&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r3, @ANYBLOB="0000fffff1ffffff00000000"], 0x24}}, 0x0) 20:57:47 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) syz_emit_ethernet(0x66, &(0x7f00000000c0)={@random="cd390b081bf2", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x28, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, "d5cae2", 0x0, 0x0, 0x0, @dev, @ipv4={[], [], @dev}}}}}}}}, 0x0) 20:57:47 executing program 3: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r3, @ANYBLOB="0000fffff1ffffff00000000"], 0x24}}, 0x0) 20:57:47 executing program 3: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r3, @ANYBLOB="0000fffff1ffffff00000000"], 0x24}}, 0x0) 20:57:47 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd45fe31789e70233bfd8115efd90c8c48258f8dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602db8a4c118a353e0d70d404da006a3d6eef8fb7fcdd0000000000000000000000000000000525d5d3a27cdfe71aa2f0e59c2661b0bb52a6f4728540838bf467b4d045803d035a19b1413de26919fb26db33a40dbb9e82fd6ee0ecb64e6fbf7210a4940a6a443947cc443947329ac8116b32e6a46caa0f5432b5c9edb695e3"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x0, 0x1b, 0x0, &(0x7f0000000540)="5650b441e692763113ef8745ffa395f438bdef6e6245124e25d308", 0x0, 0x400}, 0x28) 20:57:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) 20:57:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x0) readv(r0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/195, 0x200000d7}], 0x1) [ 2161.806717][ T9355] device bridge_slave_1 left promiscuous mode [ 2161.813809][ T9355] bridge0: port 2(bridge_slave_1) entered disabled state [ 2161.845066][ T9355] device bridge_slave_0 left promiscuous mode [ 2161.852109][ T9355] bridge0: port 1(bridge_slave_0) entered disabled state [ 2162.841685][T12444] IPVS: ftp: loaded support on port[0] = 21 [ 2162.883639][ T9355] device hsr_slave_0 left promiscuous mode [ 2162.922918][ T9355] device hsr_slave_1 left promiscuous mode [ 2163.003278][ T9355] team0 (unregistering): Port device team_slave_1 removed [ 2163.017302][ T9355] team0 (unregistering): Port device team_slave_0 removed [ 2163.030890][ T9355] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2163.068838][ T9355] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2163.146949][ T9355] bond0 (unregistering): Released all slaves [ 2163.345120][T12444] chnl_net:caif_netlink_parms(): no params data found [ 2163.394285][T12444] bridge0: port 1(bridge_slave_0) entered blocking state [ 2163.401572][T12444] bridge0: port 1(bridge_slave_0) entered disabled state [ 2163.410700][T12444] device bridge_slave_0 entered promiscuous mode [ 2163.419976][T12444] bridge0: port 2(bridge_slave_1) entered blocking state [ 2163.427513][T12444] bridge0: port 2(bridge_slave_1) entered disabled state [ 2163.436935][T12444] device bridge_slave_1 entered promiscuous mode [ 2163.465882][T12444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2163.479029][T12444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2163.561902][T12444] team0: Port device team_slave_0 added [ 2163.573691][T12444] team0: Port device team_slave_1 added [ 2163.648300][T12444] device hsr_slave_0 entered promiscuous mode [ 2163.703792][T12444] device hsr_slave_1 entered promiscuous mode [ 2163.752567][T12444] debugfs: Directory 'hsr0' with parent '/' already present! [ 2163.786365][T12444] bridge0: port 2(bridge_slave_1) entered blocking state [ 2163.793853][T12444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2163.801408][T12444] bridge0: port 1(bridge_slave_0) entered blocking state [ 2163.808798][T12444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2163.905361][T12444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2163.925658][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2163.935862][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2163.945317][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2163.962584][T12444] 8021q: adding VLAN 0 to HW filter on device team0 [ 2163.977252][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2163.986935][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 2163.995078][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2164.016398][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2164.026315][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2164.033673][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2164.069426][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2164.081652][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2164.091747][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2164.108462][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2164.125440][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2164.140061][T12444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2164.168579][T12444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2164.288014][T12449] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2164.298366][T12449] CPU: 0 PID: 12449 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2164.306478][T12449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2164.316561][T12449] Call Trace: [ 2164.319921][T12449] dump_stack+0x191/0x1f0 [ 2164.324289][T12449] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2164.330225][T12449] dump_header+0x1e7/0xd00 [ 2164.334694][T12449] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2164.340877][T12449] ? ___ratelimit+0x542/0x720 [ 2164.345571][T12449] ? task_will_free_mem+0x14c/0x810 [ 2164.350805][T12449] oom_kill_process+0x210/0x560 [ 2164.355680][T12449] out_of_memory+0x1796/0x1c70 [ 2164.360638][T12449] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2164.366300][T12449] memory_max_write+0x90b/0xb60 [ 2164.371217][T12449] ? memory_max_show+0x1b0/0x1b0 [ 2164.376184][T12449] cgroup_file_write+0x41a/0x8e0 [ 2164.381152][T12449] ? cgroup_seqfile_stop+0x150/0x150 [ 2164.386630][T12449] kernfs_fop_write+0x55f/0x840 [ 2164.391564][T12449] ? kernfs_fop_read+0x9a0/0x9a0 [ 2164.396555][T12449] __vfs_write+0x1a9/0xcb0 [ 2164.401011][T12449] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2164.407102][T12449] ? __sb_start_write+0x10b/0x230 [ 2164.412149][T12449] vfs_write+0x481/0x920 [ 2164.416416][T12449] ksys_write+0x265/0x430 [ 2164.420767][T12449] __se_sys_write+0x92/0xb0 [ 2164.425287][T12449] __x64_sys_write+0x4a/0x70 [ 2164.429902][T12449] do_syscall_64+0xb6/0x160 [ 2164.434427][T12449] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2164.440349][T12449] RIP: 0033:0x459a59 [ 2164.444282][T12449] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2164.463903][T12449] RSP: 002b:00007f7d8e2fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2164.472349][T12449] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2164.480362][T12449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2164.488368][T12449] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2164.496386][T12449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7d8e2fd6d4 [ 2164.504990][T12449] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2164.513202][T12449] memory: usage 4992kB, limit 0kB, failcnt 2614 [ 2164.519506][T12449] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2164.526513][T12449] Memory cgroup stats for /syz5: [ 2164.526848][T12449] anon 176128 [ 2164.526848][T12449] file 2371584 [ 2164.526848][T12449] kernel_stack 196608 [ 2164.526848][T12449] slab 1986560 [ 2164.526848][T12449] sock 0 [ 2164.526848][T12449] shmem 2371584 [ 2164.526848][T12449] file_mapped 0 [ 2164.526848][T12449] file_dirty 0 [ 2164.526848][T12449] file_writeback 0 [ 2164.526848][T12449] anon_thp 0 [ 2164.526848][T12449] inactive_anon 2297856 [ 2164.526848][T12449] active_anon 98304 [ 2164.526848][T12449] inactive_file 0 [ 2164.526848][T12449] active_file 0 [ 2164.526848][T12449] unevictable 0 [ 2164.526848][T12449] slab_reclaimable 413696 [ 2164.526848][T12449] slab_unreclaimable 1572864 [ 2164.526848][T12449] pgfault 117447 [ 2164.526848][T12449] pgmajfault 0 [ 2164.526848][T12449] workingset_refault 0 [ 2164.526848][T12449] workingset_activate 0 [ 2164.526848][T12449] workingset_nodereclaim 0 [ 2164.526848][T12449] pgrefill 0 [ 2164.526848][T12449] pgscan 0 [ 2164.526848][T12449] pgsteal 0 [ 2164.526848][T12449] pgactivate 0 [ 2164.622385][T12449] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12447,uid=0 [ 2164.638278][T12449] Memory cgroup out of memory: Killed process 12447 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2164.658763][ T1833] oom_reaper: reaped process 12447 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2164.700350][T12444] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2164.710717][T12444] CPU: 0 PID: 12444 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2164.718777][T12444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2164.728854][T12444] Call Trace: [ 2164.732184][T12444] dump_stack+0x191/0x1f0 [ 2164.736713][T12444] dump_header+0x1e7/0xd00 [ 2164.741158][T12444] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2164.747349][T12444] ? ___ratelimit+0x542/0x720 [ 2164.752089][T12444] ? task_will_free_mem+0x2c9/0x810 [ 2164.757898][T12444] oom_kill_process+0x210/0x560 [ 2164.762791][T12444] out_of_memory+0x1796/0x1c70 [ 2164.767587][T12444] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2164.773311][T12444] try_charge+0x2889/0x3d70 [ 2164.778025][T12444] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2164.784285][T12444] mem_cgroup_try_charge+0xa29/0xe40 [ 2164.789624][T12444] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2164.795396][T12444] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2164.801316][T12444] handle_mm_fault+0x522b/0x9f70 [ 2164.806305][T12444] do_user_addr_fault+0x905/0x1510 [ 2164.811459][T12444] __do_page_fault+0x1a2/0x410 [ 2164.816248][T12444] do_page_fault+0xbb/0x500 [ 2164.820776][T12444] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2164.826171][T12444] page_fault+0x4e/0x60 [ 2164.830458][T12444] RIP: 0033:0x403522 [ 2164.834389][T12444] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2164.854011][T12444] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2164.860693][T12444] RAX: 0000000000000000 RBX: 000000000021067f RCX: 0000000000413660 [ 2164.868707][T12444] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2164.876690][T12444] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000023ab940 [ 2164.884794][T12444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2164.892778][T12444] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2164.902219][T12444] memory: usage 4572kB, limit 0kB, failcnt 2629 [ 2164.908713][T12444] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2164.915787][T12444] Memory cgroup stats for /syz5: [ 2164.916102][T12444] anon 176128 [ 2164.916102][T12444] file 2371584 [ 2164.916102][T12444] kernel_stack 0 [ 2164.916102][T12444] slab 1986560 [ 2164.916102][T12444] sock 0 [ 2164.916102][T12444] shmem 2371584 [ 2164.916102][T12444] file_mapped 0 [ 2164.916102][T12444] file_dirty 0 [ 2164.916102][T12444] file_writeback 0 [ 2164.916102][T12444] anon_thp 0 [ 2164.916102][T12444] inactive_anon 2433024 [ 2164.916102][T12444] active_anon 98304 [ 2164.916102][T12444] inactive_file 0 [ 2164.916102][T12444] active_file 0 [ 2164.916102][T12444] unevictable 0 [ 2164.916102][T12444] slab_reclaimable 413696 [ 2164.916102][T12444] slab_unreclaimable 1572864 [ 2164.916102][T12444] pgfault 117447 [ 2164.916102][T12444] pgmajfault 0 [ 2164.916102][T12444] workingset_refault 0 [ 2164.916102][T12444] workingset_activate 0 [ 2164.916102][T12444] workingset_nodereclaim 0 [ 2164.916102][T12444] pgrefill 0 [ 2164.916102][T12444] pgscan 0 [ 2164.916102][T12444] pgsteal 0 [ 2164.916102][T12444] pgactivate 0 [ 2165.010974][T12444] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12444,uid=0 [ 2165.026657][T12444] Memory cgroup out of memory: Killed process 12444 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2165.045667][ T1833] oom_reaper: reaped process 12444 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2166.294923][ T9353] device bridge_slave_1 left promiscuous mode [ 2166.301405][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2166.355247][ T9353] device bridge_slave_0 left promiscuous mode [ 2166.361834][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2167.173741][ T9353] device hsr_slave_0 left promiscuous mode [ 2167.233100][ T9353] device hsr_slave_1 left promiscuous mode [ 2167.295028][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2167.309481][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2167.324236][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2167.380371][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2167.473780][ T9353] bond0 (unregistering): Released all slaves 20:57:53 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) 20:57:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) 20:57:53 executing program 1: arch_prctl$ARCH_SET_GS(0x1001, 0x5) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x50, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f00000002c0)={{0x2, 0x0, @multicast1}, {0x305, @link_local}, 0x0, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}, 'rose0\x00'}) 20:57:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:57:53 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x7}, 0x14) 20:57:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) [ 2169.751902][T12468] IPVS: ftp: loaded support on port[0] = 21 [ 2169.849362][T12468] chnl_net:caif_netlink_parms(): no params data found [ 2169.893861][T12468] bridge0: port 1(bridge_slave_0) entered blocking state [ 2169.901000][T12468] bridge0: port 1(bridge_slave_0) entered disabled state [ 2169.910206][T12468] device bridge_slave_0 entered promiscuous mode [ 2169.919093][T12468] bridge0: port 2(bridge_slave_1) entered blocking state [ 2169.926384][T12468] bridge0: port 2(bridge_slave_1) entered disabled state [ 2169.935494][T12468] device bridge_slave_1 entered promiscuous mode [ 2169.962595][T12468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2169.976122][T12468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2170.004226][T12468] team0: Port device team_slave_0 added [ 2170.013538][T12468] team0: Port device team_slave_1 added [ 2170.096228][T12468] device hsr_slave_0 entered promiscuous mode [ 2170.143476][T12468] device hsr_slave_1 entered promiscuous mode [ 2170.182447][T12468] debugfs: Directory 'hsr0' with parent '/' already present! [ 2170.206507][T12468] bridge0: port 2(bridge_slave_1) entered blocking state [ 2170.213760][T12468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2170.221495][T12468] bridge0: port 1(bridge_slave_0) entered blocking state [ 2170.228833][T12468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2170.295656][T12468] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2170.315767][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2170.325445][T12782] bridge0: port 1(bridge_slave_0) entered disabled state [ 2170.335258][T12782] bridge0: port 2(bridge_slave_1) entered disabled state [ 2170.346470][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2170.365307][T12468] 8021q: adding VLAN 0 to HW filter on device team0 20:57:56 executing program 0: openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x400440, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000240), 0x5c3, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r6, r5, 0x0) pipe2(0x0, 0x0) 20:57:56 executing program 1: socket$alg(0x26, 0x5, 0x0) mmap(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0xda00) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xffffffffffffffff}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x808, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockname(0xffffffffffffffff, &(0x7f00000002c0)=@tipc=@id, &(0x7f00000001c0)=0x80) socket$inet6_udplite(0xa, 0x2, 0x88) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x848000, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000040)={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}, 0x800, 0x0, 0x40000003, 0x9}, 0x134) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) 20:57:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) [ 2170.387056][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2170.396450][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 2170.403810][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2170.485610][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2170.495327][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2170.502677][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 20:57:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) [ 2170.542823][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2170.557151][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2170.594336][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2170.604599][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2170.653259][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2170.674694][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 20:57:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) [ 2170.726511][T12468] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2170.942942][T12490] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2170.953918][T12490] CPU: 0 PID: 12490 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2170.961882][T12490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2170.972001][T12490] Call Trace: [ 2170.975383][T12490] dump_stack+0x191/0x1f0 [ 2170.979798][T12490] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2170.985771][T12490] dump_header+0x1e7/0xd00 20:57:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)}, 0x0) [ 2170.990278][T12490] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2170.996528][T12490] ? ___ratelimit+0x542/0x720 [ 2171.001285][T12490] ? task_will_free_mem+0x14c/0x810 [ 2171.006748][T12490] oom_kill_process+0x210/0x560 [ 2171.011690][T12490] out_of_memory+0x1796/0x1c70 [ 2171.016536][T12490] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2171.022255][T12490] memory_max_write+0x90b/0xb60 [ 2171.027177][T12490] ? memory_max_show+0x1b0/0x1b0 [ 2171.032182][T12490] cgroup_file_write+0x41a/0x8e0 [ 2171.037176][T12490] ? cgroup_seqfile_stop+0x150/0x150 [ 2171.042505][T12490] kernfs_fop_write+0x55f/0x840 [ 2171.047407][T12490] ? kernfs_fop_read+0x9a0/0x9a0 [ 2171.052553][T12490] __vfs_write+0x1a9/0xcb0 [ 2171.057131][T12490] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2171.063356][T12490] ? __sb_start_write+0x10b/0x230 [ 2171.068411][T12490] vfs_write+0x481/0x920 [ 2171.072701][T12490] ksys_write+0x265/0x430 [ 2171.077327][T12490] __se_sys_write+0x92/0xb0 [ 2171.082026][T12490] __x64_sys_write+0x4a/0x70 [ 2171.086718][T12490] do_syscall_64+0xb6/0x160 [ 2171.091439][T12490] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2171.097379][T12490] RIP: 0033:0x459a59 [ 2171.101342][T12490] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2171.121068][T12490] RSP: 002b:00007fb44f1ffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2171.129691][T12490] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2171.137683][T12490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2171.145679][T12490] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2171.153675][T12490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb44f2006d4 [ 2171.161671][T12490] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2171.169888][T12490] memory: usage 3736kB, limit 0kB, failcnt 2638 [ 2171.176314][T12490] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2171.183320][T12490] Memory cgroup stats for /syz5: [ 2171.183660][T12490] anon 176128 [ 2171.183660][T12490] file 1183744 [ 2171.183660][T12490] kernel_stack 196608 [ 2171.183660][T12490] slab 1986560 [ 2171.183660][T12490] sock 0 [ 2171.183660][T12490] shmem 1183744 [ 2171.183660][T12490] file_mapped 0 [ 2171.183660][T12490] file_dirty 0 [ 2171.183660][T12490] file_writeback 0 [ 2171.183660][T12490] anon_thp 0 [ 2171.183660][T12490] inactive_anon 1216512 [ 2171.183660][T12490] active_anon 233472 [ 2171.183660][T12490] inactive_file 0 [ 2171.183660][T12490] active_file 0 [ 2171.183660][T12490] unevictable 0 [ 2171.183660][T12490] slab_reclaimable 413696 [ 2171.183660][T12490] slab_unreclaimable 1572864 [ 2171.183660][T12490] pgfault 117810 [ 2171.183660][T12490] pgmajfault 0 [ 2171.183660][T12490] workingset_refault 0 [ 2171.183660][T12490] workingset_activate 0 [ 2171.183660][T12490] workingset_nodereclaim 0 [ 2171.183660][T12490] pgrefill 0 [ 2171.183660][T12490] pgscan 0 [ 2171.183660][T12490] pgsteal 0 [ 2171.183660][T12490] pgactivate 0 [ 2171.279268][T12490] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12488,uid=0 [ 2171.298894][T12490] Memory cgroup out of memory: Killed process 12488 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2171.321797][ T1833] oom_reaper: reaped process 12488 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2171.375793][T12468] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2171.386857][T12468] CPU: 1 PID: 12468 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2171.395000][T12468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2171.405139][T12468] Call Trace: [ 2171.408523][T12468] dump_stack+0x191/0x1f0 [ 2171.412963][T12468] dump_header+0x1e7/0xd00 [ 2171.417827][T12468] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2171.424066][T12468] ? ___ratelimit+0x542/0x720 [ 2171.428819][T12468] ? task_will_free_mem+0x2c9/0x810 [ 2171.434121][T12468] oom_kill_process+0x210/0x560 [ 2171.439049][T12468] out_of_memory+0x1796/0x1c70 [ 2171.443883][T12468] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2171.449597][T12468] try_charge+0x2889/0x3d70 [ 2171.454345][T12468] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2171.460717][T12468] mem_cgroup_try_charge+0xa29/0xe40 [ 2171.466120][T12468] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2171.471955][T12468] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2171.478015][T12468] handle_mm_fault+0x522b/0x9f70 [ 2171.483083][T12468] do_user_addr_fault+0x905/0x1510 [ 2171.488304][T12468] __do_page_fault+0x1a2/0x410 [ 2171.493146][T12468] do_page_fault+0xbb/0x500 [ 2171.497718][T12468] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2171.503155][T12468] page_fault+0x4e/0x60 [ 2171.507345][T12468] RIP: 0033:0x403522 [ 2171.511270][T12468] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2171.531073][T12468] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2171.537163][T12468] RAX: 0000000000000000 RBX: 000000000021207c RCX: 0000000000413660 [ 2171.545163][T12468] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2171.553153][T12468] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000017fd940 [ 2171.561143][T12468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2171.569155][T12468] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2171.577340][T12468] memory: usage 3320kB, limit 0kB, failcnt 2651 [ 2171.583705][T12468] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2171.590584][T12468] Memory cgroup stats for /syz5: [ 2171.590918][T12468] anon 40960 [ 2171.590918][T12468] file 1183744 [ 2171.590918][T12468] kernel_stack 0 [ 2171.590918][T12468] slab 1986560 [ 2171.590918][T12468] sock 0 [ 2171.590918][T12468] shmem 1183744 [ 2171.590918][T12468] file_mapped 0 [ 2171.590918][T12468] file_dirty 0 [ 2171.590918][T12468] file_writeback 0 [ 2171.590918][T12468] anon_thp 0 [ 2171.590918][T12468] inactive_anon 1216512 [ 2171.590918][T12468] active_anon 98304 [ 2171.590918][T12468] inactive_file 0 [ 2171.590918][T12468] active_file 0 [ 2171.590918][T12468] unevictable 0 [ 2171.590918][T12468] slab_reclaimable 413696 [ 2171.590918][T12468] slab_unreclaimable 1572864 [ 2171.590918][T12468] pgfault 117810 [ 2171.590918][T12468] pgmajfault 0 [ 2171.590918][T12468] workingset_refault 0 [ 2171.590918][T12468] workingset_activate 0 [ 2171.590918][T12468] workingset_nodereclaim 0 [ 2171.590918][T12468] pgrefill 0 [ 2171.590918][T12468] pgscan 0 [ 2171.590918][T12468] pgsteal 0 [ 2171.590918][T12468] pgactivate 0 [ 2171.688270][T12468] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12468,uid=0 [ 2171.704279][T12468] Memory cgroup out of memory: Killed process 12468 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2171.725596][ T1833] oom_reaper: reaped process 12468 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2172.865036][ T893] device bridge_slave_1 left promiscuous mode [ 2172.871707][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2172.914257][ T893] device bridge_slave_0 left promiscuous mode [ 2172.921421][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2173.723286][ T893] device hsr_slave_0 left promiscuous mode [ 2173.762591][ T893] device hsr_slave_1 left promiscuous mode [ 2173.837969][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2173.851484][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2173.865846][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2173.929339][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2173.998478][ T893] bond0 (unregistering): Released all slaves 20:58:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r1, 0xff, 0x1, 0x0, 0x0) 20:58:01 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) pipe2(0x0, 0x85400) syz_emit_ethernet(0x66, &(0x7f00000000c0)={@random="cd390b081bf2", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, "d5cae2", 0x0, 0x0, 0x0, @dev, @ipv4={[], [], @dev}}}}}}}}, 0x0) 20:58:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)}, 0x0) 20:58:01 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000100)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='sit0\x00\x01\x00\x00\x00\x00\x00@\x00', 