841631][ T1065] Call Trace: [ 3350.844945][ T1065] __schedule+0x94f/0x1e70 [ 3350.849361][ T1065] ? __sched_text_start+0x8/0x8 [ 3350.861639][ T1065] ? lock_downgrade+0x920/0x920 [ 3350.866497][ T1065] ? rwlock_bug.part.0+0x90/0x90 [ 3350.871437][ T1065] schedule+0xd9/0x260 [ 3350.891693][ T1065] schedule_preempt_disabled+0x13/0x20 [ 3350.897163][ T1065] __mutex_lock+0x7b0/0x13c0 [ 3350.911656][ T1065] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3350.916785][ T1065] ? mutex_trylock+0x2d0/0x2d0 [ 3350.921544][ T1065] ? find_held_lock+0x35/0x130 [ 3350.941645][ T1065] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3350.946779][ T1065] ? lock_downgrade+0x920/0x920 [ 3350.972749][ T1065] ? rcu_read_lock_held_common+0x130/0x130 [ 3350.978569][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3350.991644][ T1065] mutex_lock_nested+0x16/0x20 [ 3350.996456][ T1065] ? mutex_lock_nested+0x16/0x20 [ 3351.001387][ T1065] rtnetlink_rcv_msg+0x40a/0xb00 [ 3351.006777][ T1065] ? rtnl_bridge_getlink+0x910/0x910 [ 3351.012324][ T1065] ? lock_downgrade+0x920/0x920 [ 3351.017182][ T1065] ? netlink_deliver_tap+0x22d/0xbf0 [ 3351.022823][ T1065] ? find_held_lock+0x35/0x130 [ 3351.027593][ T1065] netlink_rcv_skb+0x177/0x450 [ 3351.032676][ T1065] ? rtnl_bridge_getlink+0x910/0x910 [ 3351.037962][ T1065] ? netlink_ack+0xb50/0xb50 [ 3351.051640][ T1065] ? __kasan_check_read+0x11/0x20 [ 3351.056680][ T1065] ? netlink_deliver_tap+0x254/0xbf0 [ 3351.066900][ T1065] rtnetlink_rcv+0x1d/0x30 [ 3351.071329][ T1065] netlink_unicast+0x531/0x710 [ 3351.076390][ T1065] ? netlink_attachskb+0x7c0/0x7c0 [ 3351.081511][ T1065] ? _copy_from_iter_full+0x25d/0x8c0 [ 3351.087295][ T1065] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3351.093397][ T1065] ? __check_object_size+0x3d/0x437 [ 3351.098605][ T1065] netlink_sendmsg+0x8a5/0xd60 [ 3351.104604][ T1065] ? netlink_unicast+0x710/0x710 [ 3351.109542][ T1065] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3351.115367][ T1065] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3351.120826][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3351.127384][ T1065] ? security_socket_sendmsg+0x8d/0xc0 [ 3351.133116][ T1065] ? netlink_unicast+0x710/0x710 [ 3351.138055][ T1065] sock_sendmsg+0xd7/0x130 [ 3351.142790][ T1065] __sys_sendto+0x262/0x380 [ 3351.147306][ T1065] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3351.153097][ T1065] ? lock_downgrade+0x920/0x920 [ 3351.157952][ T1065] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3351.163556][ T1065] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 3351.169191][ T1065] ? unlock_page_memcg+0x40/0x40 [ 3351.174405][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3351.179864][ T1065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3351.185638][ T1065] ? do_syscall_64+0x26/0x760 [ 3351.190312][ T1065] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3351.196672][ T1065] __x64_sys_sendto+0xe1/0x1a0 [ 3351.201445][ T1065] do_syscall_64+0xfa/0x760 [ 3351.206276][ T1065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3351.212430][ T1065] RIP: 0033:0x413873 [ 3351.216324][ T1065] Code: ff ff ff 0f 1f 40 00 b8 18 fc ff ff e9 56 ff ff ff bf 97 30 44 00 b9 0d 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 80 39 41 00 e9 <37> ff ff ff bf a4 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 [ 3351.237291][ T1065] RSP: 002b:00007ffc477d9d78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3351.245972][ T1065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413873 [ 3351.254237][ T1065] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3351.262485][ T1065] RBP: 00007ffc477d9de0 R08: 00007ffc477d9d80 R09: 000000000000000c [ 3351.270452][ T1065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3351.278744][ T1065] R13: 00007ffc477da0e8 R14: 0000000000000000 R15: 0000000000000000 [ 3351.287117][ T1065] [ 3351.287117][ T1065] Showing all locks held in the system: [ 3351.295148][ T1065] 4 locks held by kworker/u4:3/154: [ 3351.300339][ T1065] 1 lock held by khungtaskd/1065: [ 3351.305784][ T1065] #0: ffffffff88faad00 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3351.331674][ T1065] 1 lock held by rsyslogd/8650: [ 3351.336527][ T1065] #0: ffff888090cb23a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3351.345609][ T1065] 2 locks held by getty/8740: [ 3351.350275][ T1065] #0: ffff88808d7db250 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.359667][ T1065] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.370591][ T1065] 2 locks held by getty/8741: [ 3351.375572][ T1065] #0: ffff8880a7b8d290 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.391622][ T1065] #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.401186][ T1065] 2 locks held by getty/8742: [ 3351.421673][ T1065] #0: ffff88808eeea090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.430637][ T1065] #1: ffffc90005f1d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.461737][ T1065] 2 locks held by getty/8743: [ 3351.466425][ T1065] #0: ffff88808d7da150 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.491745][ T1065] #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.501330][ T1065] 2 locks held by getty/8744: [ 3351.521624][ T1065] #0: ffff88808d7da9d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.530588][ T1065] #1: ffffc90005f2d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.561772][ T1065] 2 locks held by getty/8745: [ 3351.566453][ T1065] #0: ffff8880a8e4e6d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.575891][ T1065] #1: ffffc90005f312e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.585964][ T1065] 2 locks held by getty/8746: [ 3351.590629][ T1065] #0: ffff88808dea7790 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3351.599891][ T1065] #1: ffffc90005f092e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3351.609836][ T1065] 3 locks held by kworker/1:2/22550: [ 3351.615398][ T1065] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 3351.625728][ T1065] #1: ffff88805d427dc0 (deferred_process_work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3351.635843][ T1065] #2: ffffffff89997ca0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3351.644198][ T1065] 2 locks held by kworker/u4:2/24315: [ 3351.649570][ T1065] 3 locks held by kworker/0:2/24563: [ 3351.655153][ T1065] #0: ffff88821676bde8 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 [ 3351.665905][ T1065] #1: ffff88803c3afdc0 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3351.675935][ T1065] #2: ffffffff89997ca0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3351.684254][ T1065] 2 locks held by kworker/0:14/24571: [ 3351.689618][ T1065] #0: ffff8880aa435ba8 ((wq_completion)rcu_gp){+.+.}, at: process_one_work+0x88b/0x1740 [ 3351.699759][ T1065] #1: ffff888070087dc0 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3351.710839][ T1065] 3 locks held by kworker/0:22/24580: [ 3351.716500][ T1065] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 3351.726831][ T1065] #1: ffff888041c07dc0 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3351.737066][ T1065] #2: ffffffff89997ca0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3351.745339][ T1065] 1 lock held by syz-executor.0/24610: [ 3351.750783][ T1065] #0: ffffffff89997ca0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3351.759944][ T1065] 1 lock held by syz-executor.4/24613: [ 3351.765666][ T1065] #0: ffffffff89997ca0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3351.774810][ T1065] 1 lock held by syz-executor.3/24615: [ 3351.780255][ T1065] #0: ffffffff89997ca0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3351.791481][ T1065] [ 3351.794408][ T1065] ============================================= [ 3351.794408][ T1065] [ 3351.803097][ T1065] NMI backtrace for cpu 1 [ 3351.807425][ T1065] CPU: 1 PID: 1065 Comm: khungtaskd Not tainted 5.3.0+ #0 [ 3351.814522][ T1065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3351.824571][ T1065] Call Trace: [ 3351.827856][ T1065] dump_stack+0x172/0x1f0 [ 3351.832190][ T1065] nmi_cpu_backtrace.cold+0x70/0xb2 [ 3351.837383][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3351.843621][ T1065] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 3351.849249][ T1065] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 3351.855229][ T1065] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3351.861117][ T1065] watchdog+0x9d0/0xef0 [ 3351.865281][ T1065] kthread+0x361/0x430 [ 3351.869343][ T1065] ? reset_hung_task_detector+0x30/0x30 [ 3351.874884][ T1065] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3351.881119][ T1065] ret_from_fork+0x24/0x30 [ 3351.885685][ T1065] Sending NMI from CPU 1 to CPUs 0: [ 3351.891195][ C0] NMI backtrace for cpu 0 [ 3351.891200][ C0] CPU: 0 PID: 24315 Comm: kworker/u4:2 Not tainted 5.3.0+ #0 [ 3351.891206][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3351.891209][ C0] Workqueue: bat_events batadv_purge_orig [ 3351.891216][ C0] RIP: 0010:lock_acquire+0x1ae/0x410 [ 3351.891226][ C0] Code: 83 f1 01 41 83 e1 01 e8 e0 9c ff ff 48 b8 00 00 00 00 00 fc ff df 65 48 8b 1c 25 40 fe 01 00 48 8d bb 94 08 00 00 48 83 c4 20 <48> 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 [ 3351.891230][ C0] RSP: 0018:ffff88803722fc10 EFLAGS: 00000082 [ 3351.891237][ C0] RAX: dffffc0000000000 RBX: ffff88809b2a2400 RCX: ffffffff8158f2b2 [ 3351.891241][ C0] RDX: 1ffff11013654592 RSI: 0000000000000008 RDI: ffff88809b2a2c94 [ 3351.891246][ C0] RBP: ffff88803722fc58 R08: 0000000000007ff3 R09: fffffbfff14ee143 [ 3351.891250][ C0] R10: ffff88809b2a2ce8 R11: ffff88809b2a2400 R12: ffff88803ad10218 [ 3351.891255][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3351.891260][ C0] FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 3351.891264][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3351.891268][ C0] CR2: 000000c422de1030 CR3: 000000009d0a5000 CR4: 00000000001406f0 [ 3351.891273][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3351.891277][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3351.891280][ C0] Call Trace: [ 3351.891283][ C0] _raw_spin_lock_bh+0x33/0x50 [ 3351.891287][ C0] ? batadv_purge_orig_ref+0x11c/0x1060 [ 3351.891290][ C0] batadv_purge_orig_ref+0x11c/0x1060 [ 3351.891293][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3351.891297][ C0] ? trace_hardirqs_on+0x67/0x240 [ 3351.891300][ C0] batadv_purge_orig+0x1b/0x70 [ 3351.891304][ C0] process_one_work+0x9af/0x1740 [ 3351.891307][ C0] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3351.891310][ C0] ? lock_acquire+0x190/0x410 [ 3351.891313][ C0] worker_thread+0x98/0xe40 [ 3351.891316][ C0] ? trace_hardirqs_on+0x67/0x240 [ 3351.891319][ C0] kthread+0x361/0x430 [ 3351.891323][ C0] ? process_one_work+0x1740/0x1740 [ 3351.891326][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3351.891329][ C0] ret_from_fork+0x24/0x30 [ 3351.901647][ T1065] Kernel panic - not syncing: hung_task: blocked tasks [ 3352.113900][ T1065] CPU: 1 PID: 1065 Comm: khungtaskd Not tainted 5.3.0+ #0 [ 3352.120995][ T1065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3352.131040][ T1065] Call Trace: [ 3352.134330][ T1065] dump_stack+0x172/0x1f0 [ 3352.138660][ T1065] panic+0x2dc/0x755 [ 3352.142545][ T1065] ? add_taint.cold+0x16/0x16 [ 3352.147213][ T1065] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 3352.152843][ T1065] ? ___preempt_schedule+0x16/0x20 [ 3352.157952][ T1065] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3352.164097][ T1065] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 3352.170242][ T1065] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 3352.176391][ T1065] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3352.182555][ T1065] watchdog+0x9e1/0xef0 [ 3352.186715][ T1065] kthread+0x361/0x430 [ 3352.190781][ T1065] ? reset_hung_task_detector+0x30/0x30 [ 3352.196316][ T1065] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3352.202552][ T1065] ret_from_fork+0x24/0x30 [ 3352.208463][ T1065] Kernel Offset: disabled [ 3352.212788][ T1065] Rebooting in 86400 seconds..