0xc2) sendmmsg$inet(r0, &(0x7f0000002e40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="8d", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000004140)="32274eb2e897d3e14692870a8e0deb2fcbe57288266399c3d63f2d7922c583496d72952fdf6785f23eb11ef7c3355783e8e51eb0c1f3143109894f511125d7e39fe29f41772aea5152d0cd07da519569adf05342dc4c613d1593f28fded959ef462981ed67015c9a8df0185e5d565f1f3a01ab1aebef409d1415404681e8c7258c6a66d98479753d5346a12158acfe6c0f3cd596cc5e95ea7944f17dfb7bb08a9181a10f33602260ff92234bd177180b651910eb0485956bec7c8d20cbd30a5126ed3c43ccd61990dbac0b965ead0a8f7ceb76666f2f63881d94fdf019d26e0520b0d12a4c89fe63e2ca6b4cf1723011b58bebaaa11ef17b807f04f3f48a21e14ebab083b4c1db18f067b1ba2c0d8c2a91681316de5154ed3b9f7010e027fbd4b781c206bf57f04e58d0b599a4dc40036a48734788bd67662fe78e3ef4bba4f46cb2d721dccb33b01130c46a4413a0229a9e9d1f56caea74494692297a1908fb98f8cce6a75673cccf23496d3519f9c25273e05430e1a0f29d8be1b28b9ec81982a9552d8fded342a76eb88aea347dad58bb350dc367e46e1cf6f7dbde32ad010131c5558cd45601d1cec1aafdef0e3ab74c287370ae47adb35480dc2e58e5c99362d98ad71c71a5ed80a818c47389b2ef2f114e598e0785942748a3dad32ebf1c370cf9c9dc12a66d8bf452bf7d737c526ee1e2bfe50994fbdf76d8627af900a62c0e4a512aaae40181ebb45207fad1d3b68b07cee1073d62029248fa224c498a90fe4edba8b204628ebb104940eb31a4f39ca79787f411228bf9865f85e9c1750521799e429c89fc8268f279b58580803058937a3ffcc4147aba9b519418d34ae95085b72aac3007d05021376649d3e00b81f24a411a4a0bfd9d6b33b9636734e7a3c0bbb5d3dfa4bb82a4e7e322b1fea0591621a30fdccbf7c0cab0c1171c8ff7fcad38aeb8373feafdd12d749b5bf25474a2a1ed116c94c45da08457de556438398f74cd49d49ecbb2de338e7820ca3e7dc47a18ba85ba2dc72a018c99161c550895c8cecc5bcb3549a150d9403efbf2ced9585fc78bea5f09efce6f0705fdf47e1542e24608261f2b474f7b855f1ab61813d0e69596608fa1b7885c5820bf10f957dee771e2e96e98f0f505b2c83400f76e7e3f31d0995f7fd5e3b8450ce1761de93095ebd7dc8dd7ebf890969f4c60b0c2978fbd1d0900755d7d9a96d43b31b30d545558ed2bc534e7a9debfaa3b5eff2ed70b17e7d077e13048323a0054a311404a3b8f721bc197414873bdcdb0a82e2b7e221c02c632fa775f8cd78e63d6c135e25554200d8f6204de50e4b2ba2d1753772222027dd11378eb356f3454be3b1cf915bae190de3192ba7e1930c8448d6a7015bfe6607f7e3e7dfba7fac91f6c0da34d5a61f473b8b15e7f3af1d15263cbfcac3de951c21127d3fdda4270c1475aadaf609959ab0a06deddaabf522567eec38a90fa5da7fb59a0354418c2f441f030428c821709a8662a120f4850d05e53e6e56c050a321172c424c4ce0041fac04b90e69f5c8db23e525735987ac358ddcf3a29e6b752653a65f2913ccc5bab02ed4274bf9ef4b5c764786c6a8ac73982ee5b92baf0be0d2f09f528493a3aacdbd78a107a768b872b713364dff3f14ba8c83f4cb2fe1547f7c6313532d3d121cc6d1aac19852f25732ce50d58bebc693b75de1a689bc82bb499f7232f9b0bb3ce7d235329d3cef24bde3408503fd5b1865e135fc6de2d49644c1de54e176b05482043f463a1e32466219faca69b22358db0b3292559b43d6873769bc9e9ceff9c79b5e37cd34f943f9c6f59cc97e463e948bf1bf55db74c8e5dbc320ef88cb5dcbc0c5f2ec510852ee818550e5740b9bb08eac746b0df33a9f2c3292c9d58652621b241373b53d3614c0562c0c0cf1a531f131bd0ff667d80ad5a5c338cf8d89abf15435005e39ab5b5eb52abf3e46e7ce982d9d44e40ab3e24bd992b7a841e1769603e7c2988af0335bbbe5c4931a82b1b085ba9daf5606be3b63f455511da7c3db3162940d60040875dd081938494b95c2b38b619fb8ca30ec3b9498a72c9be90cdcc462ed0afd49258a25f8d9b3a8ada940b23a0b4ff3a7e19345df35115fbc1ed867a87766e91d809eb95f64597846b3c46ba969b5a83f2f92e107d5c5818e305d437b5bbb91cb9582956f7002176be9cb7614de7c87f740ba4ad8bd3015dfe02a0abd38f4a060c77edfa5385f626f17bf3bfae444e022a90121e2ec34d5c09624cbcb9689092292cb4fb7e012362d25f9c93fa4c7ba75f2647d2810729c70280ac757c096c5c5d5819ae59f3e79c254f0fa0f7003d3aeaf904149f35d49fbe7505f0def6a6d6503305e9fcd9d705fdd56648ae3afb7427fa8abf9d44f2f4bb01a7b7378c33b3c2194eba08aeeea9b66799cd7ba610663318999cdd3e8681fbd0ebd6abcfc3f11b7a2e4310c3f4b8192388bc043c00b9cabba1dc993a761115ea0f81af28df706ee2f9284e3ef9dd3a0da0848fcf6d34c30d3bbe661812059f1855cce9bc0f87680052eccce798cef7fd6d6fffe16f5214dc87c462aacf9f9a12c58b303f32a7b37d5be3833c595f705dc87fd81cf49623f2c5046658ce1669e6df94a2d2aa70a2d736ae416451fe0f3388a570f7d10408c4f69dc97d9d9d17b6db6fe38e8b1716b9f3deb7e5f072871e750a2cc898ca198f66113a0ecfa3a8847ed5b07c2f255340085b5559f1dd8986bcb6d012a09899795fa34162fff9b73e0da19b819c477989ba4a8eb8971207d7d1a61db40de10d1e4cdbb2e149aebff9b79eb0165bc65186c48d814cbb6f04d4a43916570de8aeb5a6a8c72edb5e18589fb145b43f35758918eb0e4165911a7093e9771094c327ae274e3929ba37915136e05b9010f491938fce42fad16e30d7ce6fc8765f1d4b2249dc5f96a5299cc3439b40aeb602abb63b155f9c35a934a535663f2f7ab0c1e7db4f3499381a4df6d850f547adcc9f0e87bc4afddc3a53b0a07530fd569d69d0e7b40a9a7c3403e36a3e6129138a5c311bed9eebf45c39cf182956ab0d0022ba677fb1b942ef7528ca489976cea541068ab9973134c11e9c432d19ff7f59b5665e361fa2b5fa40d542751e60a4c9c54e74dea565c4d25854d208ee1628fc6ec05c3b52b8809a92b34d4db08a106b3927cda5ce9a7d6efece99ae9fed5046c0569b64c256eb79e509c58330bc2d5d1bb49ea3819e33d8347fa14eec4129662fff49b63001352092c227cb76aac356dc766830fc28d3719e2a1fb2866bf6440d2b306c0dc97ccd3e1cae7a3e8b677a98796559a0544ebe4d258048d8406881bd4d92d54fd6ae4a944327e58f1fa0e992ba102a8d2e777328ed7b681f627c70d9dbcdeed45d037b52a97d8a314084bf9dbcbdb39ba36873317153691fd17c2867e4f67e986e8b8f6eff5a48698953c17e7e9eeabc0b18b24d3ea7a2658d0cf297070bf01165489ea8fe31e500c46f2230ec14a09b70a0c52dc87bb36cef65ad8ebbec3e5c4203dc8834c3b5967a2e3fb6629f1420432b07b908bd7916485429fba03808b39e3d26f27da34a2bce13a386c8b2f0bdb3337400a1bf9695d155c7d77b57e0058197eb1741203cd08989a2f0e94ad86ec7133df86469457f848cd17528511b1146d6926a55c9d0c8e23248cad2b9b2b9c83980a2e355c5d14b74152f3f222d887bb26717edd7c6fd1776dd0bd539a116b567c8bb282c9ef523e2c897ba094953486508c55eced6f82f570e0468a910e9a6cb345321184500915ed0e1e6981c4a40cd0437740d9318d6d428dea3fa561ace17bf34a4669a78e43914a959ced383f42566a9258e9dea1259ac001ec356eeee9f9c4f487462e25661d9f218a01f3a17a4a4a99806dcdd8079c2dfaaa98a2a509f3caba05e1a61a47b51fa1ee151cd6233a02f835057f0e4ed96308559d03ae8605cc235aabd49aa28c80ae5ffd19273ae734a4216def6399b1a154c5afd45c953f03fe9490f53f986f8634d259d91ee62a6f045b119cf90efc6f842cd20b58eb4d561040369be1929f29e65377b08a4421e8968668682fea98fcacee2a4ccbc53e6e6b83bc307267da5dd548b69a24cd6fa8be2f3a349b979be3fffea067127b90432e4115542ef73653a35d5b7d965740a50019b57d1680bf6494740397098ff1a2ab7bde5d48157917571784a2dc919ac025c89f5b919cdcbceb9835b01fa684d53248eae0066833387ce0d97b3f16af145ccd3a6a26716fe95afcc3cc2a28bd615fd0226ad59a8e0a6d62842f8b5e00e3c06e9c7a3b465f9cf98089d5ce61580ded726b5e4fdd6849d3b766b358286085af31baa81b8cc59b41e859a413339db3cc5f583ce5ce72ad5028ab64048a5dc24039fe08982383d5a036146e1bcf51baeaebfc86124baeb66314b81bff2b5a652054e2e38d1bdafbb5055f42f3c1942c049fefc58d7c6800b22aee82564a86b2807f50b4d90c96d8f282cfa31b689ce5ef4287327d68befe7911afc4c48ba2459fcb4da3774373e38f3e88e8012e516eea5c66ca3457d3b366c75c8b423001607017ebafc4a5f6267ae128eff9492d4d42ffa7f199ce16486d702d7a467022dac22fb87dd5874889c31def63d7f25bd135e12d4370037f7e52dcc167c8fa7c24b22901afc81828783a12c4310107414b2a2a161acddc80e539e6c8c92824cbfa66d7410c83ea9d7a360916459d51ed651ce55fd01e292bf71553dc0b2e6d7e37443a1d204471ec6d47f8db407df85517d831e018404d3325b3c552fa9145d259eff06afac4fbaea71c00185691f4e77dcfcc298d96099c795bb21e868deb06485d727f535f3f2dccc651ff4b17954e85572174904d4892cbbb5c6bee8935c7a140f0df703179c8332b5b1d08b001d1c285d6573f46067d6a36f6ff033c3316f7f542c496b4cd54809191041840809e7cf42c585e07af03cb6f318b5dbd58e1db6c8d24339925a216470dd74ff5e6b3511be773d7751beaebe71e8b85cb18a75bfaeb6e43c43f7813f25673daf7caad17a0807659c5413f8f8fbeb590c29bd76703c985a7a79a997c7d6fa6e87fad0a0e4341b75764c7130a6b1f74555c4c764a32474f86517e1276f3d9100623dbcece0766a4f2cad28c59cfdc1866ae7edc158674ac1b5eafea3cb63dab216be953bfcc4b5eaac83d45826e72b3707f028a96bf7a74350a6ba4ee61a56631ba2baec297b5af5511d1dc8de571b5f3d575679ebf452a0cb3d11e3301dfba77adeae0a29d3d76f1cbd0303b57d3670c240a67021778c9e44b1102226f9649f2d4d06f1b97e51842031cde16ab80136a6", 0xec1}, {&(0x7f0000001500)='G', 0x1}], 0x2}}], 0x2, 0x4001080) 20:58:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:01 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) shutdown(r0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) [ 2176.926609][T12619] IPVS: ftp: loaded support on port[0] = 21 [ 2177.081533][T12619] chnl_net:caif_netlink_parms(): no params data found [ 2177.142251][T12619] bridge0: port 1(bridge_slave_0) entered blocking state [ 2177.149607][T12619] bridge0: port 1(bridge_slave_0) entered disabled state [ 2177.159298][T12619] device bridge_slave_0 entered promiscuous mode [ 2177.169473][T12619] bridge0: port 2(bridge_slave_1) entered blocking state [ 2177.177278][T12619] bridge0: port 2(bridge_slave_1) entered disabled state [ 2177.187241][T12619] device bridge_slave_1 entered promiscuous mode [ 2177.224593][T12619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2177.238940][T12619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2177.276787][T12619] team0: Port device team_slave_0 added [ 2177.287367][T12619] team0: Port device team_slave_1 added [ 2177.356166][T12619] device hsr_slave_0 entered promiscuous mode [ 2177.393318][T12619] device hsr_slave_1 entered promiscuous mode [ 2177.432479][T12619] debugfs: Directory 'hsr0' with parent '/' already present! [ 2177.463917][T12619] bridge0: port 2(bridge_slave_1) entered blocking state [ 2177.471158][T12619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2177.478958][T12619] bridge0: port 1(bridge_slave_0) entered blocking state [ 2177.486245][T12619] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2177.581363][T12619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2177.605813][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2177.616928][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2177.627954][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2177.639759][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2177.664904][T12619] 8021q: adding VLAN 0 to HW filter on device team0 [ 2177.686457][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2177.695910][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2177.703227][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2177.751980][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2177.761417][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2177.768720][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2177.779434][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2177.790652][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2177.810173][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2177.828008][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2177.845418][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2177.859069][T12619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2177.891666][T12619] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2178.028094][T12624] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2178.038774][T12624] CPU: 0 PID: 12624 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2178.046703][T12624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2178.056821][T12624] Call Trace: [ 2178.060184][T12624] dump_stack+0x191/0x1f0 [ 2178.064548][T12624] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2178.070472][T12624] dump_header+0x1e7/0xd00 [ 2178.075039][T12624] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2178.081244][T12624] ? ___ratelimit+0x542/0x720 [ 2178.085950][T12624] ? task_will_free_mem+0x14c/0x810 [ 2178.091179][T12624] oom_kill_process+0x210/0x560 [ 2178.096060][T12624] out_of_memory+0x1796/0x1c70 [ 2178.101005][T12624] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2178.106718][T12624] memory_max_write+0x90b/0xb60 [ 2178.111610][T12624] ? memory_max_show+0x1b0/0x1b0 [ 2178.116616][T12624] cgroup_file_write+0x41a/0x8e0 [ 2178.121768][T12624] ? cgroup_seqfile_stop+0x150/0x150 [ 2178.127092][T12624] kernfs_fop_write+0x55f/0x840 [ 2178.131985][T12624] ? kernfs_fop_read+0x9a0/0x9a0 [ 2178.136944][T12624] __vfs_write+0x1a9/0xcb0 [ 2178.141554][T12624] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2178.147695][T12624] ? __sb_start_write+0x10b/0x230 [ 2178.152773][T12624] vfs_write+0x481/0x920 [ 2178.157071][T12624] ksys_write+0x265/0x430 [ 2178.161512][T12624] __se_sys_write+0x92/0xb0 [ 2178.166093][T12624] __x64_sys_write+0x4a/0x70 [ 2178.170751][T12624] do_syscall_64+0xb6/0x160 [ 2178.175358][T12624] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2178.181310][T12624] RIP: 0033:0x459a59 [ 2178.185374][T12624] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2178.205555][T12624] RSP: 002b:00007ff9882c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2178.214138][T12624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2178.222153][T12624] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2178.230151][T12624] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2178.238244][T12624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff9882c86d4 [ 2178.246226][T12624] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2178.254440][T12624] memory: usage 4788kB, limit 0kB, failcnt 2660 [ 2178.260751][T12624] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2178.267711][T12624] Memory cgroup stats for /syz5: [ 2178.268055][T12624] anon 176128 [ 2178.268055][T12624] file 2281472 [ 2178.268055][T12624] kernel_stack 196608 [ 2178.268055][T12624] slab 1986560 [ 2178.268055][T12624] sock 0 [ 2178.268055][T12624] shmem 2281472 [ 2178.268055][T12624] file_mapped 0 [ 2178.268055][T12624] file_dirty 0 [ 2178.268055][T12624] file_writeback 0 [ 2178.268055][T12624] anon_thp 0 [ 2178.268055][T12624] inactive_anon 2162688 [ 2178.268055][T12624] active_anon 98304 [ 2178.268055][T12624] inactive_file 0 [ 2178.268055][T12624] active_file 0 [ 2178.268055][T12624] unevictable 0 [ 2178.268055][T12624] slab_reclaimable 413696 [ 2178.268055][T12624] slab_unreclaimable 1572864 [ 2178.268055][T12624] pgfault 118371 [ 2178.268055][T12624] pgmajfault 0 [ 2178.268055][T12624] workingset_refault 0 [ 2178.268055][T12624] workingset_activate 0 [ 2178.268055][T12624] workingset_nodereclaim 0 [ 2178.268055][T12624] pgrefill 0 [ 2178.268055][T12624] pgscan 0 [ 2178.268055][T12624] pgsteal 0 [ 2178.268055][T12624] pgactivate 0 [ 2178.363265][T12624] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12622,uid=0 [ 2178.379012][T12624] Memory cgroup out of memory: Killed process 12622 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2178.399762][ T1833] oom_reaper: reaped process 12622 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2178.435026][T12619] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2178.445233][T12619] CPU: 0 PID: 12619 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2178.453255][T12619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2178.463534][T12619] Call Trace: [ 2178.466865][T12619] dump_stack+0x191/0x1f0 [ 2178.471218][T12619] dump_header+0x1e7/0xd00 [ 2178.475687][T12619] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2178.481869][T12619] ? ___ratelimit+0x542/0x720 [ 2178.486574][T12619] ? task_will_free_mem+0x2c9/0x810 [ 2178.491808][T12619] oom_kill_process+0x210/0x560 [ 2178.496694][T12619] out_of_memory+0x1796/0x1c70 [ 2178.501475][T12619] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2178.507145][T12619] try_charge+0x2889/0x3d70 [ 2178.511761][T12619] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2178.517961][T12619] mem_cgroup_try_charge+0xa29/0xe40 [ 2178.524406][T12619] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2178.530147][T12619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2178.536071][T12619] handle_mm_fault+0x522b/0x9f70 [ 2178.541115][T12619] do_user_addr_fault+0x905/0x1510 [ 2178.546372][T12619] __do_page_fault+0x1a2/0x410 [ 2178.551258][T12619] do_page_fault+0xbb/0x500 [ 2178.555922][T12619] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2178.561438][T12619] page_fault+0x4e/0x60 [ 2178.565610][T12619] RIP: 0033:0x403522 [ 2178.569512][T12619] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2178.589129][T12619] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2178.595218][T12619] RAX: 0000000000000000 RBX: 0000000000213c2c RCX: 0000000000413660 [ 2178.603214][T12619] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2178.611226][T12619] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001f30940 [ 2178.619379][T12619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2178.627365][T12619] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2178.637087][T12619] memory: usage 4372kB, limit 0kB, failcnt 2675 [ 2178.643450][T12619] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2178.650310][T12619] Memory cgroup stats for /syz5: [ 2178.650557][T12619] anon 40960 [ 2178.650557][T12619] file 2281472 [ 2178.650557][T12619] kernel_stack 0 [ 2178.650557][T12619] slab 1986560 [ 2178.650557][T12619] sock 0 [ 2178.650557][T12619] shmem 2281472 [ 2178.650557][T12619] file_mapped 0 [ 2178.650557][T12619] file_dirty 0 [ 2178.650557][T12619] file_writeback 0 [ 2178.650557][T12619] anon_thp 0 [ 2178.650557][T12619] inactive_anon 2297856 [ 2178.650557][T12619] active_anon 0 [ 2178.650557][T12619] inactive_file 0 [ 2178.650557][T12619] active_file 0 [ 2178.650557][T12619] unevictable 0 [ 2178.650557][T12619] slab_reclaimable 413696 [ 2178.650557][T12619] slab_unreclaimable 1572864 [ 2178.650557][T12619] pgfault 118404 [ 2178.650557][T12619] pgmajfault 0 [ 2178.650557][T12619] workingset_refault 0 [ 2178.650557][T12619] workingset_activate 0 [ 2178.650557][T12619] workingset_nodereclaim 0 [ 2178.650557][T12619] pgrefill 0 [ 2178.650557][T12619] pgscan 0 [ 2178.650557][T12619] pgsteal 0 [ 2178.650557][T12619] pgactivate 0 [ 2178.746207][T12619] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12619,uid=0 [ 2178.761980][T12619] Memory cgroup out of memory: Killed process 12619 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2178.780767][ T1833] oom_reaper: reaped process 12619 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2179.784456][ T9353] device bridge_slave_1 left promiscuous mode [ 2179.793058][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2179.844032][ T9353] device bridge_slave_0 left promiscuous mode [ 2179.850578][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state 20:58:06 executing program 0: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$vivid(&(0x7f0000000080)='/dev/video#\x00', 0x3, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000440)={0x20, 0x0, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) r3 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x7, 0x10000) ioctl$DRM_IOCTL_RM_CTX(r3, 0xc0086421, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 20:58:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)}, 0x0) 20:58:06 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioprio_set$pid(0x0, r0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) dup(r1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)={[], 0x7fff, 0x1, 0xe6}) clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8", 0xf0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r2, 0x0, 0x0) ioctl$TUNSETVNETLE(r3, 0x400454dc, &(0x7f0000000080)) mknod$loop(0x0, 0x2000, 0x1) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r4 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r4, 0x0, 0x0) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000b00)={{{@in6=@loopback, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@loopback}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r6, 0x0, 0x0, 0x0, 0x2) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 20:58:06 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:06 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 20:58:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet(0x2, 0x3, 0x29) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000001440)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000001c0)='hsr0\x00', 0x11d) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) [ 2181.513646][ T9353] device hsr_slave_0 left promiscuous mode [ 2181.562593][ T9353] device hsr_slave_1 left promiscuous mode [ 2181.615350][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2181.629253][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2181.642816][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2181.689112][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2181.782089][ T9353] bond0 (unregistering): Released all slaves 20:58:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4], 0x2}}, 0x0) [ 2182.415008][T12660] IPVS: ftp: loaded support on port[0] = 21 [ 2182.552484][T12660] chnl_net:caif_netlink_parms(): no params data found [ 2182.596268][T12660] bridge0: port 1(bridge_slave_0) entered blocking state [ 2182.603695][T12660] bridge0: port 1(bridge_slave_0) entered disabled state [ 2182.613021][T12660] device bridge_slave_0 entered promiscuous mode [ 2182.622249][T12660] bridge0: port 2(bridge_slave_1) entered blocking state [ 2182.629735][T12660] bridge0: port 2(bridge_slave_1) entered disabled state [ 2182.639268][T12660] device bridge_slave_1 entered promiscuous mode [ 2182.670310][T12660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2182.684237][T12660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2182.714322][T12660] team0: Port device team_slave_0 added [ 2182.724155][T12660] team0: Port device team_slave_1 added [ 2182.788391][T12660] device hsr_slave_0 entered promiscuous mode [ 2182.843568][T12660] device hsr_slave_1 entered promiscuous mode [ 2182.882500][T12660] debugfs: Directory 'hsr0' with parent '/' already present! [ 2182.973562][T12660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2182.990004][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2182.999461][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2183.013437][T12660] 8021q: adding VLAN 0 to HW filter on device team0 [ 2183.027679][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2183.038189][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2183.047249][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2183.054531][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2183.065170][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2183.079226][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2183.089066][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2183.098180][T12782] bridge0: port 2(bridge_slave_1) entered blocking state [ 2183.105466][T12782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2183.121471][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2183.136823][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2183.151092][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2183.161951][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2183.171802][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2183.188548][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2183.198264][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2183.215343][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2183.226122][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2183.240703][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2183.251291][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2183.266625][T12660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2183.297724][T12660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2183.459778][T12665] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2183.470130][T12665] CPU: 0 PID: 12665 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2183.478234][T12665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2183.488399][T12665] Call Trace: [ 2183.491744][T12665] dump_stack+0x191/0x1f0 [ 2183.496119][T12665] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2183.502146][T12665] dump_header+0x1e7/0xd00 [ 2183.506604][T12665] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2183.512782][T12665] ? ___ratelimit+0x542/0x720 [ 2183.517478][T12665] ? task_will_free_mem+0x14c/0x810 [ 2183.522733][T12665] oom_kill_process+0x210/0x560 [ 2183.527625][T12665] out_of_memory+0x1796/0x1c70 [ 2183.532497][T12665] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2183.538162][T12665] memory_max_write+0x90b/0xb60 [ 2183.543091][T12665] ? memory_max_show+0x1b0/0x1b0 [ 2183.548097][T12665] cgroup_file_write+0x41a/0x8e0 [ 2183.553128][T12665] ? cgroup_seqfile_stop+0x150/0x150 [ 2183.558456][T12665] kernfs_fop_write+0x55f/0x840 [ 2183.563365][T12665] ? kernfs_fop_read+0x9a0/0x9a0 [ 2183.568358][T12665] __vfs_write+0x1a9/0xcb0 [ 2183.572856][T12665] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2183.578943][T12665] ? __sb_start_write+0x10b/0x230 [ 2183.584012][T12665] vfs_write+0x481/0x920 [ 2183.588349][T12665] ksys_write+0x265/0x430 [ 2183.592711][T12665] __se_sys_write+0x92/0xb0 [ 2183.597250][T12665] __x64_sys_write+0x4a/0x70 [ 2183.601874][T12665] do_syscall_64+0xb6/0x160 [ 2183.606429][T12665] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2183.612364][T12665] RIP: 0033:0x459a59 [ 2183.616403][T12665] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2183.636024][T12665] RSP: 002b:00007fde5f342c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2183.644635][T12665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2183.652619][T12665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2183.660603][T12665] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2183.668588][T12665] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde5f3436d4 [ 2183.676568][T12665] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2183.684741][T12665] memory: usage 5764kB, limit 0kB, failcnt 2684 [ 2183.691050][T12665] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2183.698017][T12665] Memory cgroup stats for /syz5: [ 2183.698342][T12665] anon 40960 [ 2183.698342][T12665] file 3162112 [ 2183.698342][T12665] kernel_stack 196608 [ 2183.698342][T12665] slab 1986560 [ 2183.698342][T12665] sock 0 [ 2183.698342][T12665] shmem 3162112 [ 2183.698342][T12665] file_mapped 0 [ 2183.698342][T12665] file_dirty 0 [ 2183.698342][T12665] file_writeback 0 [ 2183.698342][T12665] anon_thp 0 [ 2183.698342][T12665] inactive_anon 3108864 [ 2183.698342][T12665] active_anon 98304 [ 2183.698342][T12665] inactive_file 0 [ 2183.698342][T12665] active_file 0 [ 2183.698342][T12665] unevictable 0 [ 2183.698342][T12665] slab_reclaimable 413696 [ 2183.698342][T12665] slab_unreclaimable 1572864 [ 2183.698342][T12665] pgfault 118965 [ 2183.698342][T12665] pgmajfault 0 [ 2183.698342][T12665] workingset_refault 0 [ 2183.698342][T12665] workingset_activate 0 [ 2183.698342][T12665] workingset_nodereclaim 0 [ 2183.698342][T12665] pgrefill 0 [ 2183.698342][T12665] pgscan 0 [ 2183.698342][T12665] pgsteal 0 [ 2183.698342][T12665] pgactivate 0 [ 2183.793187][T12665] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12663,uid=0 [ 2183.808925][T12665] Memory cgroup out of memory: Killed process 12663 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2183.831990][ T1833] oom_reaper: reaped process 12663 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2183.877249][T12660] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2183.888029][T12660] CPU: 0 PID: 12660 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2183.896427][T12660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2183.906529][T12660] Call Trace: [ 2183.909896][T12660] dump_stack+0x191/0x1f0 [ 2183.914446][T12660] dump_header+0x1e7/0xd00 [ 2183.918920][T12660] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2183.925123][T12660] ? ___ratelimit+0x542/0x720 [ 2183.929814][T12660] ? task_will_free_mem+0x2c9/0x810 [ 2183.935129][T12660] oom_kill_process+0x210/0x560 [ 2183.940001][T12660] out_of_memory+0x1796/0x1c70 [ 2183.944810][T12660] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2183.950467][T12660] try_charge+0x2889/0x3d70 [ 2183.955034][T12660] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2183.961252][T12660] mem_cgroup_try_charge+0xa29/0xe40 [ 2183.966566][T12660] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2183.972332][T12660] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2183.978279][T12660] handle_mm_fault+0x522b/0x9f70 [ 2183.983307][T12660] do_user_addr_fault+0x905/0x1510 [ 2183.988498][T12660] __do_page_fault+0x1a2/0x410 [ 2183.993456][T12660] do_page_fault+0xbb/0x500 [ 2183.997974][T12660] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2184.003394][T12660] page_fault+0x4e/0x60 [ 2184.007589][T12660] RIP: 0033:0x403522 [ 2184.011517][T12660] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2184.031606][T12660] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2184.037877][T12660] RAX: 0000000000000000 RBX: 0000000000215166 RCX: 0000000000413660 [ 2184.045866][T12660] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2184.053959][T12660] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000113d940 [ 2184.061979][T12660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2184.070173][T12660] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2184.079606][T12660] memory: usage 5348kB, limit 0kB, failcnt 2693 [ 2184.086330][T12660] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2184.093294][T12660] Memory cgroup stats for /syz5: [ 2184.093602][T12660] anon 40960 [ 2184.093602][T12660] file 3162112 [ 2184.093602][T12660] kernel_stack 0 [ 2184.093602][T12660] slab 1986560 [ 2184.093602][T12660] sock 0 [ 2184.093602][T12660] shmem 3162112 [ 2184.093602][T12660] file_mapped 0 [ 2184.093602][T12660] file_dirty 0 [ 2184.093602][T12660] file_writeback 0 [ 2184.093602][T12660] anon_thp 0 [ 2184.093602][T12660] inactive_anon 3108864 [ 2184.093602][T12660] active_anon 98304 [ 2184.093602][T12660] inactive_file 0 [ 2184.093602][T12660] active_file 0 [ 2184.093602][T12660] unevictable 0 [ 2184.093602][T12660] slab_reclaimable 413696 [ 2184.093602][T12660] slab_unreclaimable 1572864 [ 2184.093602][T12660] pgfault 118965 [ 2184.093602][T12660] pgmajfault 0 [ 2184.093602][T12660] workingset_refault 0 [ 2184.093602][T12660] workingset_activate 0 [ 2184.093602][T12660] workingset_nodereclaim 0 [ 2184.093602][T12660] pgrefill 0 [ 2184.093602][T12660] pgscan 0 [ 2184.093602][T12660] pgsteal 0 [ 2184.093602][T12660] pgactivate 0 [ 2184.189534][T12660] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12660,uid=0 [ 2184.205246][T12660] Memory cgroup out of memory: Killed process 12660 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 20:58:10 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setreuid(0x0, r1) shmctl$SHM_UNLOCK(0x0, 0xc) 20:58:10 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000380)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) [ 2184.228893][ T1833] oom_reaper: reaped process 12660 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 20:58:10 executing program 2: r0 = socket(0x10, 0x80002, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newtfilter={0x40, 0x2c, 0x701, 0x0, 0x0, {0x0, r2, {}, {}, {0x1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_FD={0x8}]}}]}, 0x40}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x332, 0x0) 20:58:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4], 0x2}}, 0x0) 20:58:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2185.493803][ T893] device bridge_slave_1 left promiscuous mode [ 2185.500322][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2185.544898][ T893] device bridge_slave_0 left promiscuous mode [ 2185.551545][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2186.263568][ T893] device hsr_slave_0 left promiscuous mode [ 2186.312886][ T893] device hsr_slave_1 left promiscuous mode [ 2186.383920][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2186.398029][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2186.410025][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2186.438606][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2186.505696][ T893] bond0 (unregistering): Released all slaves 20:58:15 executing program 1: r0 = socket$inet6(0xa, 0x100000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000000c0), 0x3fffd1e, 0x0) 20:58:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4], 0x2}}, 0x0) 20:58:15 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x8f, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000002c008151e00f80ecdb4cb904014865160b00014107410000000100180e0006001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) 20:58:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB], 0x3}}, 0x0) 20:58:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB], 0x3}}, 0x0) 20:58:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB], 0x3}}, 0x0) 20:58:17 executing program 4: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2014840}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x28, r2, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xe4be57b1f0241fdc}, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r3 = getpid() r4 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x400440, 0x0) dup3(0xffffffffffffffff, r4, 0x0) socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000240), 0x5c3, 0x0) sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) write(r6, &(0x7f0000000340), 0x41395527) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r9, r8, 0x0) pipe2(0x0, 0x0) 20:58:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ff"], 0x3}}, 0x0) 20:58:17 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000540)='./file0\x00', 0x0, 0x100000, 0x0) mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, 0x3080, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x3080, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) 20:58:17 executing program 2: socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() socket$netlink(0x10, 0x3, 0xb) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x2000107c) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="1c0000001e005f0214fffffffffffff8070000030000000000000000", 0x1c) [ 2191.693797][T12705] IPVS: ftp: loaded support on port[0] = 21 20:58:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ff"], 0x3}}, 0x0) [ 2191.886667][T12705] chnl_net:caif_netlink_parms(): no params data found [ 2191.952772][T12705] bridge0: port 1(bridge_slave_0) entered blocking state [ 2191.960002][T12705] bridge0: port 1(bridge_slave_0) entered disabled state [ 2191.969795][T12705] device bridge_slave_0 entered promiscuous mode [ 2191.980636][T12705] bridge0: port 2(bridge_slave_1) entered blocking state [ 2191.988205][T12705] bridge0: port 2(bridge_slave_1) entered disabled state [ 2191.997911][T12705] device bridge_slave_1 entered promiscuous mode [ 2192.024074][T12705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2192.036566][T12705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2192.062157][T12705] team0: Port device team_slave_0 added [ 2192.072172][T12705] team0: Port device team_slave_1 added [ 2192.135726][T12705] device hsr_slave_0 entered promiscuous mode [ 2192.193329][T12705] device hsr_slave_1 entered promiscuous mode [ 2192.242568][T12705] debugfs: Directory 'hsr0' with parent '/' already present! [ 2192.264788][T12705] bridge0: port 2(bridge_slave_1) entered blocking state [ 2192.276950][T12705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2192.284716][T12705] bridge0: port 1(bridge_slave_0) entered blocking state [ 2192.295455][T12705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2192.353572][T12705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2192.373034][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2192.381929][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2192.390935][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2192.409498][T12705] 8021q: adding VLAN 0 to HW filter on device team0 [ 2192.423207][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2192.432139][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2192.439547][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2192.455169][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2192.464746][ T5036] bridge0: port 2(bridge_slave_1) entered blocking state [ 2192.471908][ T5036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2192.503887][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2192.526322][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2192.536909][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2192.546351][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2192.561321][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2192.575254][T12705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2192.606163][T12705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2192.757405][T12723] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2192.767777][T12723] CPU: 0 PID: 12723 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2192.775701][T12723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2192.785975][T12723] Call Trace: [ 2192.789298][T12723] dump_stack+0x191/0x1f0 [ 2192.793841][T12723] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2192.800397][T12723] dump_header+0x1e7/0xd00 [ 2192.804891][T12723] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2192.811103][T12723] ? ___ratelimit+0x542/0x720 [ 2192.815796][T12723] ? task_will_free_mem+0x14c/0x810 [ 2192.821016][T12723] oom_kill_process+0x210/0x560 [ 2192.826002][T12723] out_of_memory+0x1796/0x1c70 [ 2192.830879][T12723] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2192.836538][T12723] memory_max_write+0x90b/0xb60 [ 2192.841439][T12723] ? memory_max_show+0x1b0/0x1b0 [ 2192.846488][T12723] cgroup_file_write+0x41a/0x8e0 [ 2192.851480][T12723] ? cgroup_seqfile_stop+0x150/0x150 [ 2192.856805][T12723] kernfs_fop_write+0x55f/0x840 [ 2192.861672][T12723] ? kernfs_fop_read+0x9a0/0x9a0 [ 2192.867062][T12723] __vfs_write+0x1a9/0xcb0 [ 2192.871522][T12723] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2192.877605][T12723] ? __sb_start_write+0x10b/0x230 [ 2192.882666][T12723] vfs_write+0x481/0x920 [ 2192.886949][T12723] ksys_write+0x265/0x430 [ 2192.891307][T12723] __se_sys_write+0x92/0xb0 [ 2192.895833][T12723] __x64_sys_write+0x4a/0x70 [ 2192.900439][T12723] do_syscall_64+0xb6/0x160 [ 2192.904962][T12723] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2192.910858][T12723] RIP: 0033:0x459a59 [ 2192.914765][T12723] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2192.934571][T12723] RSP: 002b:00007f4c72af9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2192.943020][T12723] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2192.951038][T12723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2192.959131][T12723] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2192.967112][T12723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c72afa6d4 [ 2192.975098][T12723] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2192.983720][T12723] memory: usage 5292kB, limit 0kB, failcnt 2702 [ 2192.990028][T12723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2192.996985][T12723] Memory cgroup stats for /syz5: [ 2192.997288][T12723] anon 40960 [ 2192.997288][T12723] file 2682880 [ 2192.997288][T12723] kernel_stack 196608 [ 2192.997288][T12723] slab 1986560 [ 2192.997288][T12723] sock 0 [ 2192.997288][T12723] shmem 2682880 [ 2192.997288][T12723] file_mapped 0 [ 2192.997288][T12723] file_dirty 0 [ 2192.997288][T12723] file_writeback 0 [ 2192.997288][T12723] anon_thp 0 [ 2192.997288][T12723] inactive_anon 2703360 [ 2192.997288][T12723] active_anon 98304 [ 2192.997288][T12723] inactive_file 0 [ 2192.997288][T12723] active_file 0 [ 2192.997288][T12723] unevictable 0 [ 2192.997288][T12723] slab_reclaimable 413696 [ 2192.997288][T12723] slab_unreclaimable 1572864 [ 2192.997288][T12723] pgfault 119559 [ 2192.997288][T12723] pgmajfault 0 [ 2192.997288][T12723] workingset_refault 0 [ 2192.997288][T12723] workingset_activate 0 [ 2192.997288][T12723] workingset_nodereclaim 0 [ 2192.997288][T12723] pgrefill 0 [ 2192.997288][T12723] pgscan 0 [ 2192.997288][T12723] pgsteal 0 [ 2192.997288][T12723] pgactivate 0 [ 2193.094261][T12723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12721,uid=0 [ 2193.109916][T12723] Memory cgroup out of memory: Killed process 12721 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2193.133074][ T1833] oom_reaper: reaped process 12721 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2193.166774][T12705] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2193.177104][T12705] CPU: 0 PID: 12705 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2193.186064][T12705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2193.196143][T12705] Call Trace: [ 2193.199475][T12705] dump_stack+0x191/0x1f0 [ 2193.203874][T12705] dump_header+0x1e7/0xd00 [ 2193.208533][T12705] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2193.214812][T12705] ? ___ratelimit+0x542/0x720 [ 2193.219502][T12705] ? task_will_free_mem+0x2c9/0x810 [ 2193.224730][T12705] oom_kill_process+0x210/0x560 [ 2193.229601][T12705] out_of_memory+0x1796/0x1c70 [ 2193.234421][T12705] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2193.240073][T12705] try_charge+0x2889/0x3d70 [ 2193.244592][T12705] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2193.250781][T12705] mem_cgroup_try_charge+0xa29/0xe40 [ 2193.256085][T12705] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2193.261814][T12705] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2193.267722][T12705] handle_mm_fault+0x522b/0x9f70 [ 2193.272700][T12705] do_user_addr_fault+0x905/0x1510 [ 2193.277831][T12705] __do_page_fault+0x1a2/0x410 [ 2193.282634][T12705] do_page_fault+0xbb/0x500 [ 2193.287181][T12705] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2193.292627][T12705] page_fault+0x4e/0x60 [ 2193.296808][T12705] RIP: 0033:0x403522 [ 2193.300969][T12705] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2193.320774][T12705] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2193.326869][T12705] RAX: 0000000000000000 RBX: 00000000002175b5 RCX: 0000000000413660 [ 2193.334846][T12705] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2193.342854][T12705] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000222f940 [ 2193.350886][T12705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2193.358877][T12705] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2193.367987][T12705] memory: usage 4872kB, limit 0kB, failcnt 2711 [ 2193.374383][T12705] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2193.381611][T12705] Memory cgroup stats for /syz5: [ 2193.381802][T12705] anon 40960 [ 2193.381802][T12705] file 2682880 [ 2193.381802][T12705] kernel_stack 0 [ 2193.381802][T12705] slab 1986560 [ 2193.381802][T12705] sock 0 [ 2193.381802][T12705] shmem 2682880 [ 2193.381802][T12705] file_mapped 0 [ 2193.381802][T12705] file_dirty 0 [ 2193.381802][T12705] file_writeback 0 [ 2193.381802][T12705] anon_thp 0 [ 2193.381802][T12705] inactive_anon 2703360 [ 2193.381802][T12705] active_anon 98304 [ 2193.381802][T12705] inactive_file 0 [ 2193.381802][T12705] active_file 0 [ 2193.381802][T12705] unevictable 0 [ 2193.381802][T12705] slab_reclaimable 413696 [ 2193.381802][T12705] slab_unreclaimable 1572864 [ 2193.381802][T12705] pgfault 119559 [ 2193.381802][T12705] pgmajfault 0 [ 2193.381802][T12705] workingset_refault 0 [ 2193.381802][T12705] workingset_activate 0 [ 2193.381802][T12705] workingset_nodereclaim 0 [ 2193.381802][T12705] pgrefill 0 [ 2193.381802][T12705] pgscan 0 [ 2193.381802][T12705] pgsteal 0 [ 2193.381802][T12705] pgactivate 0 [ 2193.476299][T12705] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12705,uid=0 [ 2193.492191][T12705] Memory cgroup out of memory: Killed process 12705 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2193.511175][ T1833] oom_reaper: reaped process 12705 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2194.484245][ T893] device bridge_slave_1 left promiscuous mode [ 2194.490841][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2194.535138][ T893] device bridge_slave_0 left promiscuous mode [ 2194.541802][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2195.343637][ T893] device hsr_slave_0 left promiscuous mode [ 2195.402584][ T893] device hsr_slave_1 left promiscuous mode [ 2195.456305][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2195.469560][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2195.484232][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2195.518875][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2195.592042][ T893] bond0 (unregistering): Released all slaves 20:58:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000340)={0x0, {{0x2, 0x0, @broadcast}}}, 0x90) 20:58:22 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x400080, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x100000000011, 0x2, 0x0) bind(r1, &(0x7f0000000140)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) r3 = dup2(r2, r0) getsockname$packet(r1, &(0x7f0000000040), 0x0) socket$packet(0x11, 0x2, 0x300) socket(0x0, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) syz_open_procfs(0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f0000000680), 0x4) 20:58:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ff"], 0x3}}, 0x0) 20:58:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00"], 0x3}}, 0x0) 20:58:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000000)=0x80000000002, 0xe3) recvmmsg(r0, &(0x7f00000001c0), 0x460, 0xea225aec34b1dd0e, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000000)=@gcm_256={{}, "441b30cf8619394c", "b1b7640babcf8109c3bc07c9071824f2ddeee9e07528bb03ced792b7c4e742dc", "ba3017d9", "1712cc825e966e25"}, 0x38) 20:58:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00"], 0x3}}, 0x0) [ 2198.493507][T12753] IPVS: ftp: loaded support on port[0] = 21 [ 2198.590104][T12753] chnl_net:caif_netlink_parms(): no params data found [ 2198.632649][T12753] bridge0: port 1(bridge_slave_0) entered blocking state [ 2198.640059][T12753] bridge0: port 1(bridge_slave_0) entered disabled state [ 2198.649556][T12753] device bridge_slave_0 entered promiscuous mode [ 2198.658915][T12753] bridge0: port 2(bridge_slave_1) entered blocking state [ 2198.666221][T12753] bridge0: port 2(bridge_slave_1) entered disabled state [ 2198.675573][T12753] device bridge_slave_1 entered promiscuous mode [ 2198.704569][T12753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2198.717776][T12753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:58:24 executing program 4: sysinfo(&(0x7f0000000000)=""/13) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00\xeej\x01\x0f\'@\x00', @ifru_flags}) 20:58:24 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00"], 0x3}}, 0x0) 20:58:24 executing program 1: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) [ 2198.746149][T12753] team0: Port device team_slave_0 added [ 2198.755268][T12753] team0: Port device team_slave_1 added [ 2198.831061][T12753] device hsr_slave_0 entered promiscuous mode [ 2198.863779][T12753] device hsr_slave_1 entered promiscuous mode [ 2198.894661][T12753] debugfs: Directory 'hsr0' with parent '/' already present! 20:58:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioprio_set$pid(0x0, r0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) dup(r1) clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8", 0xf0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r2, 0x0, 0x0) ioctl$TUNSETVNETLE(r3, 0x400454dc, &(0x7f0000000080)) mknod$loop(0x0, 0x2000, 0x1) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r4 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r4, 0x0, 0x0) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000b00)={{{@in6=@loopback, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@loopback}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r6, 0x0, 0x0, 0x0, 0x2) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 20:58:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff000000"], 0x3}}, 0x0) [ 2199.094049][T12753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2199.124654][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2199.134620][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 20:58:25 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='lo\x00\x00\x00\x00\xdf\xff\xff\xff\x00', 0x10) sendto$inet(r2, 0x0, 0xff1b, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r2, &(0x7f0000000240), 0x1192aca8268c9077, 0x0, 0x0, 0xffffffffffffff06) connect(r2, &(0x7f0000000080)=@un=@file={0x0, './file0\x00'}, 0x80) [ 2199.175986][T12753] 8021q: adding VLAN 0 to HW filter on device team0 [ 2199.191928][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2199.202010][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2199.211228][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2199.218466][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2199.279035][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2199.288283][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2199.299053][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2199.308207][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2199.315443][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2199.324305][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2199.334947][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2199.345850][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2199.356376][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2199.366425][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2199.376958][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2199.386462][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2199.395613][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2199.406865][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2199.412991][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2199.417072][T12753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2199.431597][T12753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2199.440927][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2199.450185][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2199.459721][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2199.509746][T12753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2199.679221][T12804] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2199.689606][T12804] CPU: 1 PID: 12804 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2199.697632][T12804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2199.707776][T12804] Call Trace: [ 2199.711161][T12804] dump_stack+0x191/0x1f0 [ 2199.715560][T12804] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2199.721623][T12804] dump_header+0x1e7/0xd00 [ 2199.726119][T12804] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2199.732320][T12804] ? ___ratelimit+0x542/0x720 [ 2199.737135][T12804] ? task_will_free_mem+0x14c/0x810 [ 2199.742539][T12804] oom_kill_process+0x210/0x560 [ 2199.747460][T12804] out_of_memory+0x1796/0x1c70 [ 2199.752278][T12804] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2199.757990][T12804] memory_max_write+0x90b/0xb60 [ 2199.762944][T12804] ? memory_max_show+0x1b0/0x1b0 [ 2199.767968][T12804] cgroup_file_write+0x41a/0x8e0 [ 2199.772953][T12804] ? cgroup_seqfile_stop+0x150/0x150 [ 2199.778254][T12804] kernfs_fop_write+0x55f/0x840 [ 2199.783300][T12804] ? kernfs_fop_read+0x9a0/0x9a0 [ 2199.788264][T12804] __vfs_write+0x1a9/0xcb0 [ 2199.792729][T12804] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2199.798812][T12804] ? __sb_start_write+0x10b/0x230 [ 2199.803859][T12804] vfs_write+0x481/0x920 [ 2199.808137][T12804] ksys_write+0x265/0x430 [ 2199.812515][T12804] __se_sys_write+0x92/0xb0 [ 2199.817055][T12804] __x64_sys_write+0x4a/0x70 [ 2199.821660][T12804] do_syscall_64+0xb6/0x160 [ 2199.826201][T12804] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2199.833245][T12804] RIP: 0033:0x459a59 [ 2199.837176][T12804] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2199.856891][T12804] RSP: 002b:00007fb4197bec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2199.865478][T12804] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2199.873565][T12804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2199.881724][T12804] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2199.889718][T12804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb4197bf6d4 [ 2199.897747][T12804] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2199.906035][T12804] memory: usage 4448kB, limit 0kB, failcnt 2720 [ 2199.912449][T12804] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2199.919323][T12804] Memory cgroup stats for /syz5: [ 2199.919509][T12804] anon 176128 [ 2199.919509][T12804] file 1843200 [ 2199.919509][T12804] kernel_stack 196608 [ 2199.919509][T12804] slab 1986560 [ 2199.919509][T12804] sock 0 [ 2199.919509][T12804] shmem 1843200 [ 2199.919509][T12804] file_mapped 0 [ 2199.919509][T12804] file_dirty 0 [ 2199.919509][T12804] file_writeback 0 [ 2199.919509][T12804] anon_thp 0 [ 2199.919509][T12804] inactive_anon 1757184 [ 2199.919509][T12804] active_anon 98304 [ 2199.919509][T12804] inactive_file 0 [ 2199.919509][T12804] active_file 0 [ 2199.919509][T12804] unevictable 0 [ 2199.919509][T12804] slab_reclaimable 413696 [ 2199.919509][T12804] slab_unreclaimable 1572864 [ 2199.919509][T12804] pgfault 120087 [ 2199.919509][T12804] pgmajfault 0 [ 2199.919509][T12804] workingset_refault 0 [ 2199.919509][T12804] workingset_activate 0 [ 2199.919509][T12804] workingset_nodereclaim 0 [ 2199.919509][T12804] pgrefill 0 [ 2199.919509][T12804] pgscan 0 [ 2199.919509][T12804] pgsteal 0 [ 2199.919509][T12804] pgactivate 0 [ 2200.014618][T12804] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12802,uid=0 [ 2200.030276][T12804] Memory cgroup out of memory: Killed process 12802 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2200.050573][ T1833] oom_reaper: reaped process 12802 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2200.086169][T12753] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2200.096299][T12753] CPU: 0 PID: 12753 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2200.104340][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2200.114664][T12753] Call Trace: [ 2200.117976][T12753] dump_stack+0x191/0x1f0 [ 2200.122321][T12753] dump_header+0x1e7/0xd00 [ 2200.126769][T12753] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2200.132939][T12753] ? ___ratelimit+0x542/0x720 [ 2200.137627][T12753] ? task_will_free_mem+0x2c9/0x810 [ 2200.146248][T12753] oom_kill_process+0x210/0x560 [ 2200.151118][T12753] out_of_memory+0x1796/0x1c70 [ 2200.155909][T12753] try_charge+0x2889/0x3d70 [ 2200.160454][T12753] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2200.166661][T12753] mem_cgroup_try_charge+0xa29/0xe40 [ 2200.171982][T12753] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2200.177732][T12753] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2200.183828][T12753] handle_mm_fault+0x522b/0x9f70 [ 2200.188836][T12753] do_user_addr_fault+0x905/0x1510 [ 2200.193978][T12753] __do_page_fault+0x1a2/0x410 [ 2200.198792][T12753] do_page_fault+0xbb/0x500 [ 2200.203346][T12753] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2200.208746][T12753] page_fault+0x4e/0x60 [ 2200.212906][T12753] RIP: 0033:0x403522 [ 2200.216847][T12753] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2200.236575][T12753] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2200.242742][T12753] RAX: 0000000000000000 RBX: 00000000002190be RCX: 0000000000413660 [ 2200.250805][T12753] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2200.258783][T12753] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000260f940 [ 2200.266775][T12753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2200.274762][T12753] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2200.284030][T12753] memory: usage 4032kB, limit 0kB, failcnt 2729 [ 2200.290305][T12753] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2200.297301][T12753] Memory cgroup stats for /syz5: [ 2200.297648][T12753] anon 176128 [ 2200.297648][T12753] file 1843200 [ 2200.297648][T12753] kernel_stack 0 [ 2200.297648][T12753] slab 1986560 [ 2200.297648][T12753] sock 0 [ 2200.297648][T12753] shmem 1843200 [ 2200.297648][T12753] file_mapped 0 [ 2200.297648][T12753] file_dirty 0 [ 2200.297648][T12753] file_writeback 0 [ 2200.297648][T12753] anon_thp 0 [ 2200.297648][T12753] inactive_anon 1892352 [ 2200.297648][T12753] active_anon 98304 [ 2200.297648][T12753] inactive_file 0 [ 2200.297648][T12753] active_file 0 [ 2200.297648][T12753] unevictable 0 [ 2200.297648][T12753] slab_reclaimable 413696 [ 2200.297648][T12753] slab_unreclaimable 1572864 [ 2200.297648][T12753] pgfault 120087 [ 2200.297648][T12753] pgmajfault 0 [ 2200.297648][T12753] workingset_refault 0 [ 2200.297648][T12753] workingset_activate 0 [ 2200.297648][T12753] workingset_nodereclaim 0 [ 2200.297648][T12753] pgrefill 0 [ 2200.297648][T12753] pgscan 0 [ 2200.297648][T12753] pgsteal 0 [ 2200.297648][T12753] pgactivate 0 [ 2200.392373][T12753] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12753,uid=0 [ 2200.407973][T12753] Memory cgroup out of memory: Killed process 12753 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2200.426867][ T1833] oom_reaper: reaped process 12753 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2201.524375][ T9353] device bridge_slave_1 left promiscuous mode [ 2201.530857][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2201.574249][ T9353] device bridge_slave_0 left promiscuous mode [ 2201.580955][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state 20:58:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000004e00)={&(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff7000/0x4000)=nil, 0x0, 0xfffffdf5, r0}, 0xd3) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) accept(r1, 0x0, &(0x7f0000000000)) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f00000002c0)=0x2, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00') write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)={'syz1', "19ccf78e8c823650d91ac2ce614477e8a6e0976380f1543b811883fc36387640955eafbf85e76d1f723b20356d22884e"}, 0x34) preadv(r2, &(0x7f00000017c0), 0x375, 0x0) pipe2$9p(0x0, 0x0) fchdir(0xffffffffffffffff) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) 20:58:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff000000"], 0x3}}, 0x0) 20:58:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffff02c}, {0x6}]}, 0x10) 20:58:27 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2203.064023][ T9353] device hsr_slave_0 left promiscuous mode [ 2203.112760][ T9353] device hsr_slave_1 left promiscuous mode [ 2203.175091][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2203.190160][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2203.203782][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2203.269131][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2203.350724][ T9353] bond0 (unregistering): Released all slaves [ 2203.878430][T12819] IPVS: ftp: loaded support on port[0] = 21 20:58:30 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2014840}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x68, 0x0, 0x800, 0x70bd2a, 0x0, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfd66}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x84dd}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xe4be57b1f0241fdc}, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400440, 0x0) dup3(0xffffffffffffffff, r1, 0x80000) socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x5}}, 0xe8) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r4, r3, 0x0) 20:58:30 executing program 1: openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc00000048000700ab0925ee090007000a060000000000000001369321000100ff0100000005d00000000000000398996c92770411419da79bb94b46fe000000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bb6b07e4f40000000000005a32e280fc83ab82f605f70c9ddef245c1bc79ebbaa08a", 0x88) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000002c0)=0x9) readv(r0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/195, 0x200000d7}], 0x1) 20:58:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff000000"], 0x3}}, 0x0) 20:58:30 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) dup2(r1, r0) [ 2204.053896][T12819] chnl_net:caif_netlink_parms(): no params data found [ 2204.189095][T12819] bridge0: port 1(bridge_slave_0) entered blocking state [ 2204.196398][T12819] bridge0: port 1(bridge_slave_0) entered disabled state [ 2204.206111][T12819] device bridge_slave_0 entered promiscuous mode [ 2204.216223][T12819] bridge0: port 2(bridge_slave_1) entered blocking state [ 2204.223566][T12819] bridge0: port 2(bridge_slave_1) entered disabled state [ 2204.233202][T12819] device bridge_slave_1 entered promiscuous mode 20:58:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYBLOB="0000fffff1ffffff00000000"], 0x2}}, 0x0) [ 2204.278516][T12819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2204.296624][T12819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:58:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYBLOB="0000fffff1ffffff00000000"], 0x2}}, 0x0) [ 2204.352416][T12819] team0: Port device team_slave_0 added [ 2204.363362][T12819] team0: Port device team_slave_1 added [ 2204.437976][T12819] device hsr_slave_0 entered promiscuous mode [ 2204.503406][T12819] device hsr_slave_1 entered promiscuous mode [ 2204.542519][T12819] debugfs: Directory 'hsr0' with parent '/' already present! 20:58:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYBLOB="0000fffff1ffffff00000000"], 0x2}}, 0x0) 20:58:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32, @ANYBLOB="0000fffff1ffffff00000000"], 0x24}}, 0x0) [ 2204.739290][T12819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2204.762030][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2204.770715][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2204.806992][T12819] 8021q: adding VLAN 0 to HW filter on device team0 [ 2204.819159][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2204.829058][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2204.838247][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2204.847749][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2204.857676][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2204.873917][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2204.884280][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2204.893494][T12782] bridge0: port 2(bridge_slave_1) entered blocking state [ 2204.900679][T12782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2204.953589][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2204.964273][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2204.974786][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2204.985932][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2204.995946][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2205.006316][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2205.027389][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2205.038332][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2205.048292][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2205.067242][T12819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2205.080299][T12819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2205.089427][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2205.099052][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2205.126983][T12819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2205.266254][T12852] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2205.276712][T12852] CPU: 1 PID: 12852 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2205.284712][T12852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2205.295301][T12852] Call Trace: [ 2205.299653][T12852] dump_stack+0x191/0x1f0 [ 2205.304016][T12852] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2205.309928][T12852] dump_header+0x1e7/0xd00 [ 2205.314413][T12852] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2205.320608][T12852] ? ___ratelimit+0x542/0x720 [ 2205.325405][T12852] ? task_will_free_mem+0x14c/0x810 [ 2205.330733][T12852] oom_kill_process+0x210/0x560 [ 2205.335788][T12852] out_of_memory+0x1796/0x1c70 [ 2205.340589][T12852] memory_max_write+0x90b/0xb60 [ 2205.345701][T12852] ? memory_max_show+0x1b0/0x1b0 [ 2205.350723][T12852] cgroup_file_write+0x41a/0x8e0 [ 2205.355700][T12852] ? cgroup_seqfile_stop+0x150/0x150 [ 2205.361076][T12852] kernfs_fop_write+0x55f/0x840 [ 2205.365957][T12852] ? kernfs_fop_read+0x9a0/0x9a0 [ 2205.370906][T12852] __vfs_write+0x1a9/0xcb0 [ 2205.375380][T12852] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2205.381470][T12852] ? __sb_start_write+0x10b/0x230 [ 2205.386634][T12852] vfs_write+0x481/0x920 [ 2205.390903][T12852] ksys_write+0x265/0x430 [ 2205.395260][T12852] __se_sys_write+0x92/0xb0 [ 2205.400438][T12852] __x64_sys_write+0x4a/0x70 [ 2205.405148][T12852] do_syscall_64+0xb6/0x160 [ 2205.409665][T12852] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2205.415581][T12852] RIP: 0033:0x459a59 [ 2205.419625][T12852] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2205.439335][T12852] RSP: 002b:00007ff2f5285c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2205.447921][T12852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2205.455909][T12852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2205.464023][T12852] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2205.472031][T12852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff2f52866d4 [ 2205.480023][T12852] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2205.489356][T12852] memory: usage 5276kB, limit 0kB, failcnt 2738 [ 2205.495802][T12852] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2205.502757][T12852] Memory cgroup stats for /syz5: [ 2205.503056][T12852] anon 40960 [ 2205.503056][T12852] file 2711552 [ 2205.503056][T12852] kernel_stack 196608 [ 2205.503056][T12852] slab 1986560 [ 2205.503056][T12852] sock 0 [ 2205.503056][T12852] shmem 2711552 [ 2205.503056][T12852] file_mapped 0 [ 2205.503056][T12852] file_dirty 0 [ 2205.503056][T12852] file_writeback 0 [ 2205.503056][T12852] anon_thp 0 [ 2205.503056][T12852] inactive_anon 2568192 [ 2205.503056][T12852] active_anon 0 [ 2205.503056][T12852] inactive_file 0 [ 2205.503056][T12852] active_file 0 [ 2205.503056][T12852] unevictable 0 [ 2205.503056][T12852] slab_reclaimable 413696 [ 2205.503056][T12852] slab_unreclaimable 1572864 [ 2205.503056][T12852] pgfault 120648 [ 2205.503056][T12852] pgmajfault 0 [ 2205.503056][T12852] workingset_refault 0 [ 2205.503056][T12852] workingset_activate 0 [ 2205.503056][T12852] workingset_nodereclaim 0 [ 2205.503056][T12852] pgrefill 0 [ 2205.503056][T12852] pgscan 0 [ 2205.503056][T12852] pgsteal 0 [ 2205.503056][T12852] pgactivate 0 [ 2205.598065][T12852] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12850,uid=0 [ 2205.613714][T12852] Memory cgroup out of memory: Killed process 12850 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2205.635979][ T1833] oom_reaper: reaped process 12850 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2205.669817][T12819] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2205.679937][T12819] CPU: 0 PID: 12819 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2205.687852][T12819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2205.697979][T12819] Call Trace: [ 2205.701312][T12819] dump_stack+0x191/0x1f0 [ 2205.705653][T12819] dump_header+0x1e7/0xd00 [ 2205.710077][T12819] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2205.716240][T12819] ? ___ratelimit+0x542/0x720 [ 2205.720920][T12819] ? task_will_free_mem+0x2c9/0x810 [ 2205.726128][T12819] oom_kill_process+0x210/0x560 [ 2205.730989][T12819] out_of_memory+0x1796/0x1c70 [ 2205.735776][T12819] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2205.741437][T12819] try_charge+0x2889/0x3d70 [ 2205.745962][T12819] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2205.752161][T12819] mem_cgroup_try_charge+0xa29/0xe40 [ 2205.757473][T12819] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2205.763207][T12819] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2205.769282][T12819] handle_mm_fault+0x522b/0x9f70 [ 2205.774251][T12819] do_user_addr_fault+0x905/0x1510 [ 2205.779378][T12819] __do_page_fault+0x1a2/0x410 [ 2205.784151][T12819] do_page_fault+0xbb/0x500 [ 2205.788658][T12819] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2205.794038][T12819] page_fault+0x4e/0x60 [ 2205.798199][T12819] RIP: 0033:0x403522 [ 2205.802101][T12819] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2205.821722][T12819] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2205.827885][T12819] RAX: 0000000000000000 RBX: 000000000021a691 RCX: 0000000000413660 [ 2205.835872][T12819] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2205.843842][T12819] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001421940 [ 2205.851811][T12819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2205.859781][T12819] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2205.869204][T12819] memory: usage 4860kB, limit 0kB, failcnt 2747 [ 2205.875936][T12819] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2205.882909][T12819] Memory cgroup stats for /syz5: [ 2205.883231][T12819] anon 40960 [ 2205.883231][T12819] file 2711552 [ 2205.883231][T12819] kernel_stack 0 [ 2205.883231][T12819] slab 1986560 [ 2205.883231][T12819] sock 0 [ 2205.883231][T12819] shmem 2711552 [ 2205.883231][T12819] file_mapped 0 [ 2205.883231][T12819] file_dirty 0 [ 2205.883231][T12819] file_writeback 0 [ 2205.883231][T12819] anon_thp 0 [ 2205.883231][T12819] inactive_anon 2568192 [ 2205.883231][T12819] active_anon 0 [ 2205.883231][T12819] inactive_file 0 [ 2205.883231][T12819] active_file 0 [ 2205.883231][T12819] unevictable 0 [ 2205.883231][T12819] slab_reclaimable 413696 [ 2205.883231][T12819] slab_unreclaimable 1572864 [ 2205.883231][T12819] pgfault 120648 [ 2205.883231][T12819] pgmajfault 0 [ 2205.883231][T12819] workingset_refault 0 [ 2205.883231][T12819] workingset_activate 0 [ 2205.883231][T12819] workingset_nodereclaim 0 [ 2205.883231][T12819] pgrefill 0 [ 2205.883231][T12819] pgscan 0 [ 2205.883231][T12819] pgsteal 0 [ 2205.883231][T12819] pgactivate 0 [ 2205.977260][T12819] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12819,uid=0 [ 2205.992867][T12819] Memory cgroup out of memory: Killed process 12819 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2206.011985][ T1833] oom_reaper: reaped process 12819 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2206.904500][ T9353] device bridge_slave_1 left promiscuous mode [ 2206.910981][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2206.964773][ T9353] device bridge_slave_0 left promiscuous mode [ 2206.971211][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2207.683659][ T9353] device hsr_slave_0 left promiscuous mode [ 2207.722834][ T9353] device hsr_slave_1 left promiscuous mode [ 2207.791922][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2207.805459][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2207.820259][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2207.858271][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2207.944082][ T9353] bond0 (unregistering): Released all slaves 20:58:37 executing program 0: r0 = creat(&(0x7f0000000480)='./bus\x00', 0x0) ioctl$void(r0, 0x5450) 20:58:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32, @ANYBLOB="0000fffff1ffffff00000000"], 0x24}}, 0x0) 20:58:37 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c) listen(r0, 0x10001) r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) accept(r0, &(0x7f0000000000)=@alg, &(0x7f0000000080)=0x80) 20:58:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:37 executing program 2: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) getresgid(0x0, &(0x7f0000000040), &(0x7f0000000080)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="0200000000000000000000000400000000e4ff0008", @ANYRES32=r4, @ANYBLOB="100000000000000020000000"], 0x3, 0x0) fstat(0xffffffffffffffff, &(0x7f00000000c0)) getgroups(0x4, &(0x7f0000000100)=[0xee00, 0xffffffffffffffff, 0x0, 0xee01]) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)=0x0) setresgid(r5, 0x0, r6) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x1ff}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 20:58:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff00000000", @ANYRES32, @ANYBLOB="0000fffff1ffffff00000000"], 0x24}}, 0x0) 20:58:37 executing program 4: semtimedop(0x0, &(0x7f00000000c0)=[{0x0, 0xfffe}], 0x1, 0x0) 20:58:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x2}}, 0x0) 20:58:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x2}}, 0x0) 20:58:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x2}}, 0x0) 20:58:37 executing program 1: r0 = socket$packet(0x11, 0x20000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'lo\x00\x00\x00\x00\x02\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x1, 0x6, @remote}, 0x10) r2 = socket(0x100000000011, 0x2, 0x0) bind(r2, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000000)={r3, 0x1, 0x1, @dev}, 0x10) 20:58:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) [ 2211.947155][T12886] device lo entered promiscuous mode [ 2211.955991][T12885] device lo left promiscuous mode [ 2212.035510][T12891] device lo entered promiscuous mode [ 2212.045731][T12885] device lo left promiscuous mode [ 2213.081787][T12895] IPVS: ftp: loaded support on port[0] = 21 [ 2213.184257][T12895] chnl_net:caif_netlink_parms(): no params data found [ 2213.227454][T12895] bridge0: port 1(bridge_slave_0) entered blocking state [ 2213.234668][T12895] bridge0: port 1(bridge_slave_0) entered disabled state [ 2213.244666][T12895] device bridge_slave_0 entered promiscuous mode [ 2213.254229][T12895] bridge0: port 2(bridge_slave_1) entered blocking state [ 2213.261571][T12895] bridge0: port 2(bridge_slave_1) entered disabled state [ 2213.270920][T12895] device bridge_slave_1 entered promiscuous mode [ 2213.298837][T12895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2213.311840][T12895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2213.339324][T12895] team0: Port device team_slave_0 added [ 2213.348403][T12895] team0: Port device team_slave_1 added [ 2213.407247][T12895] device hsr_slave_0 entered promiscuous mode [ 2213.453604][T12895] device hsr_slave_1 entered promiscuous mode [ 2213.492767][T12895] debugfs: Directory 'hsr0' with parent '/' already present! [ 2213.518394][T12895] bridge0: port 2(bridge_slave_1) entered blocking state [ 2213.525788][T12895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2213.533755][T12895] bridge0: port 1(bridge_slave_0) entered blocking state [ 2213.540915][T12895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2213.606291][T12895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2213.626130][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2213.637503][ T5036] bridge0: port 1(bridge_slave_0) entered disabled state [ 2213.646298][ T5036] bridge0: port 2(bridge_slave_1) entered disabled state [ 2213.657463][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2213.676157][T12895] 8021q: adding VLAN 0 to HW filter on device team0 [ 2213.690462][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2213.699934][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2213.707422][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2213.724498][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2213.733703][T12782] bridge0: port 2(bridge_slave_1) entered blocking state [ 2213.740976][T12782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2213.769366][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2213.781772][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2213.798384][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2213.815840][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2213.834990][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2213.848800][T12895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2213.885090][T12895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2214.036184][T12901] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2214.046636][T12901] CPU: 0 PID: 12901 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2214.054905][T12901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2214.065143][T12901] Call Trace: [ 2214.068498][T12901] dump_stack+0x191/0x1f0 [ 2214.072898][T12901] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2214.078855][T12901] dump_header+0x1e7/0xd00 [ 2214.083348][T12901] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2214.089684][T12901] ? ___ratelimit+0x542/0x720 [ 2214.094377][T12901] ? task_will_free_mem+0x14c/0x810 [ 2214.099662][T12901] oom_kill_process+0x210/0x560 [ 2214.104717][T12901] out_of_memory+0x1796/0x1c70 [ 2214.109539][T12901] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2214.115232][T12901] memory_max_write+0x90b/0xb60 [ 2214.120137][T12901] ? memory_max_show+0x1b0/0x1b0 [ 2214.125112][T12901] cgroup_file_write+0x41a/0x8e0 [ 2214.130113][T12901] ? cgroup_seqfile_stop+0x150/0x150 [ 2214.135440][T12901] kernfs_fop_write+0x55f/0x840 [ 2214.140319][T12901] ? kernfs_fop_read+0x9a0/0x9a0 [ 2214.145269][T12901] __vfs_write+0x1a9/0xcb0 [ 2214.149760][T12901] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2214.155861][T12901] ? __sb_start_write+0x10b/0x230 [ 2214.160987][T12901] vfs_write+0x481/0x920 [ 2214.165273][T12901] ksys_write+0x265/0x430 [ 2214.169661][T12901] __se_sys_write+0x92/0xb0 [ 2214.174177][T12901] __x64_sys_write+0x4a/0x70 [ 2214.178780][T12901] do_syscall_64+0xb6/0x160 [ 2214.183400][T12901] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2214.189311][T12901] RIP: 0033:0x459a59 [ 2214.193227][T12901] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2214.212850][T12901] RSP: 002b:00007f99cf51bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2214.221289][T12901] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2214.229378][T12901] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2214.237664][T12901] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2214.245665][T12901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99cf51c6d4 [ 2214.253693][T12901] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2214.263228][T12901] memory: usage 5112kB, limit 0kB, failcnt 2756 [ 2214.269525][T12901] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2214.276507][T12901] Memory cgroup stats for /syz5: [ 2214.276850][T12901] anon 40960 [ 2214.276850][T12901] file 2551808 [ 2214.276850][T12901] kernel_stack 196608 [ 2214.276850][T12901] slab 1986560 [ 2214.276850][T12901] sock 0 [ 2214.276850][T12901] shmem 2551808 [ 2214.276850][T12901] file_mapped 0 [ 2214.276850][T12901] file_dirty 0 [ 2214.276850][T12901] file_writeback 0 [ 2214.276850][T12901] anon_thp 0 [ 2214.276850][T12901] inactive_anon 2433024 [ 2214.276850][T12901] active_anon 98304 [ 2214.276850][T12901] inactive_file 0 [ 2214.276850][T12901] active_file 0 [ 2214.276850][T12901] unevictable 0 [ 2214.276850][T12901] slab_reclaimable 413696 [ 2214.276850][T12901] slab_unreclaimable 1572864 [ 2214.276850][T12901] pgfault 121242 [ 2214.276850][T12901] pgmajfault 0 [ 2214.276850][T12901] workingset_refault 0 [ 2214.276850][T12901] workingset_activate 0 [ 2214.276850][T12901] workingset_nodereclaim 0 [ 2214.276850][T12901] pgrefill 0 [ 2214.276850][T12901] pgscan 0 [ 2214.276850][T12901] pgsteal 0 [ 2214.276850][T12901] pgactivate 0 [ 2214.372469][T12901] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12899,uid=0 [ 2214.389036][T12901] Memory cgroup out of memory: Killed process 12899 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2214.409622][ T1833] oom_reaper: reaped process 12899 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2214.448504][T12895] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2214.460073][T12895] CPU: 0 PID: 12895 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2214.468011][T12895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2214.478101][T12895] Call Trace: [ 2214.481410][T12895] dump_stack+0x191/0x1f0 [ 2214.485792][T12895] dump_header+0x1e7/0xd00 [ 2214.490351][T12895] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2214.496618][T12895] ? ___ratelimit+0x542/0x720 [ 2214.501321][T12895] ? task_will_free_mem+0x2c9/0x810 [ 2214.506543][T12895] oom_kill_process+0x210/0x560 [ 2214.511490][T12895] out_of_memory+0x1796/0x1c70 [ 2214.516299][T12895] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2214.522136][T12895] try_charge+0x2889/0x3d70 [ 2214.526669][T12895] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2214.532872][T12895] mem_cgroup_try_charge+0xa29/0xe40 [ 2214.538206][T12895] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2214.544064][T12895] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2214.550446][T12895] handle_mm_fault+0x522b/0x9f70 [ 2214.555487][T12895] do_user_addr_fault+0x905/0x1510 [ 2214.560912][T12895] __do_page_fault+0x1a2/0x410 [ 2214.565717][T12895] do_page_fault+0xbb/0x500 [ 2214.570245][T12895] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2214.575657][T12895] page_fault+0x4e/0x60 [ 2214.579849][T12895] RIP: 0033:0x403522 [ 2214.583776][T12895] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2214.603395][T12895] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2214.609497][T12895] RAX: 0000000000000000 RBX: 000000000021c8d2 RCX: 0000000000413660 [ 2214.617519][T12895] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2214.625717][T12895] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001d59940 [ 2214.633704][T12895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2214.641693][T12895] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2214.649851][T12895] memory: usage 4708kB, limit 0kB, failcnt 2767 [ 2214.656228][T12895] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2214.663243][T12895] Memory cgroup stats for /syz5: [ 2214.663526][T12895] anon 40960 [ 2214.663526][T12895] file 2551808 [ 2214.663526][T12895] kernel_stack 0 [ 2214.663526][T12895] slab 1986560 [ 2214.663526][T12895] sock 0 [ 2214.663526][T12895] shmem 2551808 [ 2214.663526][T12895] file_mapped 0 [ 2214.663526][T12895] file_dirty 0 [ 2214.663526][T12895] file_writeback 0 [ 2214.663526][T12895] anon_thp 0 [ 2214.663526][T12895] inactive_anon 2433024 [ 2214.663526][T12895] active_anon 98304 [ 2214.663526][T12895] inactive_file 0 [ 2214.663526][T12895] active_file 0 [ 2214.663526][T12895] unevictable 0 [ 2214.663526][T12895] slab_reclaimable 413696 [ 2214.663526][T12895] slab_unreclaimable 1572864 [ 2214.663526][T12895] pgfault 121242 [ 2214.663526][T12895] pgmajfault 0 [ 2214.663526][T12895] workingset_refault 0 [ 2214.663526][T12895] workingset_activate 0 [ 2214.663526][T12895] workingset_nodereclaim 0 [ 2214.663526][T12895] pgrefill 0 [ 2214.663526][T12895] pgscan 0 [ 2214.663526][T12895] pgsteal 0 [ 2214.663526][T12895] pgactivate 0 [ 2214.757923][T12895] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12895,uid=0 [ 2214.773512][T12895] Memory cgroup out of memory: Killed process 12895 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2214.794818][ T1833] oom_reaper: reaped process 12895 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2215.934519][ T9355] device bridge_slave_1 left promiscuous mode [ 2215.941195][ T9355] bridge0: port 2(bridge_slave_1) entered disabled state [ 2215.994504][ T9355] device bridge_slave_0 left promiscuous mode [ 2216.001075][ T9355] bridge0: port 1(bridge_slave_0) entered disabled state 20:58:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x4000000000802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) read(r0, 0x0, 0x0) 20:58:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:58:42 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 20:58:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:42 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0xfe1f, 0x0, &(0x7f0000000500)=[@acquire_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={@fda, @flat, @flat=@weak_binder}, &(0x7f00000007c0)}}, @dead_binder_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={@fd, @flat=@weak_binder, @flat=@weak_binder}, &(0x7f0000000300)}}, @register_looper, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/66}, @fd, @fd}, &(0x7f00000004c0)}}, @acquire_done], 0x223, 0x0, 0x0}) 20:58:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @request_death={0x400c630e, 0x3}, @decrefs], 0x0, 0x0, 0x0}) [ 2217.544359][ T9355] device hsr_slave_0 left promiscuous mode [ 2217.593005][ T9355] device hsr_slave_1 left promiscuous mode [ 2217.666984][ T9355] team0 (unregistering): Port device team_slave_1 removed [ 2217.682007][ T9355] team0 (unregistering): Port device team_slave_0 removed [ 2217.698647][ T9355] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2217.729742][ T9355] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2217.814380][ T9355] bond0 (unregistering): Released all slaves [ 2218.376569][T12924] IPVS: ftp: loaded support on port[0] = 21 [ 2218.496444][T12924] chnl_net:caif_netlink_parms(): no params data found [ 2218.540081][T12924] bridge0: port 1(bridge_slave_0) entered blocking state [ 2218.547651][T12924] bridge0: port 1(bridge_slave_0) entered disabled state [ 2218.556758][T12924] device bridge_slave_0 entered promiscuous mode [ 2218.566453][T12924] bridge0: port 2(bridge_slave_1) entered blocking state [ 2218.574223][T12924] bridge0: port 2(bridge_slave_1) entered disabled state [ 2218.584418][T12924] device bridge_slave_1 entered promiscuous mode 20:58:44 executing program 4: pipe(&(0x7f00000003c0)={0xffffffffffffffff}) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3a8, 0x0) socket$inet6(0xa, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x800000, 0x0) chdir(&(0x7f0000000080)='./file0\x00') r1 = eventfd2(0x8, 0x80801) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, 0x0) r2 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(r2, &(0x7f0000000c80)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0xf05}, 0x1006) sendfile(r2, r2, &(0x7f0000000240), 0x2008000fffffffe) open(&(0x7f0000000280)='./file0/file0\x00', 0x4043, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x4e) 20:58:44 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @request_death={0x400c630e, 0x3}, @decrefs], 0x0, 0x0, 0x0}) 20:58:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) [ 2218.614035][T12924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2218.636260][T12924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:58:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB="6d047c0075f8b8660afc21be2900000047bf252eb7882b9abb2a2f9fd2399e0400c33f38b2765f00000089dafbffffffffffffffa4952f36def676d57a6a00a49d5c8c3d080022757432dc100000000097"], 0x2) [ 2218.735045][T12924] team0: Port device team_slave_0 added [ 2218.747195][T12924] team0: Port device team_slave_1 added 20:58:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffff", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:58:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffff028}, {0x6}]}, 0x10) [ 2218.858427][T12924] device hsr_slave_0 entered promiscuous mode [ 2218.894470][T12924] device hsr_slave_1 entered promiscuous mode [ 2218.952841][T12924] debugfs: Directory 'hsr0' with parent '/' already present! [ 2219.154501][T12924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2219.174999][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2219.184860][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2219.199700][T12924] 8021q: adding VLAN 0 to HW filter on device team0 [ 2219.214589][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2219.225404][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2219.235015][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2219.244104][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2219.253299][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2219.269112][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2219.279993][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2219.289939][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2219.301538][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2219.318694][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2219.336081][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2219.353661][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2219.365753][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2219.378098][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2219.391394][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2219.402658][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2219.423945][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2219.434211][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2219.444166][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2219.454733][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2219.470603][T12924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2219.502175][T12924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2219.656426][T12954] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2219.667993][T12954] CPU: 1 PID: 12954 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2219.676974][T12954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2219.688467][T12954] Call Trace: [ 2219.692101][T12954] dump_stack+0x191/0x1f0 [ 2219.697105][T12954] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2219.703203][T12954] dump_header+0x1e7/0xd00 [ 2219.708491][T12954] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2219.715950][T12954] ? ___ratelimit+0x542/0x720 [ 2219.720875][T12954] ? task_will_free_mem+0x14c/0x810 [ 2219.726698][T12954] oom_kill_process+0x210/0x560 [ 2219.731946][T12954] out_of_memory+0x1796/0x1c70 [ 2219.737134][T12954] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2219.743329][T12954] memory_max_write+0x90b/0xb60 [ 2219.748727][T12954] ? memory_max_show+0x1b0/0x1b0 [ 2219.754274][T12954] cgroup_file_write+0x41a/0x8e0 [ 2219.759750][T12954] ? cgroup_seqfile_stop+0x150/0x150 [ 2219.765581][T12954] kernfs_fop_write+0x55f/0x840 [ 2219.771643][T12954] ? kernfs_fop_read+0x9a0/0x9a0 [ 2219.777542][T12954] __vfs_write+0x1a9/0xcb0 [ 2219.782267][T12954] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2219.788670][T12954] ? __sb_start_write+0x10b/0x230 [ 2219.793788][T12954] vfs_write+0x481/0x920 [ 2219.798638][T12954] ksys_write+0x265/0x430 [ 2219.803449][T12954] __se_sys_write+0x92/0xb0 [ 2219.808508][T12954] __x64_sys_write+0x4a/0x70 [ 2219.813406][T12954] do_syscall_64+0xb6/0x160 [ 2219.818048][T12954] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2219.824183][T12954] RIP: 0033:0x459a59 [ 2219.828257][T12954] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2219.849302][T12954] RSP: 002b:00007f7587da9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2219.859088][T12954] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2219.867596][T12954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2219.875613][T12954] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2219.884347][T12954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7587daa6d4 [ 2219.892599][T12954] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2219.901774][T12954] memory: usage 5576kB, limit 0kB, failcnt 2776 [ 2219.908675][T12954] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2219.916136][T12954] Memory cgroup stats for /syz5: [ 2219.916501][T12954] anon 176128 [ 2219.916501][T12954] file 3100672 [ 2219.916501][T12954] kernel_stack 196608 [ 2219.916501][T12954] slab 1986560 [ 2219.916501][T12954] sock 0 [ 2219.916501][T12954] shmem 3100672 [ 2219.916501][T12954] file_mapped 0 [ 2219.916501][T12954] file_dirty 0 [ 2219.916501][T12954] file_writeback 0 [ 2219.916501][T12954] anon_thp 0 [ 2219.916501][T12954] inactive_anon 2973696 [ 2219.916501][T12954] active_anon 233472 [ 2219.916501][T12954] inactive_file 0 [ 2219.916501][T12954] active_file 0 [ 2219.916501][T12954] unevictable 0 [ 2219.916501][T12954] slab_reclaimable 413696 [ 2219.916501][T12954] slab_unreclaimable 1572864 [ 2219.916501][T12954] pgfault 121836 [ 2219.916501][T12954] pgmajfault 0 [ 2219.916501][T12954] workingset_refault 0 [ 2219.916501][T12954] workingset_activate 0 [ 2219.916501][T12954] workingset_nodereclaim 0 [ 2219.916501][T12954] pgrefill 0 [ 2219.916501][T12954] pgscan 0 [ 2219.916501][T12954] pgsteal 0 [ 2219.916501][T12954] pgactivate 0 [ 2220.021772][T12954] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12952,uid=0 [ 2220.039551][T12954] Memory cgroup out of memory: Killed process 12952 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2220.063542][ T1833] oom_reaper: reaped process 12952 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2220.106530][T12924] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2220.118451][T12924] CPU: 1 PID: 12924 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2220.127508][T12924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.137970][T12924] Call Trace: [ 2220.141302][T12924] dump_stack+0x191/0x1f0 [ 2220.146026][T12924] dump_header+0x1e7/0xd00 [ 2220.150849][T12924] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2220.157246][T12924] ? ___ratelimit+0x542/0x720 [ 2220.162186][T12924] ? task_will_free_mem+0x2c9/0x810 [ 2220.167612][T12924] oom_kill_process+0x210/0x560 [ 2220.172909][T12924] out_of_memory+0x1796/0x1c70 [ 2220.178071][T12924] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2220.184606][T12924] try_charge+0x2889/0x3d70 [ 2220.189525][T12924] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2220.196548][T12924] mem_cgroup_try_charge+0xa29/0xe40 [ 2220.202316][T12924] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2220.208668][T12924] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2220.214915][T12924] handle_mm_fault+0x522b/0x9f70 [ 2220.220214][T12924] do_user_addr_fault+0x905/0x1510 [ 2220.226299][T12924] __do_page_fault+0x1a2/0x410 [ 2220.231800][T12924] do_page_fault+0xbb/0x500 [ 2220.236819][T12924] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2220.242679][T12924] page_fault+0x4e/0x60 [ 2220.248248][T12924] RIP: 0033:0x403522 [ 2220.252616][T12924] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2220.273408][T12924] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2220.279991][T12924] RAX: 0000000000000000 RBX: 000000000021dec6 RCX: 0000000000413660 [ 2220.288730][T12924] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2220.297182][T12924] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001f9a940 [ 2220.305397][T12924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2220.314142][T12924] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2220.324894][T12924] memory: usage 5156kB, limit 0kB, failcnt 2785 [ 2220.332104][T12924] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2220.339098][T12924] Memory cgroup stats for /syz5: [ 2220.339425][T12924] anon 28672 [ 2220.339425][T12924] file 3100672 [ 2220.339425][T12924] kernel_stack 0 [ 2220.339425][T12924] slab 1986560 [ 2220.339425][T12924] sock 0 [ 2220.339425][T12924] shmem 3100672 [ 2220.339425][T12924] file_mapped 0 [ 2220.339425][T12924] file_dirty 0 [ 2220.339425][T12924] file_writeback 0 [ 2220.339425][T12924] anon_thp 0 [ 2220.339425][T12924] inactive_anon 2973696 [ 2220.339425][T12924] active_anon 98304 [ 2220.339425][T12924] inactive_file 0 [ 2220.339425][T12924] active_file 0 [ 2220.339425][T12924] unevictable 0 [ 2220.339425][T12924] slab_reclaimable 413696 [ 2220.339425][T12924] slab_unreclaimable 1572864 [ 2220.339425][T12924] pgfault 121836 [ 2220.339425][T12924] pgmajfault 0 [ 2220.339425][T12924] workingset_refault 0 [ 2220.339425][T12924] workingset_activate 0 [ 2220.339425][T12924] workingset_nodereclaim 0 [ 2220.339425][T12924] pgrefill 0 [ 2220.339425][T12924] pgscan 0 [ 2220.339425][T12924] pgsteal 0 [ 2220.339425][T12924] pgactivate 0 [ 2220.440926][T12924] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12924,uid=0 [ 2220.457642][T12924] Memory cgroup out of memory: Killed process 12924 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2220.477137][ T1833] oom_reaper: reaped process 12924 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2221.614689][ T9353] device bridge_slave_1 left promiscuous mode [ 2221.622363][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2221.665624][ T9353] device bridge_slave_0 left promiscuous mode [ 2221.673671][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2222.523337][ T9353] device hsr_slave_0 left promiscuous mode [ 2222.562919][ T9353] device hsr_slave_1 left promiscuous mode [ 2222.616528][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2222.630723][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2222.645488][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2222.709581][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2222.783737][ T9353] bond0 (unregistering): Released all slaves 20:58:49 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt(r0, 0x0, 0x1, &(0x7f0000000040)="18", 0x1) 20:58:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e25, @local}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000000)=0x10) 20:58:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffff", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:58:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:49 executing program 2: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) 20:58:49 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x26dd0ef5ef505b6d, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000001400010900000000000000000a0000000e000000140002000000000000000000fdff0000000000007e08c2398b13da505793517b6fe758964b5ce8763ca18a7d67e162120554961074c1d487557fdbb4852e5e1d2058ec9cb206b563c48cdc4cd5e63a8b3971e89efcae07827fd5c74be002fdffffffff012d35a74d24443db3cbd7e1140320ffffff881b751c76905caf888535e2d6018aee68f42f832b3ce00e6382856b67fd2de40cdc2ede29c4dd9e8cdb8a3d82398238693adc53ede57466f4ef4e468170d6d9d34f7d918e18aaf1bc18fb84bde95686b7a5e8aa3eb18164af8edd3cae76ce90aaff0999b6f9b34fd44a151667b9ad03d7a6f0d4be53e3080a12b1cd1e7f70264cf81b7e7363300da32f1234a69d7fee131eed1192c12a11685b79607cb30f00058551ce53508693add3266de9fe2e6d6c35512806dbb861f18ecc067b8a2299602df886c264c9872a70305fc831ea5217983046ae3428af938268e448ebf3a38e0dd0a5411fe78afe092afe3e26d7584f2374aae3943b97ec49d2a761214d658bc784cb4862c41c9b4c8175905582016be6f90c7174c1930a0616c93c370fab5226669c98d24028aa5cbc6aed9500ab651928e8e8cf7048ebac8573644d3affbea9df0bb32b0f5e8ebe14f6c9d4d05f2f90bc38c6e622d32bd36b071d398d5b85797740ee8a8fb898b124754bba71f87170cb1e50cf11e4f0def2d5b47044dc98f7"], 0x2c}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) [ 2225.246527][T12982] IPVS: ftp: loaded support on port[0] = 21 [ 2225.404550][T12982] chnl_net:caif_netlink_parms(): no params data found [ 2225.470076][T12982] bridge0: port 1(bridge_slave_0) entered blocking state [ 2225.477416][T12982] bridge0: port 1(bridge_slave_0) entered disabled state [ 2225.487574][T12982] device bridge_slave_0 entered promiscuous mode [ 2225.498986][T12982] bridge0: port 2(bridge_slave_1) entered blocking state [ 2225.506586][T12982] bridge0: port 2(bridge_slave_1) entered disabled state [ 2225.516739][T12982] device bridge_slave_1 entered promiscuous mode [ 2225.558044][T12982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2225.573135][T12982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2225.612845][T12982] team0: Port device team_slave_0 added [ 2225.623815][T12982] team0: Port device team_slave_1 added [ 2225.718585][T12982] device hsr_slave_0 entered promiscuous mode [ 2225.873871][T12982] device hsr_slave_1 entered promiscuous mode [ 2226.032484][T12982] debugfs: Directory 'hsr0' with parent '/' already present! [ 2226.070620][T12982] bridge0: port 2(bridge_slave_1) entered blocking state [ 2226.077963][T12982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2226.085914][T12982] bridge0: port 1(bridge_slave_0) entered blocking state [ 2226.093226][T12982] bridge0: port 1(bridge_slave_0) entered forwarding state 20:58:52 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="33749226042dc94d7f8c"], 0x1}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0x8090ae81, 0x0) 20:58:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffff", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:58:52 executing program 1: r0 = socket$inet(0x10, 0x3, 0x6) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000240007031dfffd946fa2830020200a0009000440001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 2226.192081][T12982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2226.265811][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2226.276582][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2226.294617][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state 20:58:52 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_mreq(r0, 0x0, 0x32, 0x0, &(0x7f00000000c0)) [ 2226.312620][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2226.355640][T12982] 8021q: adding VLAN 0 to HW filter on device team0 [ 2226.393885][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 20:58:52 executing program 1: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x6000000, 0x100000001, 0x6000000, 0x1}, 0x1c) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r0, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) umount2(0x0, 0x0) [ 2226.403832][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2226.414815][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2226.422007][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state 20:58:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) [ 2226.490846][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2226.501191][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2226.510883][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2226.518256][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2226.527161][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2226.547508][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2226.587592][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2226.598400][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2226.639676][T12982] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2226.650258][T12982] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2226.665803][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2226.675544][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2226.685978][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2226.695978][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2226.705559][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2226.715736][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2226.725391][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2226.743086][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2226.749452][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2226.756043][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2226.762464][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2226.769246][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2226.775570][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2226.813799][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2226.824208][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2226.830474][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2226.872202][T12982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2226.943759][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2226.950049][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2227.152051][T13116] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2227.162580][T13116] CPU: 1 PID: 13116 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2227.170542][T13116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2227.180653][T13116] Call Trace: [ 2227.184041][T13116] dump_stack+0x191/0x1f0 [ 2227.188451][T13116] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2227.194428][T13116] dump_header+0x1e7/0xd00 [ 2227.198938][T13116] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2227.205267][T13116] ? ___ratelimit+0x542/0x720 [ 2227.210015][T13116] ? task_will_free_mem+0x14c/0x810 [ 2227.215304][T13116] oom_kill_process+0x210/0x560 [ 2227.220226][T13116] out_of_memory+0x1796/0x1c70 [ 2227.225066][T13116] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2227.230816][T13116] memory_max_write+0x90b/0xb60 [ 2227.235860][T13116] ? memory_max_show+0x1b0/0x1b0 [ 2227.240874][T13116] cgroup_file_write+0x41a/0x8e0 [ 2227.245904][T13116] ? cgroup_seqfile_stop+0x150/0x150 [ 2227.251273][T13116] kernfs_fop_write+0x55f/0x840 [ 2227.256735][T13116] ? kernfs_fop_read+0x9a0/0x9a0 [ 2227.261735][T13116] __vfs_write+0x1a9/0xcb0 [ 2227.266249][T13116] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2227.272381][T13116] ? __sb_start_write+0x10b/0x230 [ 2227.277466][T13116] vfs_write+0x481/0x920 [ 2227.281788][T13116] ksys_write+0x265/0x430 [ 2227.286278][T13116] __se_sys_write+0x92/0xb0 [ 2227.290848][T13116] __x64_sys_write+0x4a/0x70 [ 2227.295507][T13116] do_syscall_64+0xb6/0x160 [ 2227.300081][T13116] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2227.306027][T13116] RIP: 0033:0x459a59 [ 2227.309985][T13116] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2227.329739][T13116] RSP: 002b:00007f60774f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2227.338330][T13116] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2227.346365][T13116] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2227.354394][T13116] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2227.362433][T13116] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60774f66d4 [ 2227.370462][T13116] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2227.378883][T13116] memory: usage 5316kB, limit 0kB, failcnt 2794 [ 2227.385250][T13116] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2227.392126][T13116] Memory cgroup stats for /syz5: [ 2227.392542][T13116] anon 163840 [ 2227.392542][T13116] file 2834432 [ 2227.392542][T13116] kernel_stack 196608 [ 2227.392542][T13116] slab 1986560 [ 2227.392542][T13116] sock 0 [ 2227.392542][T13116] shmem 2834432 [ 2227.392542][T13116] file_mapped 0 [ 2227.392542][T13116] file_dirty 0 [ 2227.392542][T13116] file_writeback 0 [ 2227.392542][T13116] anon_thp 0 [ 2227.392542][T13116] inactive_anon 2838528 [ 2227.392542][T13116] active_anon 98304 [ 2227.392542][T13116] inactive_file 0 [ 2227.392542][T13116] active_file 0 [ 2227.392542][T13116] unevictable 0 [ 2227.392542][T13116] slab_reclaimable 413696 [ 2227.392542][T13116] slab_unreclaimable 1572864 [ 2227.392542][T13116] pgfault 122397 [ 2227.392542][T13116] pgmajfault 0 [ 2227.392542][T13116] workingset_refault 0 [ 2227.392542][T13116] workingset_activate 0 [ 2227.392542][T13116] workingset_nodereclaim 0 [ 2227.392542][T13116] pgrefill 0 [ 2227.392542][T13116] pgscan 0 [ 2227.392542][T13116] pgsteal 0 [ 2227.392542][T13116] pgactivate 0 [ 2227.487507][T13116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13114,uid=0 [ 2227.504293][T13116] Memory cgroup out of memory: Killed process 13114 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2227.526340][ T1833] oom_reaper: reaped process 13114 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2227.579187][T12982] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2227.589282][T12982] CPU: 1 PID: 12982 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2227.597221][T12982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2227.607323][T12982] Call Trace: [ 2227.610687][T12982] dump_stack+0x191/0x1f0 [ 2227.615179][T12982] dump_header+0x1e7/0xd00 [ 2227.619701][T12982] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2227.625920][T12982] ? ___ratelimit+0x542/0x720 [ 2227.630692][T12982] ? task_will_free_mem+0x2c9/0x810 [ 2227.635975][T12982] oom_kill_process+0x210/0x560 [ 2227.640895][T12982] out_of_memory+0x1796/0x1c70 [ 2227.645774][T12982] try_charge+0x2889/0x3d70 [ 2227.650411][T12982] mem_cgroup_try_charge+0xa29/0xe40 [ 2227.655803][T12982] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2227.661597][T12982] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2227.667568][T12982] handle_mm_fault+0x522b/0x9f70 [ 2227.672628][T12982] do_user_addr_fault+0x905/0x1510 [ 2227.677845][T12982] __do_page_fault+0x1a2/0x410 [ 2227.682681][T12982] do_page_fault+0xbb/0x500 [ 2227.687250][T12982] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2227.692954][T12982] page_fault+0x4e/0x60 [ 2227.697149][T12982] RIP: 0033:0x403522 [ 2227.701103][T12982] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2227.720763][T12982] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2227.726890][T12982] RAX: 0000000000000000 RBX: 000000000021fc02 RCX: 0000000000413660 [ 2227.734907][T12982] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2227.742929][T12982] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000017ea940 [ 2227.750952][T12982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2227.758975][T12982] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2227.768941][T12982] memory: usage 4896kB, limit 0kB, failcnt 2803 [ 2227.775339][T12982] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2227.782215][T12982] Memory cgroup stats for /syz5: [ 2227.782651][T12982] anon 163840 [ 2227.782651][T12982] file 2834432 [ 2227.782651][T12982] kernel_stack 0 [ 2227.782651][T12982] slab 1986560 [ 2227.782651][T12982] sock 0 [ 2227.782651][T12982] shmem 2834432 [ 2227.782651][T12982] file_mapped 0 [ 2227.782651][T12982] file_dirty 0 [ 2227.782651][T12982] file_writeback 0 [ 2227.782651][T12982] anon_thp 0 [ 2227.782651][T12982] inactive_anon 2838528 [ 2227.782651][T12982] active_anon 98304 [ 2227.782651][T12982] inactive_file 0 [ 2227.782651][T12982] active_file 0 [ 2227.782651][T12982] unevictable 0 [ 2227.782651][T12982] slab_reclaimable 413696 [ 2227.782651][T12982] slab_unreclaimable 1572864 [ 2227.782651][T12982] pgfault 122397 [ 2227.782651][T12982] pgmajfault 0 [ 2227.782651][T12982] workingset_refault 0 [ 2227.782651][T12982] workingset_activate 0 [ 2227.782651][T12982] workingset_nodereclaim 0 [ 2227.782651][T12982] pgrefill 0 [ 2227.782651][T12982] pgscan 0 [ 2227.782651][T12982] pgsteal 0 [ 2227.782651][T12982] pgactivate 0 [ 2227.879480][T12982] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12982,uid=0 [ 2227.895173][T12982] Memory cgroup out of memory: Killed process 12982 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2227.914218][ T1833] oom_reaper: reaped process 12982 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2229.254362][ T9353] device bridge_slave_1 left promiscuous mode [ 2229.260786][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2229.314178][ T9353] device bridge_slave_0 left promiscuous mode [ 2229.320830][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2230.123575][ T9353] device hsr_slave_0 left promiscuous mode [ 2230.192540][ T9353] device hsr_slave_1 left promiscuous mode [ 2230.254344][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2230.267812][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2230.281077][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2230.320318][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2230.397682][ T9353] bond0 (unregistering): Released all slaves 20:58:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket(0x40000000015, 0x5, 0x0) sendto$inet(r1, 0x0, 0x0, 0x4000000, 0x0, 0x0) 20:58:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:58:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:58:56 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000280)='hugetlb.2MB.limit_in_bytes\x00\nZ\xb4$\x81\xdd\xc3q\xd3\xa17CH-\xe2\xa1H\x9d\xdb\xafY\xbfx07\\;u\xc0\xfa\v\xc1\xad\x8d\x92_\xd0\xa5\x0f\x01;\xfb\x9b\x94\x94:\xb72F\xe7\xcd\xa3\x1c\xce\x9b=\x1b\x81W\xa7\xe98\x1eF]OqUDt\x92\xd4z+\xdcl\x12\x14\xc6\x12?\xc3\x1fR\xe6\xb1\x85n\xf0\x90v\x0f+><\xe6_\x95\x80\xe4\xc2\x0fX\xd8 \xe3Z\x91\xbd.\xc5\x8bn(\x93\x9b$\xd6\x03\x94\x04\x9c\xd7\x1e\xc5\x9d\x90\xc8\xe6c\x18\x00\x00\x00\x00\x00\x00\x00S\x01\xdaUK\xc5\x95\xdd\x89a\xe6\xc3J\xc4\xfd\x9c}_\t\x019\xc3\xf5\xfea\xb3\xa9+\xc7\x1a\x00\\\xd69\v\b-CD\xe5\xb6\xaaW\xaf\xf4\x86\x95\x11\x9d,\x04P=\x00Px\x98F\xe3\xeb\xe5\x92\xcd\x0e4\xbca\xe1\xc7>', 0x2, 0x0) ftruncate(r1, 0x0) 20:58:57 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x3c, 0x0, 0x439, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'caif0\x00'}]}]}, 0x3c}}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240), 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0xe4be57b1f0241fdc}, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400440, 0x0) dup3(0xffffffffffffffff, r2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000240), 0x5c3, 0x0) r4 = dup(r3) renameat2(r2, 0x0, r4, &(0x7f0000000140)='./file0\x00', 0x0) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)) r10 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r10, r9, 0x0) pipe2(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 20:58:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) [ 2232.469285][T13134] IPVS: ftp: loaded support on port[0] = 21 [ 2232.560587][T13134] chnl_net:caif_netlink_parms(): no params data found [ 2232.600517][T13134] bridge0: port 1(bridge_slave_0) entered blocking state [ 2232.607796][T13134] bridge0: port 1(bridge_slave_0) entered disabled state [ 2232.616991][T13134] device bridge_slave_0 entered promiscuous mode [ 2232.625873][T13134] bridge0: port 2(bridge_slave_1) entered blocking state [ 2232.633556][T13134] bridge0: port 2(bridge_slave_1) entered disabled state [ 2232.642635][T13134] device bridge_slave_1 entered promiscuous mode [ 2232.673854][T13134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2232.686868][T13134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2232.713597][T13134] team0: Port device team_slave_0 added [ 2232.722677][T13134] team0: Port device team_slave_1 added [ 2232.787061][T13134] device hsr_slave_0 entered promiscuous mode [ 2232.833509][T13134] device hsr_slave_1 entered promiscuous mode [ 2232.872456][T13134] debugfs: Directory 'hsr0' with parent '/' already present! [ 2232.896651][T13134] bridge0: port 2(bridge_slave_1) entered blocking state [ 2232.903847][T13134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2232.912520][T13134] bridge0: port 1(bridge_slave_0) entered blocking state [ 2232.919794][T13134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2232.983994][T13134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2233.004061][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2233.014987][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 2233.024937][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 2233.036908][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2233.056099][T13134] 8021q: adding VLAN 0 to HW filter on device team0 [ 2233.071456][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2233.080774][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2233.088062][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2233.105622][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2233.115326][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2233.122591][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2233.151867][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2233.163869][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2233.188174][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2233.198018][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2233.215076][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2233.227793][T13134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2233.257210][T13134] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2233.386171][T13141] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2233.396766][T13141] CPU: 0 PID: 13141 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2233.404822][T13141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.414917][T13141] Call Trace: [ 2233.418231][T13141] dump_stack+0x191/0x1f0 [ 2233.422632][T13141] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2233.428547][T13141] dump_header+0x1e7/0xd00 [ 2233.433142][T13141] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2233.439320][T13141] ? ___ratelimit+0x542/0x720 [ 2233.444007][T13141] ? task_will_free_mem+0x14c/0x810 [ 2233.449256][T13141] oom_kill_process+0x210/0x560 [ 2233.454214][T13141] out_of_memory+0x1796/0x1c70 [ 2233.459012][T13141] memory_max_write+0x90b/0xb60 [ 2233.463934][T13141] ? memory_max_show+0x1b0/0x1b0 [ 2233.468909][T13141] cgroup_file_write+0x41a/0x8e0 [ 2233.473871][T13141] ? cgroup_seqfile_stop+0x150/0x150 [ 2233.479175][T13141] kernfs_fop_write+0x55f/0x840 [ 2233.484060][T13141] ? kernfs_fop_read+0x9a0/0x9a0 [ 2233.489033][T13141] __vfs_write+0x1a9/0xcb0 [ 2233.493583][T13141] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2233.499690][T13141] ? __sb_start_write+0x10b/0x230 [ 2233.504723][T13141] vfs_write+0x481/0x920 [ 2233.508995][T13141] ksys_write+0x265/0x430 [ 2233.513344][T13141] __se_sys_write+0x92/0xb0 [ 2233.518536][T13141] __x64_sys_write+0x4a/0x70 [ 2233.523191][T13141] do_syscall_64+0xb6/0x160 [ 2233.528519][T13141] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2233.534413][T13141] RIP: 0033:0x459a59 [ 2233.538322][T13141] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2233.558266][T13141] RSP: 002b:00007f2302f85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2233.566836][T13141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2233.574859][T13141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2233.582873][T13141] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2233.590880][T13141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2302f866d4 [ 2233.598862][T13141] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2233.607015][T13141] memory: usage 5612kB, limit 0kB, failcnt 2812 [ 2233.613408][T13141] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2233.620310][T13141] Memory cgroup stats for /syz5: [ 2233.620508][T13141] anon 163840 [ 2233.620508][T13141] file 3190784 [ 2233.620508][T13141] kernel_stack 196608 [ 2233.620508][T13141] slab 1986560 [ 2233.620508][T13141] sock 0 [ 2233.620508][T13141] shmem 3190784 [ 2233.620508][T13141] file_mapped 0 [ 2233.620508][T13141] file_dirty 0 [ 2233.620508][T13141] file_writeback 0 [ 2233.620508][T13141] anon_thp 0 [ 2233.620508][T13141] inactive_anon 3108864 [ 2233.620508][T13141] active_anon 98304 [ 2233.620508][T13141] inactive_file 0 [ 2233.620508][T13141] active_file 0 [ 2233.620508][T13141] unevictable 0 [ 2233.620508][T13141] slab_reclaimable 413696 [ 2233.620508][T13141] slab_unreclaimable 1572864 [ 2233.620508][T13141] pgfault 122958 [ 2233.620508][T13141] pgmajfault 0 [ 2233.620508][T13141] workingset_refault 0 [ 2233.620508][T13141] workingset_activate 0 [ 2233.620508][T13141] workingset_nodereclaim 0 [ 2233.620508][T13141] pgrefill 0 [ 2233.620508][T13141] pgscan 0 [ 2233.620508][T13141] pgsteal 0 [ 2233.620508][T13141] pgactivate 0 [ 2233.716224][T13141] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13139,uid=0 [ 2233.732389][T13141] Memory cgroup out of memory: Killed process 13139 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2233.755540][ T1833] oom_reaper: reaped process 13139 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2233.795638][T13134] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2233.805646][T13134] CPU: 0 PID: 13134 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2233.813551][T13134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.823621][T13134] Call Trace: [ 2233.826935][T13134] dump_stack+0x191/0x1f0 [ 2233.831374][T13134] dump_header+0x1e7/0xd00 [ 2233.835810][T13134] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2233.841981][T13134] ? ___ratelimit+0x542/0x720 [ 2233.846667][T13134] ? task_will_free_mem+0x2c9/0x810 [ 2233.851882][T13134] oom_kill_process+0x210/0x560 [ 2233.856753][T13134] out_of_memory+0x1796/0x1c70 [ 2233.861793][T13134] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2233.867456][T13134] try_charge+0x2889/0x3d70 [ 2233.871977][T13134] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2233.878196][T13134] mem_cgroup_try_charge+0xa29/0xe40 [ 2233.883528][T13134] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2233.889280][T13134] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2233.895290][T13134] handle_mm_fault+0x522b/0x9f70 [ 2233.900279][T13134] do_user_addr_fault+0x905/0x1510 [ 2233.905550][T13134] __do_page_fault+0x1a2/0x410 [ 2233.910367][T13134] do_page_fault+0xbb/0x500 [ 2233.914930][T13134] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2233.920317][T13134] page_fault+0x4e/0x60 [ 2233.924474][T13134] RIP: 0033:0x403522 [ 2233.928533][T13134] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2233.948608][T13134] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2233.954709][T13134] RAX: 0000000000000000 RBX: 0000000000221469 RCX: 0000000000413660 [ 2233.962723][T13134] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2233.971103][T13134] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001ad5940 [ 2233.979169][T13134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2233.987148][T13134] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2233.995259][T13134] memory: usage 5192kB, limit 0kB, failcnt 2821 [ 2234.001552][T13134] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2234.008509][T13134] Memory cgroup stats for /syz5: [ 2234.008804][T13134] anon 24576 [ 2234.008804][T13134] file 3190784 [ 2234.008804][T13134] kernel_stack 0 [ 2234.008804][T13134] slab 1986560 [ 2234.008804][T13134] sock 0 [ 2234.008804][T13134] shmem 3190784 [ 2234.008804][T13134] file_mapped 0 [ 2234.008804][T13134] file_dirty 0 [ 2234.008804][T13134] file_writeback 0 [ 2234.008804][T13134] anon_thp 0 [ 2234.008804][T13134] inactive_anon 3108864 [ 2234.008804][T13134] active_anon 98304 [ 2234.008804][T13134] inactive_file 0 [ 2234.008804][T13134] active_file 0 [ 2234.008804][T13134] unevictable 0 [ 2234.008804][T13134] slab_reclaimable 413696 [ 2234.008804][T13134] slab_unreclaimable 1572864 [ 2234.008804][T13134] pgfault 122958 [ 2234.008804][T13134] pgmajfault 0 [ 2234.008804][T13134] workingset_refault 0 [ 2234.008804][T13134] workingset_activate 0 [ 2234.008804][T13134] workingset_nodereclaim 0 [ 2234.008804][T13134] pgrefill 0 [ 2234.008804][T13134] pgscan 0 [ 2234.008804][T13134] pgsteal 0 [ 2234.008804][T13134] pgactivate 0 [ 2234.103325][T13134] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13134,uid=0 [ 2234.118960][T13134] Memory cgroup out of memory: Killed process 13134 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2234.137834][ T1833] oom_reaper: reaped process 13134 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2235.144133][ T893] device bridge_slave_1 left promiscuous mode [ 2235.151012][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2235.195727][ T893] device bridge_slave_0 left promiscuous mode [ 2235.202583][ T893] bridge0: port 1(bridge_slave_0) entered disabled state 20:59:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0xfffffffffffff001, 0x0, 0x3, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioprio_set$pid(0x2, r0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) dup(r1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)={[], 0x0, 0x1, 0xe6}) clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d6", 0x1fe) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0x0) ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f0000000080)) mknod$loop(0x0, 0x2000, 0x1) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r5 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r5, 0x0, 0x0) sendfile(r5, r6, 0x0, 0x7fffffa7) r7 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r7, r5, 0x0, 0x0) openat$cgroup_ro(r5, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r9) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) getpid() remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 20:59:01 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r0, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac623ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a92825a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x104eb, 0x11, 0x0, 0x27) 20:59:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff0000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:59:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2236.366959][ T893] device hsr_slave_0 left promiscuous mode [ 2236.404768][ T893] device hsr_slave_1 left promiscuous mode [ 2236.460584][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2236.479990][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2236.498292][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2236.564310][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2236.670196][ T893] bond0 (unregistering): Released all slaves 20:59:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff0000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:59:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x10002, 0x0) write$binfmt_elf64(r3, &(0x7f00000018c0)=ANY=[@ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRESOCT], @ANYRESDEC, @ANYRES16, @ANYRES64, @ANYPTR=&(0x7f00000017c0)=ANY=[@ANYRES64, @ANYPTR64=&(0x7f0000001740)=ANY=[@ANYRES16, @ANYPTR64, @ANYPTR, @ANYRESHEX=0x0, @ANYRESOCT, @ANYRESOCT], @ANYPTR=&(0x7f00000014c0)=ANY=[], @ANYRESOCT, @ANYBLOB="2455b2c43681eaf7f2f318801a76a5999309201d7c61d0f7329a8ac52b7b2afac387987bfff1e82bf46d1e581e740688f58a327f602b903c04fb05eff46cff2626decf41578f399562846bf94344b546af8e1e4effd882ccd20843aae288f35e7f8e85e21c4d35d98c6fce61eafb7e307e79bc5d01f2a85c0706e457046087c08b5baa31dc707f10cb4162624edf5c033bdb210ed197a862a2e7e576616135"], @ANYPTR=&(0x7f00000015c0)=ANY=[@ANYRESDEC=0x0, @ANYPTR=&(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESDEC, @ANYBLOB="1791a41fed4e59b1b5f52798c37cd3b5e4f889f86872abc5b74ab101fa18e79af96bb2a3c06c0edb9e78667000e73d0b63a7b39ab4fe7397f30d099f40ed2856d7435cf1408750243d792b3d94f98dceb9a7ba1c924c914782ceaafeb78bcc102e2c97a09da1e6b698fcbcf451c133eb0c7281dbf2ab148b406bd86a273df0a26e8f563a0ed69ef288ae1c9f72ffc1483a41d210fb166f857e614d5391564c98540ab98897725b35a2b0641598d4d8b2b2ddf1dd1d8f15c84374ea398931ebe301c4129467c4e8af8e93ca06a05b06c43067e51093a7b11def96d2a3c3cf0440c79cde161af0bbd26d9d060318da547ed2b369b89360bb8e632a480e07f85a0b4f59cfd1cb14cc61752cfdcb5129802c41ced00bb6645e237a22ece9fe15e120ed57d1dd93a0282fed7eea0ab069dccb697f422bfb34423f27692366263d2ab30d8f6086c4afd45ecc90c9638ee4a85503826f989947cad05dac34c329cca08004e65220db1626725c34aa3b39357c7130779804a9a983183feafd657873108805b83d434176557f1e62e3d4ce30852cdc276df2a5deb3c169415ae32f2245e6ab943b51e09e55657f65c79a82df1af3c5a4417f6380422b8e239c87e4afcc31028a90f6c72209f1457f1b093e91321de8c4a661bcc5d24e8c17bb555ee6e2f0bd38852bb717bc8610821a300cb08b411a5ad44dca921afe6a4ec300ba0ef1b00797785bdfe3a580fcf1b869186f8a702b09615703825e63b2d3c4a1d7cec4f77b6162c13fe1892299175a4ff98c74561829dd027182f57749ceb95b9a31389120ddb0c749bf3d77956a9e5ed9920eecd5fdf0d5a0de2f2e5fbeb4ff832dc4c0e7a7a15de6f2f87fc58544f740fd8284798edebb9287dbddbc0d36a55421d076dde31a5970b7852291a65bfe4cb67f732fb953f242b50e488c280124c2f6865d703818ad7af502f13b947eefddbdf1ff8d65b0cd9e72e5d7332a647f264ff048205c45df214a37da284b18ed48179ad9a3846582a2dcae4a5d1eea42462f34a1ad3ffeb4385ab75bfca9b72d551f2e1c3190498042279d3be75dd5ac865949df4cd4e26bbf25c8bcaecf645bd492c0a38ef97495eaf4abe9f4e62b429b04528c343d9dc91bec32ecf77cda64fcde92f45e6071f668f1ff79b96bbb1e1ffecd3cf3f63ff8f22c5563154fd2d136efaf0b458a964328054ea1a2dd78a656349e5d46a5cfbbea6c3fa45a5d8906280359068eb7b358c1451572a2b16e430d211e6fdc4a6c725cbbb6c85ca717e60e30ec39f61f0e168db3f7ac8bb40c813b77698c038f3f17a21613dad9558b90086a4b8adfe0d1b1f444c5609d6f58a8bb7d3df5e5df858be3c4e5410cde659db4a3c021c0b960ee88a46377c525b0916158a09f92e1c8a7f9f75bccad40f3b873cb5c10c91a32a393ec1b219c568de6509a06d9b06de12a1f978c1ca0aff7588ba04c0e848d5446ec015057e04a57490ba1c4c32e1ef03cb8f4e6f1680fef69d3ce213a50da9f598eed3abe04b2d2394adecf502de38c290e257710fbd39cc7cfaa3fe896c843098b0c2bc0b1d8508cdf279fb6a2bde57527ce854a925a479115e0a4c967a7fcd33e48cff2781ffe61d5ecfad567f179f23a4b67af8afd0167d082783698b94cddf55132ff961503b21747c20c16a7e758d5cb2a8c172913e6144a643f89f365dff6d14573998e540ebecd2a3331813db8a4edc48ae5e26798a53e02b684c49b1812bfa2a14f4283b9be851a9e04db12d1a60ec6f41d2123fd47e0cccf59e5d40a5c0740e7f4ae65b5aef928cc49e2c8ac9996dd57b51b466aa4419a933f613a809c046fc047042e1ea77ce96d6bc96c759024dc78a3f9389f60a57b684894a19218663f430f52523698076fce794e8fd8b346493768bbdf275979fb00e17664ce50ab605f6dd17f2221188a8bbd7934032e53c9d9901634251ea0cb2eb01753d06ad3b77a31be9ce295676dd807047018bf7034c66f5283fa4068e15835d9e7e1e339c5201b461b20659ebe6c2cd8b13e0a4bb4484f69e739a1c6520797aceb0f5d236ccd6a90cf691ab2a8aae459af4f4c36759fd022947d1117d3b9ebe5d9fffdba60663c542575bac4adde01f037f7d3c987fe49662991eaabbf10bd12f19f859eba52a82aa25f74b06ccf5f98fd762070e2193d803f6d20fa8408ad1a94bdf15ef67ac60ec301e7e1378073c5ec1e4481457b9eaca2e3c1689da926cbb8f51af39ba19d538a99f800450d49103b9a897433ec84030bc502f51839e9acf223c4cf67e58ef5a22fc25f52ac6dc2a08366ddc8000e65290bc36d270e1911bf20057faba924e75f40c6e364f94ca0530cc551c41f8a212770b0b7a2bdb2a65dff06fa2f3978418cced90fb80e3cc203f5075b49c0f4b70eeacaa586553470e23c4b350b66219ff5c760417df5c57c2212dde26eff27b222e44abe7c0f51e12cee971c28edbecf846a6a0cec3baa64d8134b6569eb633dbcf5f832fa45974ece2c4806c91e144c1940d8adb8d6b8a46ac66bb02bd27bbb10b7a9d8f0f6c3c578f34765e47ba8928ffd3b4a2db589ebd238aab5e9dc5d2ea7693fe998bb440eddffdde62394be22666168db06a184389d5f03e1e8b8c2c151d179c4d09ef21e1a97a2ca5b289be9b8b9bf2bc2611bb1588bb9a1261d00d45f46715df3910da8433d87d59d0f053c83d187acdb92d885865044e1f84ea35c87c0e6424bad8dee326c720595d472dc58c07720861c0c417e11454f3197f45869e547d50f9985a09154a167bab79174da2f03543143ce69731190140f9c7d56c514682c6f2d0d194c8de5945ca0bdc495b74cb7968313c2faeb5fcce2974042cac4d24c6422159246bb4c108585317e5e2293b69e271e498cd977fd4f1887fb86bb072bb54f83a3b4c7ead87d96624a252a6a5183d4507315c429bd05b59e3d10a1150e04199b62ebcff20b1c263082a4612dedc799ac7b05b1c865e56dfbe7b3510d28ecc4b475d822fdbe3390e36520c682e6943037ef943b0884e499a9da57d8b443336f7bb06e49eab01ced2bc4d64628a8dd6657fac787bfcd513cbca81f44392455015e907ba143e08395a22df580c12b4f95bdc988bce0a5f21ad77da25ab5905a6fc8fe6442e1ac35bf8d97882c459a817d5c2524f7316a68c81cbb7f9d9d2a634a548e8a79903cbe3384dc968bf7cd25bcce612511dfaab4e6c2e534466fee75482971c100e58e065bd9cc11a3d38b5aa1e519884d1796d1793d3f6929e71a0cd3970086d70f836370b87dc2e7fd84207acba6b692aa59d7a448842f70e8e660d4b67c61ade051aac48422a77aad014aae7d737536345cf67f64ec789c9328335fe77ba84eb89284f9b915288cfec5fea4681f3c43d22990ae4cf31dc99f72dd57f5afe3dba1ecff8c2c38d89323e2f9bc5a4ee819ffd38c791cd22e1630c064217534f9a56ee361105e2309882040c6da3afbf07f822b984657f4ff6f4491ca42b3d8612a863cce8d048f37628578f1752120891ee408c93694ecddfa89382c8f269f63abcdcf7a6e059f8c074978bc3bd0dbdecf5b888b61900c9d7cce427ab3aa01cd9717757e27c31aa6ac66f50a818aa88306501726fab443b15979e324df41766d2ab4d14e62ee176f6c7df95edb3c0b1116ec1e20e0c77d912a136cb22e9318349b2707f99568dd3c7b287f697496b167c07ac3e9eb074ee779c712245f41c32ec247bae228fec20f0c53324f51a87454204b07ab0bf440d02fb7b31482471de7271b4fbff2f9721e871b22472dca0b740c99a7a19dc93cdaeda127fb941e461edb251bf9bdfcc0335c03f75a109d7ae6c20a53505df7117416b00c047a50121eee3db5bc7bac77ba8155d8c20132471469ae6ad577685b68eca6b8e76d258f6a73ce00f5f4fa6a3306a2669e8389ed2723781f0b361624e4c62c9f7a1acc4c7c22afdf1e2d8f858c5ea81ed8387c33bdad3d098f55a466745c3cc065d37fefeb64b285d6b4923d70f6f3fa618105656d9f941d9a6a1e6eb40c96e144b26ac684a153aa52a4bd5e0988f73829818fb82a1345dbedbb7b9c24ab6a9dc893e658b14d4f801fc3b718f2bb0421b30979c911465918341f6867ebd7276006e7512f4c63a3af786488b727cdb4d82ee028feaf9180f3f4087729e2066e7cf6fea92cb8545e446c25c070b788efecd67907947c53381c9b5daa755dc7843657428b46c89e548e4c0a721f9e73dcaeb16d998c56f117ce64096fca4159f43230b7b01523b655aef702af40ee8bcea07542bb0ea96a475b7a12c7298064c7068814b882929506da2f695a20ac0406f37ab416bccbfe4e472675218ef4d1f072608b11dd5d44ea0b9693e5dcc8fad42e3686f4090ed06c7cbb6ba17037f92f2089872169113b6e0f8b9f0aaa75fe85531c158e4895e02ade0ce2b15bdad8cb71ecd3825c504188c402b1d622498aa1751f523c695f0264767bd30669716b9e2901f57fe6f4c618a77b2236d7d469d0853b42f263453981c4903fe11ae13b3a6606c1f95c99d7987a895de6b3a40b86d8f08daf11ec3218482f7374a8ea7e9a134c183d3656c30d1a449920b982b0fad488ffb7e06614a6009a414a434e5626f131f98a81b37241d7c15d7b8d525d7b3b60fac22522bc5ef64cc03e8a2d90b3ca349388d9eacf86411977d3fb85845b2117268e9f459de95638277bcf365c110a6dcac635aa09b40bc3d3eddc0f4aa9b27492d325460cafc083ffef4dc86fb3bc9b5c165e7ddcd16271b6d5d476d960cea41275488c8a5b7945a2c4ee71a29eff6ee8610b6b44bf480b9b683db983f6a3aa6806400a8e4a1819a7174a7e854b06489f4228ce11873b2a0d117660656600aa075bed8589e3b2129990ebe36b4a1438a509770599e3d4694e9deba2d97463e7967a2470dfb3863505fa0a5f0fa94e6bd6e6615f3cb2370be68b6663efa04e1dc5344e7db0dc4239ac010b91a91100bbda2e04430ac31e6423f87210032f55d259f73a12346635df38865e94c0d9723909277b798101ca1c0c31f5121d7d8a433c28052c23eb219fc4ec30c20abab264a36c573d9a2b3661aa461942130bc27707571d26c2d71814329d2f35037dda6a25a8f7dc9bbba7c23340ded9970f28fe576bc0c9c4384b7538df56383de0e9e25d9507de92658ae2a0c270f3779518b384a52c09b98ce6be2d295d0eaaf5562fbb456484f599e1acfe84e04552b3828c3ca950f83b8e43a6cb7d48708f86f087cc706c29f3986f521c4406ea68be6629c6ee9e582f77f0b61aa978c36e4b60376af2ca65f9a3b6370b2743950084c8a1a8404563c3b22d0b124ffdd20218a2439dacd614955757657083d675612f4c43ae3d743dc4ce545e463ddaae4b6a3616cbb69011abaef092c5ec2b6a1a98ca00e91b13ad92c9303d90b41c74ad30c9a280737ec93a3d2fbbbf7e6ee1bddf42b21b83d26ce49ac677abed957069043cbb02880b8f6799997690c0ef8cb13fddd52d4acab43a92076800bd6e6f8d6144bc8731558f4f0652c2483365da945ff80f71fcdaa5c8e99db25d6ff9cd058203e37ab95035bec450b9ac0939a7b85c69e903e18c7134b51ce19b4c4c4ff90e4fdfa39b262dc99dfff97ca0f422d15d2a02fc14fdf6846cde11170bb5a888682c4f8bd159e31878838b1f5762fbb912f5c83eaafd58b011bd5d4f56a5c8e007cc68e3d00e57eaffdc3b1d89af623802c3a99e8b315ff84869f1f55c6741bf7667f24c26420e219937a2fc31e0b322ae52cc90"], @ANYRESHEX, @ANYRES32, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYRESOCT, @ANYRESHEX, @ANYRES32=0x0], @ANYRES64, @ANYBLOB="bd76d6f66d59d0dafeb73e011276426405d51c3f6418edb7d454565f29a553cf7f4d5dcfb9bb60957abfff3559d4133a053e1fb024637e631f9775332705dbe7ce05aa2e895ede89b98f8d2fcf841d92134b490c7fef370373f7f38d85726293bc3cf16faffc0a70820d9f14e74c54adbae108a4fa223d7169cfd32da45855ead96000d7efbd476df85d9b59ce7b8e266ed34d0038510d"], @ANYRESOCT, @ANYRESDEC, @ANYPTR=&(0x7f0000001340)=ANY=[], @ANYRES16=0x0], 0x101b9) 20:59:03 executing program 0: 20:59:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff0000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:59:03 executing program 1: 20:59:03 executing program 1: [ 2237.938518][T13169] IPVS: ftp: loaded support on port[0] = 21 [ 2238.103430][T13169] chnl_net:caif_netlink_parms(): no params data found 20:59:04 executing program 2: 20:59:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) [ 2238.156292][T13169] bridge0: port 1(bridge_slave_0) entered blocking state [ 2238.163604][T13169] bridge0: port 1(bridge_slave_0) entered disabled state [ 2238.173758][T13169] device bridge_slave_0 entered promiscuous mode [ 2238.185848][T13169] bridge0: port 2(bridge_slave_1) entered blocking state [ 2238.193591][T13169] bridge0: port 2(bridge_slave_1) entered disabled state [ 2238.203522][T13169] device bridge_slave_1 entered promiscuous mode [ 2238.278213][T13169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2238.293825][T13169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2238.334226][T13169] team0: Port device team_slave_0 added [ 2238.345134][T13169] team0: Port device team_slave_1 added [ 2238.415957][T13169] device hsr_slave_0 entered promiscuous mode [ 2238.453376][T13169] device hsr_slave_1 entered promiscuous mode [ 2238.492554][T13169] debugfs: Directory 'hsr0' with parent '/' already present! [ 2238.514911][T13169] bridge0: port 2(bridge_slave_1) entered blocking state [ 2238.522040][T13169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2238.529858][T13169] bridge0: port 1(bridge_slave_0) entered blocking state [ 2238.537080][T13169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2238.593364][T13169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2238.610336][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2238.621192][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2238.630031][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2238.646395][T13169] 8021q: adding VLAN 0 to HW filter on device team0 [ 2238.660210][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2238.669322][ T5036] bridge0: port 1(bridge_slave_0) entered blocking state [ 2238.676471][ T5036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2238.705792][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2238.715283][ T5036] bridge0: port 2(bridge_slave_1) entered blocking state [ 2238.722656][ T5036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2238.732230][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2238.743854][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2238.760022][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2238.786553][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2238.796074][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2238.807683][T13169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2238.838505][T13169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2238.985561][T13182] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2238.996259][T13182] CPU: 0 PID: 13182 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2239.004291][T13182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.014388][T13182] Call Trace: [ 2239.017710][T13182] dump_stack+0x191/0x1f0 [ 2239.022060][T13182] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2239.027997][T13182] dump_header+0x1e7/0xd00 [ 2239.032473][T13182] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2239.038750][T13182] ? ___ratelimit+0x542/0x720 [ 2239.043491][T13182] ? task_will_free_mem+0x14c/0x810 [ 2239.048769][T13182] oom_kill_process+0x210/0x560 [ 2239.053782][T13182] out_of_memory+0x1796/0x1c70 [ 2239.058582][T13182] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2239.064503][T13182] memory_max_write+0x90b/0xb60 [ 2239.069443][T13182] ? memory_max_show+0x1b0/0x1b0 [ 2239.074502][T13182] cgroup_file_write+0x41a/0x8e0 [ 2239.079744][T13182] ? cgroup_seqfile_stop+0x150/0x150 [ 2239.085072][T13182] kernfs_fop_write+0x55f/0x840 [ 2239.089972][T13182] ? kernfs_fop_read+0x9a0/0x9a0 [ 2239.094937][T13182] __vfs_write+0x1a9/0xcb0 [ 2239.099387][T13182] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2239.105822][T13182] ? __sb_start_write+0x10b/0x230 [ 2239.110859][T13182] vfs_write+0x481/0x920 [ 2239.115125][T13182] ksys_write+0x265/0x430 [ 2239.119472][T13182] __se_sys_write+0x92/0xb0 [ 2239.126870][T13182] __x64_sys_write+0x4a/0x70 [ 2239.131490][T13182] do_syscall_64+0xb6/0x160 [ 2239.136043][T13182] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2239.141959][T13182] RIP: 0033:0x459a59 [ 2239.145885][T13182] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2239.165548][T13182] RSP: 002b:00007fbc51942c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2239.173992][T13182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2239.181987][T13182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2239.189988][T13182] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2239.197986][T13182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc519436d4 [ 2239.205988][T13182] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2239.215681][T13182] memory: usage 5524kB, limit 0kB, failcnt 2830 [ 2239.222653][T13182] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2239.229520][T13182] Memory cgroup stats for /syz5: [ 2239.229761][T13182] anon 159744 [ 2239.229761][T13182] file 3072000 [ 2239.229761][T13182] kernel_stack 196608 [ 2239.229761][T13182] slab 1986560 [ 2239.229761][T13182] sock 0 [ 2239.229761][T13182] shmem 3072000 [ 2239.229761][T13182] file_mapped 0 [ 2239.229761][T13182] file_dirty 0 [ 2239.229761][T13182] file_writeback 0 [ 2239.229761][T13182] anon_thp 0 [ 2239.229761][T13182] inactive_anon 3108864 [ 2239.229761][T13182] active_anon 98304 [ 2239.229761][T13182] inactive_file 0 [ 2239.229761][T13182] active_file 0 [ 2239.229761][T13182] unevictable 0 [ 2239.229761][T13182] slab_reclaimable 413696 [ 2239.229761][T13182] slab_unreclaimable 1572864 [ 2239.229761][T13182] pgfault 123519 [ 2239.229761][T13182] pgmajfault 0 [ 2239.229761][T13182] workingset_refault 0 [ 2239.229761][T13182] workingset_activate 0 [ 2239.229761][T13182] workingset_nodereclaim 0 [ 2239.229761][T13182] pgrefill 0 [ 2239.229761][T13182] pgscan 0 [ 2239.229761][T13182] pgsteal 0 [ 2239.229761][T13182] pgactivate 0 [ 2239.324900][T13182] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13180,uid=0 [ 2239.340592][T13182] Memory cgroup out of memory: Killed process 13180 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2239.361945][ T1833] oom_reaper: reaped process 13180 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2239.396604][T13169] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2239.406712][T13169] CPU: 0 PID: 13169 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2239.414639][T13169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.424700][T13169] Call Trace: [ 2239.428027][T13169] dump_stack+0x191/0x1f0 [ 2239.432388][T13169] dump_header+0x1e7/0xd00 [ 2239.436824][T13169] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2239.443033][T13169] ? ___ratelimit+0x542/0x720 [ 2239.447860][T13169] ? task_will_free_mem+0x2c9/0x810 [ 2239.453121][T13169] oom_kill_process+0x210/0x560 [ 2239.458021][T13169] out_of_memory+0x1796/0x1c70 [ 2239.462835][T13169] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2239.468684][T13169] try_charge+0x2889/0x3d70 [ 2239.473210][T13169] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2239.479419][T13169] mem_cgroup_try_charge+0xa29/0xe40 [ 2239.484822][T13169] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2239.490557][T13169] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2239.496465][T13169] handle_mm_fault+0x522b/0x9f70 [ 2239.501440][T13169] do_user_addr_fault+0x905/0x1510 [ 2239.506585][T13169] __do_page_fault+0x1a2/0x410 [ 2239.511368][T13169] do_page_fault+0xbb/0x500 [ 2239.515900][T13169] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2239.521284][T13169] page_fault+0x4e/0x60 [ 2239.525531][T13169] RIP: 0033:0x403522 [ 2239.529549][T13169] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2239.549606][T13169] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2239.555686][T13169] RAX: 0000000000000000 RBX: 0000000000222a48 RCX: 0000000000413660 [ 2239.563676][T13169] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2239.571668][T13169] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000152e940 [ 2239.579666][T13169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2239.587670][T13169] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2239.596474][T13169] memory: usage 5120kB, limit 0kB, failcnt 2845 [ 2239.602849][T13169] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2239.609713][T13169] Memory cgroup stats for /syz5: [ 2239.609885][T13169] anon 159744 [ 2239.609885][T13169] file 3072000 [ 2239.609885][T13169] kernel_stack 0 [ 2239.609885][T13169] slab 1986560 [ 2239.609885][T13169] sock 0 [ 2239.609885][T13169] shmem 3072000 [ 2239.609885][T13169] file_mapped 0 [ 2239.609885][T13169] file_dirty 0 [ 2239.609885][T13169] file_writeback 0 [ 2239.609885][T13169] anon_thp 0 [ 2239.609885][T13169] inactive_anon 3108864 [ 2239.609885][T13169] active_anon 98304 [ 2239.609885][T13169] inactive_file 0 [ 2239.609885][T13169] active_file 0 [ 2239.609885][T13169] unevictable 0 [ 2239.609885][T13169] slab_reclaimable 413696 [ 2239.609885][T13169] slab_unreclaimable 1572864 [ 2239.609885][T13169] pgfault 123552 [ 2239.609885][T13169] pgmajfault 0 [ 2239.609885][T13169] workingset_refault 0 [ 2239.609885][T13169] workingset_activate 0 [ 2239.609885][T13169] workingset_nodereclaim 0 [ 2239.609885][T13169] pgrefill 0 [ 2239.609885][T13169] pgscan 0 [ 2239.609885][T13169] pgsteal 0 [ 2239.609885][T13169] pgactivate 0 [ 2239.705789][T13169] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13169,uid=0 [ 2239.721623][T13169] Memory cgroup out of memory: Killed process 13169 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2239.740347][ T1833] oom_reaper: reaped process 13169 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2240.764576][ T9367] device bridge_slave_1 left promiscuous mode [ 2240.771169][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2240.824968][ T9367] device bridge_slave_0 left promiscuous mode [ 2240.831419][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2241.563718][ T9367] device hsr_slave_0 left promiscuous mode [ 2241.602724][ T9367] device hsr_slave_1 left promiscuous mode [ 2241.653670][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2241.667290][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2241.680132][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2241.728454][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2241.815184][ T9367] bond0 (unregistering): Released all slaves 20:59:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x64, 0x0, &(0x7f0000000280)=[@acquire, @request_death, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 20:59:11 executing program 1: 20:59:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:59:11 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:59:11 executing program 0: 20:59:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = getpid() ioprio_set$pid(0x0, r0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)={[], 0x7fff, 0x0, 0xe6}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000600), 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mknod$loop(0x0, 0x0, 0x1) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', 0x0, 0x0, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r3, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x10000000002) 20:59:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x6, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlc\x00'}, {@empty}}, 0x44) 20:59:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002c00)=ANY=[@ANYBLOB="24000000240007feffffff000000e4ff000000", @ANYRES32=r4, @ANYBLOB="0000fffff1ffffff00000000"], 0x3}}, 0x0) 20:59:11 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="5800000000000000140100000700000080000000f7ffffff", @ANYPTR=&(0x7f0000000040)=ANY=[], @ANYPTR, @ANYBLOB="06000000000000000101000000000000090000000000000000000300000000025400000014000000ff00000000000000"], 0x58}, 0x0) 20:59:11 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="5800000000000000140100000700000080000000f7ffffff", @ANYPTR=&(0x7f0000000040)=ANY=[], @ANYPTR, @ANYBLOB="06000000000000000101000000000000090000000000000000000300000000025400000014000000ff00000000000000"], 0x58}, 0x0) [ 2245.524639][T13200] atomic_op 000000004ad267e6 conn xmit_atomic 00000000ac00f47f 20:59:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x17, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2, 0x1c}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 2245.675785][T13209] atomic_op 00000000c074469e conn xmit_atomic 00000000ac00f47f 20:59:11 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000012c0)='syz_tun\x00', 0x10) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs, 0x62) [ 2247.221556][T13220] IPVS: ftp: loaded support on port[0] = 21 [ 2247.329832][T13220] chnl_net:caif_netlink_parms(): no params data found [ 2247.369764][T13220] bridge0: port 1(bridge_slave_0) entered blocking state [ 2247.377200][T13220] bridge0: port 1(bridge_slave_0) entered disabled state [ 2247.386995][T13220] device bridge_slave_0 entered promiscuous mode [ 2247.396064][T13220] bridge0: port 2(bridge_slave_1) entered blocking state [ 2247.403458][T13220] bridge0: port 2(bridge_slave_1) entered disabled state [ 2247.412621][T13220] device bridge_slave_1 entered promiscuous mode [ 2247.437573][T13220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2247.450107][T13220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2247.476151][T13220] team0: Port device team_slave_0 added [ 2247.485924][T13220] team0: Port device team_slave_1 added [ 2247.546940][T13220] device hsr_slave_0 entered promiscuous mode [ 2247.613570][T13220] device hsr_slave_1 entered promiscuous mode [ 2247.652612][T13220] debugfs: Directory 'hsr0' with parent '/' already present! [ 2247.677931][T13220] bridge0: port 2(bridge_slave_1) entered blocking state [ 2247.685350][T13220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2247.693525][T13220] bridge0: port 1(bridge_slave_0) entered blocking state [ 2247.700701][T13220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2247.768001][T13220] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2247.788270][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2247.798314][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2247.807564][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2247.817342][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2247.835147][T13220] 8021q: adding VLAN 0 to HW filter on device team0 [ 2247.856060][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2247.865639][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2247.872965][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2247.881513][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2247.890888][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2247.898118][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2247.927008][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2247.955658][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2247.965228][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2247.975851][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2247.985239][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2248.001104][T13220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2248.031033][T13220] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2248.178613][T13226] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2248.189721][T13226] CPU: 0 PID: 13226 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2248.197783][T13226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2248.208137][T13226] Call Trace: [ 2248.211497][T13226] dump_stack+0x191/0x1f0 [ 2248.215885][T13226] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2248.221838][T13226] dump_header+0x1e7/0xd00 [ 2248.226422][T13226] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2248.232620][T13226] ? ___ratelimit+0x542/0x720 [ 2248.237590][T13226] ? task_will_free_mem+0x14c/0x810 [ 2248.242851][T13226] oom_kill_process+0x210/0x560 [ 2248.247728][T13226] out_of_memory+0x1796/0x1c70 [ 2248.252529][T13226] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2248.258355][T13226] memory_max_write+0x90b/0xb60 [ 2248.263355][T13226] ? memory_max_show+0x1b0/0x1b0 [ 2248.268368][T13226] cgroup_file_write+0x41a/0x8e0 [ 2248.273351][T13226] ? cgroup_seqfile_stop+0x150/0x150 [ 2248.278662][T13226] kernfs_fop_write+0x55f/0x840 [ 2248.283547][T13226] ? kernfs_fop_read+0x9a0/0x9a0 [ 2248.288520][T13226] __vfs_write+0x1a9/0xcb0 [ 2248.292985][T13226] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2248.299074][T13226] ? __sb_start_write+0x10b/0x230 [ 2248.304113][T13226] vfs_write+0x481/0x920 [ 2248.308377][T13226] ksys_write+0x265/0x430 [ 2248.312746][T13226] __se_sys_write+0x92/0xb0 [ 2248.317300][T13226] __x64_sys_write+0x4a/0x70 [ 2248.321927][T13226] do_syscall_64+0xb6/0x160 [ 2248.326464][T13226] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2248.332383][T13226] RIP: 0033:0x459a59 [ 2248.336312][T13226] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2248.356125][T13226] RSP: 002b:00007fc4cf9a8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2248.364571][T13226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2248.372555][T13226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2248.380559][T13226] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2248.388549][T13226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4cf9a96d4 [ 2248.396545][T13226] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2248.404730][T13226] memory: usage 5272kB, limit 0kB, failcnt 2854 [ 2248.411050][T13226] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2248.418103][T13226] Memory cgroup stats for /syz5: [ 2248.418421][T13226] anon 159744 [ 2248.418421][T13226] file 2822144 [ 2248.418421][T13226] kernel_stack 196608 [ 2248.418421][T13226] slab 1986560 [ 2248.418421][T13226] sock 0 [ 2248.418421][T13226] shmem 2822144 [ 2248.418421][T13226] file_mapped 0 [ 2248.418421][T13226] file_dirty 0 [ 2248.418421][T13226] file_writeback 0 [ 2248.418421][T13226] anon_thp 0 [ 2248.418421][T13226] inactive_anon 2703360 [ 2248.418421][T13226] active_anon 98304 [ 2248.418421][T13226] inactive_file 0 [ 2248.418421][T13226] active_file 0 [ 2248.418421][T13226] unevictable 0 [ 2248.418421][T13226] slab_reclaimable 413696 [ 2248.418421][T13226] slab_unreclaimable 1572864 [ 2248.418421][T13226] pgfault 124146 [ 2248.418421][T13226] pgmajfault 0 [ 2248.418421][T13226] workingset_refault 0 [ 2248.418421][T13226] workingset_activate 0 [ 2248.418421][T13226] workingset_nodereclaim 0 [ 2248.418421][T13226] pgrefill 0 [ 2248.418421][T13226] pgscan 0 [ 2248.418421][T13226] pgsteal 0 [ 2248.418421][T13226] pgactivate 0 [ 2248.513681][T13226] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13224,uid=0 [ 2248.529416][T13226] Memory cgroup out of memory: Killed process 13224 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2248.549681][ T1833] oom_reaper: reaped process 13224 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2248.590201][T13220] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2248.600389][T13220] CPU: 0 PID: 13220 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2248.608323][T13220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2248.618392][T13220] Call Trace: [ 2248.621718][T13220] dump_stack+0x191/0x1f0 [ 2248.626091][T13220] dump_header+0x1e7/0xd00 [ 2248.630549][T13220] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2248.637035][T13220] ? ___ratelimit+0x542/0x720 [ 2248.641742][T13220] ? task_will_free_mem+0x2c9/0x810 [ 2248.646983][T13220] oom_kill_process+0x210/0x560 [ 2248.652047][T13220] out_of_memory+0x1796/0x1c70 [ 2248.656836][T13220] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2248.662585][T13220] try_charge+0x2889/0x3d70 [ 2248.667105][T13220] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2248.673294][T13220] mem_cgroup_try_charge+0xa29/0xe40 [ 2248.678594][T13220] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2248.684324][T13220] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2248.690223][T13220] handle_mm_fault+0x522b/0x9f70 [ 2248.695189][T13220] do_user_addr_fault+0x905/0x1510 [ 2248.700320][T13220] __do_page_fault+0x1a2/0x410 [ 2248.705090][T13220] do_page_fault+0xbb/0x500 [ 2248.709605][T13220] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2248.714985][T13220] page_fault+0x4e/0x60 [ 2248.719140][T13220] RIP: 0033:0x403522 [ 2248.723043][T13220] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2248.742656][T13220] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2248.748725][T13220] RAX: 0000000000000000 RBX: 0000000000224e30 RCX: 0000000000413660 [ 2248.756697][T13220] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2248.764681][T13220] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001c31940 [ 2248.773092][T13220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2248.781062][T13220] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2248.790323][T13220] memory: usage 4856kB, limit 0kB, failcnt 2869 [ 2248.796714][T13220] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2248.803675][T13220] Memory cgroup stats for /syz5: [ 2248.803983][T13220] anon 159744 [ 2248.803983][T13220] file 2822144 [ 2248.803983][T13220] kernel_stack 0 [ 2248.803983][T13220] slab 1986560 [ 2248.803983][T13220] sock 0 [ 2248.803983][T13220] shmem 2822144 [ 2248.803983][T13220] file_mapped 0 [ 2248.803983][T13220] file_dirty 0 [ 2248.803983][T13220] file_writeback 0 [ 2248.803983][T13220] anon_thp 0 [ 2248.803983][T13220] inactive_anon 2703360 [ 2248.803983][T13220] active_anon 98304 [ 2248.803983][T13220] inactive_file 0 [ 2248.803983][T13220] active_file 0 [ 2248.803983][T13220] unevictable 0 [ 2248.803983][T13220] slab_reclaimable 413696 [ 2248.803983][T13220] slab_unreclaimable 1572864 [ 2248.803983][T13220] pgfault 124146 [ 2248.803983][T13220] pgmajfault 0 [ 2248.803983][T13220] workingset_refault 0 [ 2248.803983][T13220] workingset_activate 0 [ 2248.803983][T13220] workingset_nodereclaim 0 [ 2248.803983][T13220] pgrefill 0 [ 2248.803983][T13220] pgscan 0 [ 2248.803983][T13220] pgsteal 0 [ 2248.803983][T13220] pgactivate 0 [ 2248.899668][T13220] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13220,uid=0 [ 2248.915520][T13220] Memory cgroup out of memory: Killed process 13220 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2248.934439][ T1833] oom_reaper: reaped process 13220 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2249.954175][ T9355] device bridge_slave_1 left promiscuous mode [ 2249.960718][ T9355] bridge0: port 2(bridge_slave_1) entered disabled state [ 2250.016100][ T9355] device bridge_slave_0 left promiscuous mode [ 2250.023235][ T9355] bridge0: port 1(bridge_slave_0) entered disabled state [ 2250.784184][ T9355] device hsr_slave_0 left promiscuous mode [ 2250.822632][ T9355] device hsr_slave_1 left promiscuous mode [ 2250.873506][ T9355] team0 (unregistering): Port device team_slave_1 removed [ 2250.886932][ T9355] team0 (unregistering): Port device team_slave_0 removed [ 2250.901109][ T9355] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2250.948230][ T9355] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2251.016836][ T9355] bond0 (unregistering): Released all slaves 20:59:18 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xdc, 0x4) socketpair$unix(0x1, 0x40000000003, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) sendto$inet6(r0, &(0x7f00000000c0)="0303030003004c0000001100ff015b4202938207d9fb3780398d5375010000007929301ee616d5c01843e06590080053a6e385472da7222a2bb401000000c3920035110f118d0000f5cfe606f6925cbf34658ea132797b1abc5dc62600009b000000fbffffff0000f8367942", 0x6c, 0x0, 0x0, 0x0) 20:59:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 20:59:18 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="5800000000000000140100000700000080000000f7ffffff", @ANYPTR=&(0x7f0000000040)=ANY=[], @ANYPTR, @ANYBLOB="06000000000000000101000000000000090000000000000000000300000000025400000014000000ff00000000000000"], 0x58}, 0x0) 20:59:18 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:59:18 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) [ 2252.528810][T13232] atomic_op 000000004f8f5bc8 conn xmit_atomic 00000000ac00f47f [ 2254.249419][T13240] IPVS: ftp: loaded support on port[0] = 21 [ 2254.345370][T13240] chnl_net:caif_netlink_parms(): no params data found [ 2254.384684][T13240] bridge0: port 1(bridge_slave_0) entered blocking state [ 2254.391822][T13240] bridge0: port 1(bridge_slave_0) entered disabled state [ 2254.400784][T13240] device bridge_slave_0 entered promiscuous mode [ 2254.409530][T13240] bridge0: port 2(bridge_slave_1) entered blocking state [ 2254.416830][T13240] bridge0: port 2(bridge_slave_1) entered disabled state [ 2254.425654][T13240] device bridge_slave_1 entered promiscuous mode 20:59:20 executing program 2: unshare(0x600) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 20:59:20 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="5800000000000000140100000700000080000000f7ffffff", @ANYPTR=&(0x7f0000000040)=ANY=[], @ANYPTR, @ANYBLOB="06000000000000000101000000000000090000000000000000000300000000025400000014000000ff00000000000000"], 0x58}, 0x0) 20:59:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @acquire, @request_death={0x400c630e, 0x3}], 0x0, 0x0, 0x0}) [ 2254.451357][T13240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2254.466022][T13240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:59:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6100, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa4}, [@ldst]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) [ 2254.521563][T13240] team0: Port device team_slave_0 added [ 2254.531582][T13244] atomic_op 000000007f4d2c75 conn xmit_atomic 00000000ac00f47f [ 2254.549672][T13240] team0: Port device team_slave_1 added 20:59:20 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x1) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) dup3(r1, r0, 0x0) 20:59:20 executing program 1: unshare(0x600) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, 0x0, 0x0) [ 2254.659288][T13240] device hsr_slave_0 entered promiscuous mode [ 2254.693665][T13240] device hsr_slave_1 entered promiscuous mode [ 2254.732924][T13240] debugfs: Directory 'hsr0' with parent '/' already present! [ 2254.770209][T13240] bridge0: port 2(bridge_slave_1) entered blocking state [ 2254.777502][T13240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2254.785264][T13240] bridge0: port 1(bridge_slave_0) entered blocking state [ 2254.792542][T13240] bridge0: port 1(bridge_slave_0) entered forwarding state 20:59:20 executing program 1: r0 = open(&(0x7f0000000280)='./file0\x00', 0x60400, 0x7e) r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r4 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000440)={r6}, 0x8) r7 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f0000000440)={r9}, 0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000440)={r9, 0x2000000}, 0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000300)={r3, 0xa4d, 0x40, 0xfff, 0x10001}, &(0x7f0000000340)=0x18) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000380)=@assoc_value={r10, 0x1ff}, 0x8) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') sendfile(r11, 0xffffffffffffffff, 0x0, 0x1) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r11, 0x800455d1, &(0x7f0000000200)) ioctl$KDGETLED(r11, 0x4b31, &(0x7f0000000080)) r12 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000040), 0x4) bind$inet6(r12, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c) listen(r12, 0x400000001ffffffd) r13 = socket$inet6(0xa, 0x6, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000040)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) connect$inet6(r13, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r14 = accept4(r12, 0x0, 0x0, 0x0) sendmmsg(r14, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}}], 0x4000000000000d0, 0x0) r15 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getdents(r15, &(0x7f0000000040)=""/46, 0x2e) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) 20:59:20 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x1) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) dup3(r1, r0, 0x0) [ 2254.896013][T13240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2254.918580][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2254.929023][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2254.946391][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 2254.966777][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2254.983281][T13240] 8021q: adding VLAN 0 to HW filter on device team0 [ 2254.998822][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2255.007979][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2255.015249][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2255.034636][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2255.044470][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2255.051764][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2255.109254][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2255.120653][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2255.131726][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2255.152077][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2255.172246][T13240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2255.186008][T13240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2255.196895][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2255.240322][T13240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2255.425528][T13473] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2255.435870][T13473] CPU: 1 PID: 13473 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2255.443995][T13473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2255.454100][T13473] Call Trace: [ 2255.457417][T13473] dump_stack+0x191/0x1f0 [ 2255.461876][T13473] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2255.467821][T13473] dump_header+0x1e7/0xd00 [ 2255.472472][T13473] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2255.478781][T13473] ? ___ratelimit+0x542/0x720 [ 2255.483504][T13473] ? task_will_free_mem+0x14c/0x810 [ 2255.488840][T13473] oom_kill_process+0x210/0x560 [ 2255.493716][T13473] out_of_memory+0x1796/0x1c70 [ 2255.498497][T13473] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2255.505001][T13473] memory_max_write+0x90b/0xb60 [ 2255.509934][T13473] ? memory_max_show+0x1b0/0x1b0 [ 2255.514917][T13473] cgroup_file_write+0x41a/0x8e0 [ 2255.519894][T13473] ? cgroup_seqfile_stop+0x150/0x150 [ 2255.525222][T13473] kernfs_fop_write+0x55f/0x840 [ 2255.530200][T13473] ? kernfs_fop_read+0x9a0/0x9a0 [ 2255.535154][T13473] __vfs_write+0x1a9/0xcb0 [ 2255.539606][T13473] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2255.545698][T13473] ? __sb_start_write+0x10b/0x230 [ 2255.550916][T13473] vfs_write+0x481/0x920 [ 2255.555193][T13473] ksys_write+0x265/0x430 [ 2255.559560][T13473] __se_sys_write+0x92/0xb0 [ 2255.564114][T13473] __x64_sys_write+0x4a/0x70 [ 2255.568794][T13473] do_syscall_64+0xb6/0x160 [ 2255.573329][T13473] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2255.579254][T13473] RIP: 0033:0x459a59 [ 2255.583217][T13473] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2255.602885][T13473] RSP: 002b:00007faa2ba04c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2255.611350][T13473] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2255.619355][T13473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2255.627433][T13473] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2255.635602][T13473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faa2ba056d4 [ 2255.643605][T13473] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2255.651829][T13473] memory: usage 6232kB, limit 0kB, failcnt 2878 [ 2255.658770][T13473] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2255.665725][T13473] Memory cgroup stats for /syz5: [ 2255.666058][T13473] anon 159744 [ 2255.666058][T13473] file 3739648 [ 2255.666058][T13473] kernel_stack 196608 [ 2255.666058][T13473] slab 1986560 [ 2255.666058][T13473] sock 0 [ 2255.666058][T13473] shmem 3739648 [ 2255.666058][T13473] file_mapped 0 [ 2255.666058][T13473] file_dirty 0 [ 2255.666058][T13473] file_writeback 0 [ 2255.666058][T13473] anon_thp 0 [ 2255.666058][T13473] inactive_anon 3784704 [ 2255.666058][T13473] active_anon 98304 [ 2255.666058][T13473] inactive_file 0 [ 2255.666058][T13473] active_file 0 [ 2255.666058][T13473] unevictable 0 [ 2255.666058][T13473] slab_reclaimable 413696 [ 2255.666058][T13473] slab_unreclaimable 1572864 [ 2255.666058][T13473] pgfault 124707 [ 2255.666058][T13473] pgmajfault 0 [ 2255.666058][T13473] workingset_refault 0 [ 2255.666058][T13473] workingset_activate 0 [ 2255.666058][T13473] workingset_nodereclaim 0 [ 2255.666058][T13473] pgrefill 0 [ 2255.666058][T13473] pgscan 0 [ 2255.666058][T13473] pgsteal 0 [ 2255.666058][T13473] pgactivate 0 [ 2255.760859][T13473] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13471,uid=0 [ 2255.776544][T13473] Memory cgroup out of memory: Killed process 13471 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2255.800568][ T1833] oom_reaper: reaped process 13471 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2255.836287][T13240] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2255.846512][T13240] CPU: 1 PID: 13240 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2255.854427][T13240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2255.864507][T13240] Call Trace: [ 2255.867809][T13240] dump_stack+0x191/0x1f0 [ 2255.872146][T13240] dump_header+0x1e7/0xd00 [ 2255.876583][T13240] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2255.882749][T13240] ? ___ratelimit+0x542/0x720 [ 2255.887428][T13240] ? task_will_free_mem+0x2c9/0x810 [ 2255.892716][T13240] oom_kill_process+0x210/0x560 [ 2255.897599][T13240] out_of_memory+0x1796/0x1c70 [ 2255.902397][T13240] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2255.908256][T13240] try_charge+0x2889/0x3d70 [ 2255.912815][T13240] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2255.919125][T13240] mem_cgroup_try_charge+0xa29/0xe40 [ 2255.924431][T13240] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2255.930170][T13240] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2255.936120][T13240] handle_mm_fault+0x522b/0x9f70 [ 2255.941112][T13240] do_user_addr_fault+0x905/0x1510 [ 2255.946247][T13240] __do_page_fault+0x1a2/0x410 [ 2255.951016][T13240] do_page_fault+0xbb/0x500 [ 2255.955537][T13240] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2255.960918][T13240] page_fault+0x4e/0x60 [ 2255.965081][T13240] RIP: 0033:0x403522 [ 2255.968980][T13240] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2255.988768][T13240] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2255.994843][T13240] RAX: 0000000000000000 RBX: 0000000000226a80 RCX: 0000000000413660 [ 2256.007248][T13240] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2256.015281][T13240] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000ec6940 [ 2256.024939][T13240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2256.032936][T13240] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2256.043885][T13240] memory: usage 5816kB, limit 0kB, failcnt 2887 [ 2256.050477][T13240] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2256.057405][T13240] Memory cgroup stats for /syz5: [ 2256.057718][T13240] anon 159744 [ 2256.057718][T13240] file 3739648 [ 2256.057718][T13240] kernel_stack 0 [ 2256.057718][T13240] slab 1986560 [ 2256.057718][T13240] sock 0 [ 2256.057718][T13240] shmem 3739648 [ 2256.057718][T13240] file_mapped 0 [ 2256.057718][T13240] file_dirty 0 [ 2256.057718][T13240] file_writeback 0 [ 2256.057718][T13240] anon_thp 0 [ 2256.057718][T13240] inactive_anon 3784704 [ 2256.057718][T13240] active_anon 98304 [ 2256.057718][T13240] inactive_file 0 [ 2256.057718][T13240] active_file 0 [ 2256.057718][T13240] unevictable 0 [ 2256.057718][T13240] slab_reclaimable 413696 [ 2256.057718][T13240] slab_unreclaimable 1572864 [ 2256.057718][T13240] pgfault 124707 [ 2256.057718][T13240] pgmajfault 0 [ 2256.057718][T13240] workingset_refault 0 [ 2256.057718][T13240] workingset_activate 0 [ 2256.057718][T13240] workingset_nodereclaim 0 [ 2256.057718][T13240] pgrefill 0 [ 2256.057718][T13240] pgscan 0 [ 2256.057718][T13240] pgsteal 0 [ 2256.057718][T13240] pgactivate 0 [ 2256.152511][T13240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13240,uid=0 [ 2256.168377][T13240] Memory cgroup out of memory: Killed process 13240 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2256.187461][ T1833] oom_reaper: reaped process 13240 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2257.215588][ T893] device bridge_slave_1 left promiscuous mode [ 2257.222040][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2257.264840][ T893] device bridge_slave_0 left promiscuous mode [ 2257.271476][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2258.113929][ T893] device hsr_slave_0 left promiscuous mode [ 2258.152884][ T893] device hsr_slave_1 left promiscuous mode [ 2258.205490][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2258.219802][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2258.235498][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2258.288826][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2258.368118][ T893] bond0 (unregistering): Released all slaves 20:59:25 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000758, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000200)='8', 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$inet(r0, &(0x7f0000000080)="1b", 0x1, 0x0, 0x0, 0x0) 20:59:25 executing program 3: r0 = socket$packet(0x11, 0x20000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'lo\x00\x00\x00\x00\x02\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x1, 0x6, @remote}, 0x10) r2 = socket(0x100000000011, 0x2, 0x0) bind(r2, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000000)={r3, 0x1, 0x6, @remote}, 0x10) 20:59:25 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, &(0x7f00000002c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='mounts\x00\x99e!\x1e\xb2!\x03\x9b\xfa\xac\fH!\x8f\xda4}\xa6x\x8f\xa1\xf8A`5S\xe2\xc9\x1b\xfe\xff/r\xaa)%Y\xdcK\t.\xb8\xea3\xa3e\'\x19*\xb3\x1a\xfa\x9c\xbf\xe7\x9c\x06d\a\xe3\xffOX\xa9\xcc\x13\xc1S\xb2j\xb8;\xf6\xa5\xd28i\x1b\x82\xe0\xa8\xacR\xcc*X\x9e\xe5\xc1\'\xf1\x8aT\xf2\x99\xcc\xd1\x91\x9d\tw^\xb9\x85U\xc6i_\xa4\x1e\xb1\x06\xf3\xc3\x8a\x1b\x9c{\r\xdfm\xa4\x90j\xeb.\x92\xae\xc7+G\xef\x8d(\xeey\x9e\x9dr\x0e:m\x82\xd0\xee\x1bK\xb7\x04\x06\"\xba\x95x\xffs\x10A\xa6\xa1\a\xe0\xe7;x\x12\x1e.\x98bA\x058\xd9\xe8\xb9%3?f-V\x02\x1d\x83\xfb\xf7\x0e\x19\x9a\f`\xd7\xc5[B\xfe\x9a(\x12\xff\x8e\x18\xe7\xc5~#\x84\x01\x1c\xf3b\xd2?\xec\x0f\x16#\x19X\xeboE\x9c\x18L_L\x8f\xed\x94\x83\v\x8595\x99\x1e\xee\x9d\x8a\n\xe3\xbf\x19\x18\xa4\xa0y\xdc\xf4\x81=\xc1j\xad)e\v\xf8D\x80E\x1a\xa5\xa1Z\xa8C\xd9Yp\x04E\x06\xaa\x81\xc1\xca\xadi\xe8VV\xb56\x1a\xb9\xe0\x9f\x1b\x8bX\x85.\x7flw\xd9x\x1e\x0fe\xad\xbe\xe9\xca\x12\xd1\xea\xb7\xf6\xe9\xe6I\xa5\x95\xdb\xee\x98ce\xf0\xb4E\x8cfa\x8c\n\xa8\xa3\x0f#\xbc\xf9\xfbG\xa8\xd3\\k\xeflZ\x9a\xf5\x91w\x11L\x94\xd1b\xed<\x8f\x1a\xe3\xd2\xe9\xe1e\x95\xde\xd2y\xee\b\x8b\xf7\xac\xc7\xe3,\xbd\xef\xf82\xb2|g~\xe7\xd2\xaa$\tPv\xc3\x05\x1a\xcb\xd7\xf2\x01\xe4\xa5\xf5\xe1G\x9e\xdf\xc5X\xf5\xdf3\x9f\x00)\xfc\x17\x86\x19Q\xa6aE\xe2!\\\xf6/\x1d\x15\xd2\xe8N\x996\x85O\xe7\xac\x0f\xc53\xa0!Y\xf2<\xa65\x83=\xb5U\x95\xc1F\xf0\xe7\x9b8\xfc\x16\xc3\xd983e=\xc8\xf4\x9a\xa9\xe3\xdf\xacUKW\t\xaa\xbcmq\x7f\r\"\x92\"\xd3\xbe\x97\x01\xa7\xf8L\xed=\x13\xa0\xf9`\x06\x92\xfav\xeb') sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5) [ 2259.685821][T13476] device lo entered promiscuous mode [ 2259.692829][ C0] net_ratelimit: 4 callbacks suppressed [ 2259.692851][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2259.704901][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2259.806008][T13476] device lo left promiscuous mode [ 2259.944105][T13582] device lo entered promiscuous mode [ 2259.950193][T13582] device lo left promiscuous mode 20:59:27 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) clock_gettime(0x0, &(0x7f0000000100)={0x0}) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={r2}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0x7ffffffffffff010}, {0x6}]}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r3, 0x0, 0x10001, 0x0) 20:59:27 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x0, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:59:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x10024, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0xfffffffffffff001, 0x0, 0x3, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioprio_set$pid(0x2, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000380)='./file0\x00', 0x2000, 0x1) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x20000, 0x0) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.ima\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="9cbda8db6cb59bce4833008787d864b85e1376a3aa8f8c6c0a1d5aa069aa61c531de7bb9386a67bb317da36760a97b512133279c1956dc4a12395dfaa32504"], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000000c0)=[@window, @sack_perm, @window={0x3, 0x8}], 0x3) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) getpid() openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0xb3154a5b554b83bc, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x128, 0x40) r3 = socket(0x1e, 0x4, 0x0) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, 0x0, &(0x7f00000001c0)) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(0xffffffffffffffff, 0x81785501, &(0x7f0000000500)=""/94) fstat(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f0000000680)) socket(0x1e, 0x4, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000002c0)=0xc) fchown(r2, r4, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio\x00', 0x501000, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r5) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 20:59:27 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r1, 0x0, 0xff1b, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f0000000240), 0x1192aca8268c9077, 0x0, 0x0, 0xffffffffffffff06) connect(r1, &(0x7f0000000080)=@un=@file={0x0, './file0\x00'}, 0x80) 20:59:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[], 0x0) dup(r0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)={[], 0x7fff, 0x1}) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000080)) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600), 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x7fffffa7) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000b00)={{{@in6=@loopback, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@loopback}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r3) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 20:59:28 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @remote}}}}, 0x439) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e20}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000400)={@local, @random="bfba1f3617fe", [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0) 20:59:28 executing program 1: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2014840}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xa0, r1, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfd66}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x84dd}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7d04}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0xe4be57b1f0241fdc}, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400440, 0x0) dup3(0xffffffffffffffff, r2, 0x80000) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r3, &(0x7f0000000240), 0x5c3, 0x0) r4 = dup(r3) renameat2(r2, &(0x7f0000000100)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00', 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x2}) r10 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r10, r9, 0x0) pipe2(0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 20:59:28 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000500)=ANY=[@ANYBLOB="020d0000140000000000000000000000080012000000030000000000000000000600000000000000000000000000000000000000000000000000000000000000ff02000000000000000000000000000105000500000000000a0000000000000000000000040000000000ffffac2b140000f584f80100000005000600000000000a00000000000000fe8000000000000075ef10aa8eeb18243c62541e153d22eb00000000000000ff000000000000cced30fb4e468356b01554cc6e2bad5fdaf842c02d213721d09b65c9739361d52c38abe85e27d4d463c603a9b562d0e284f2b1894511e1d77291aee13913b74b4efe24a97bf3ab329941180652d895394e6bcd684dee2feb126c9562a3f73f43c1b0"], 0xa0}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0xfa) sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 20:59:28 executing program 1: setreuid(0x0, 0xee00) clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='stat\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) recvfrom$unix(r3, 0x0, 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000001300)=[{&(0x7f0000000000)=""/68, 0xfcec}], 0x1, 0x0) [ 2263.761678][T14012] IPVS: ftp: loaded support on port[0] = 21 [ 2263.860468][T14012] chnl_net:caif_netlink_parms(): no params data found [ 2263.898896][T14012] bridge0: port 1(bridge_slave_0) entered blocking state [ 2263.906379][T14012] bridge0: port 1(bridge_slave_0) entered disabled state [ 2263.915494][T14012] device bridge_slave_0 entered promiscuous mode [ 2263.925241][T14012] bridge0: port 2(bridge_slave_1) entered blocking state [ 2263.933228][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2263.933792][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2263.945718][T14012] bridge0: port 2(bridge_slave_1) entered disabled state [ 2263.955058][T14012] device bridge_slave_1 entered promiscuous mode [ 2263.979519][T14012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2263.993292][T14012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2264.021168][T14012] team0: Port device team_slave_0 added [ 2264.029712][T14012] team0: Port device team_slave_1 added [ 2264.086672][T14012] device hsr_slave_0 entered promiscuous mode [ 2264.133565][T14012] device hsr_slave_1 entered promiscuous mode [ 2264.172652][T14012] debugfs: Directory 'hsr0' with parent '/' already present! [ 2264.195426][T14012] bridge0: port 2(bridge_slave_1) entered blocking state [ 2264.202824][T14012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2264.210609][T14012] bridge0: port 1(bridge_slave_0) entered blocking state [ 2264.217863][T14012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2264.275024][T14012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2264.294761][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2264.305938][ T5303] bridge0: port 1(bridge_slave_0) entered disabled state [ 2264.316602][ T5303] bridge0: port 2(bridge_slave_1) entered disabled state [ 2264.327335][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2264.335236][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2264.335524][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2264.335895][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2264.336134][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2264.336481][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2264.336719][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2264.381993][T14012] 8021q: adding VLAN 0 to HW filter on device team0 [ 2264.396550][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2264.406072][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2264.413311][ T5226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2264.433878][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2264.444977][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 2264.452741][ T5226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2264.475636][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2264.486771][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2264.507117][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2264.525937][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2264.541512][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2264.556449][T14012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2264.588723][T14012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2264.735128][T14019] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2264.745525][T14019] CPU: 0 PID: 14019 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2264.753424][T14019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2264.763495][T14019] Call Trace: [ 2264.766889][T14019] dump_stack+0x191/0x1f0 [ 2264.771575][T14019] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2264.777499][T14019] dump_header+0x1e7/0xd00 [ 2264.782043][T14019] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2264.788236][T14019] ? ___ratelimit+0x542/0x720 [ 2264.792926][T14019] ? task_will_free_mem+0x14c/0x810 [ 2264.798152][T14019] oom_kill_process+0x210/0x560 [ 2264.803057][T14019] out_of_memory+0x1796/0x1c70 [ 2264.807886][T14019] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2264.813591][T14019] memory_max_write+0x90b/0xb60 [ 2264.818485][T14019] ? memory_max_show+0x1b0/0x1b0 [ 2264.823447][T14019] cgroup_file_write+0x41a/0x8e0 [ 2264.828408][T14019] ? cgroup_seqfile_stop+0x150/0x150 [ 2264.833724][T14019] kernfs_fop_write+0x55f/0x840 [ 2264.838606][T14019] ? kernfs_fop_read+0x9a0/0x9a0 [ 2264.843561][T14019] __vfs_write+0x1a9/0xcb0 [ 2264.848050][T14019] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2264.854156][T14019] ? __sb_start_write+0x10b/0x230 [ 2264.859204][T14019] vfs_write+0x481/0x920 [ 2264.863470][T14019] ksys_write+0x265/0x430 [ 2264.867819][T14019] __se_sys_write+0x92/0xb0 [ 2264.872367][T14019] __x64_sys_write+0x4a/0x70 [ 2264.876994][T14019] do_syscall_64+0xb6/0x160 [ 2264.881525][T14019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2264.887423][T14019] RIP: 0033:0x459a59 [ 2264.891355][T14019] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2264.911005][T14019] RSP: 002b:00007f66317f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2264.919445][T14019] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2264.927436][T14019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2264.935413][T14019] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2264.943513][T14019] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66317f96d4 [ 2264.951493][T14019] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2264.959786][T14019] memory: usage 5668kB, limit 0kB, failcnt 2896 [ 2264.966187][T14019] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2264.973142][T14019] Memory cgroup stats for /syz5: [ 2264.973471][T14019] anon 159744 [ 2264.973471][T14019] file 3190784 [ 2264.973471][T14019] kernel_stack 196608 [ 2264.973471][T14019] slab 1986560 [ 2264.973471][T14019] sock 0 [ 2264.973471][T14019] shmem 3190784 [ 2264.973471][T14019] file_mapped 0 [ 2264.973471][T14019] file_dirty 0 [ 2264.973471][T14019] file_writeback 0 [ 2264.973471][T14019] anon_thp 0 [ 2264.973471][T14019] inactive_anon 3108864 [ 2264.973471][T14019] active_anon 98304 [ 2264.973471][T14019] inactive_file 0 [ 2264.973471][T14019] active_file 0 [ 2264.973471][T14019] unevictable 0 [ 2264.973471][T14019] slab_reclaimable 413696 [ 2264.973471][T14019] slab_unreclaimable 1572864 [ 2264.973471][T14019] pgfault 125268 [ 2264.973471][T14019] pgmajfault 0 [ 2264.973471][T14019] workingset_refault 0 [ 2264.973471][T14019] workingset_activate 0 [ 2264.973471][T14019] workingset_nodereclaim 0 [ 2264.973471][T14019] pgrefill 0 [ 2264.973471][T14019] pgscan 0 [ 2264.973471][T14019] pgsteal 0 [ 2264.973471][T14019] pgactivate 0 [ 2265.069685][T14019] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14017,uid=0 [ 2265.085449][T14019] Memory cgroup out of memory: Killed process 14017 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2265.104223][ C0] net_ratelimit: 2 callbacks suppressed [ 2265.104245][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2265.117023][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2265.152135][T14012] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2265.163045][T14012] CPU: 0 PID: 14012 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2265.171055][T14012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.181242][T14012] Call Trace: [ 2265.184557][T14012] dump_stack+0x191/0x1f0 [ 2265.188907][T14012] dump_header+0x1e7/0xd00 [ 2265.193374][T14012] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2265.199561][T14012] ? ___ratelimit+0x542/0x720 [ 2265.204431][T14012] ? task_will_free_mem+0x2c9/0x810 [ 2265.209677][T14012] oom_kill_process+0x210/0x560 [ 2265.214578][T14012] out_of_memory+0x1796/0x1c70 [ 2265.219484][T14012] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2265.225142][T14012] try_charge+0x2889/0x3d70 [ 2265.229658][T14012] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2265.235855][T14012] mem_cgroup_try_charge+0xa29/0xe40 [ 2265.241249][T14012] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2265.247003][T14012] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2265.252956][T14012] handle_mm_fault+0x522b/0x9f70 [ 2265.257957][T14012] do_user_addr_fault+0x905/0x1510 [ 2265.263099][T14012] __do_page_fault+0x1a2/0x410 [ 2265.267962][T14012] do_page_fault+0xbb/0x500 [ 2265.272518][T14012] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2265.277968][T14012] page_fault+0x4e/0x60 [ 2265.282170][T14012] RIP: 0033:0x403522 [ 2265.286076][T14012] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2265.305712][T14012] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2265.311784][T14012] RAX: 0000000000000000 RBX: 0000000000228edd RCX: 0000000000413660 [ 2265.319765][T14012] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2265.327755][T14012] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000fe4940 [ 2265.335739][T14012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2265.343722][T14012] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2265.352933][T14012] memory: usage 5256kB, limit 0kB, failcnt 2905 [ 2265.359209][T14012] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2265.366273][T14012] Memory cgroup stats for /syz5: [ 2265.366580][T14012] anon 159744 [ 2265.366580][T14012] file 3190784 [ 2265.366580][T14012] kernel_stack 0 [ 2265.366580][T14012] slab 1986560 [ 2265.366580][T14012] sock 0 [ 2265.366580][T14012] shmem 3190784 [ 2265.366580][T14012] file_mapped 0 [ 2265.366580][T14012] file_dirty 0 [ 2265.366580][T14012] file_writeback 0 [ 2265.366580][T14012] anon_thp 0 [ 2265.366580][T14012] inactive_anon 3108864 [ 2265.366580][T14012] active_anon 98304 [ 2265.366580][T14012] inactive_file 0 [ 2265.366580][T14012] active_file 0 [ 2265.366580][T14012] unevictable 0 [ 2265.366580][T14012] slab_reclaimable 413696 [ 2265.366580][T14012] slab_unreclaimable 1572864 [ 2265.366580][T14012] pgfault 125268 [ 2265.366580][T14012] pgmajfault 0 [ 2265.366580][T14012] workingset_refault 0 [ 2265.366580][T14012] workingset_activate 0 [ 2265.366580][T14012] workingset_nodereclaim 0 [ 2265.366580][T14012] pgrefill 0 [ 2265.366580][T14012] pgscan 0 [ 2265.366580][T14012] pgsteal 0 [ 2265.366580][T14012] pgactivate 0 [ 2265.462609][T14012] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14012,uid=0 [ 2265.478226][T14012] Memory cgroup out of memory: Killed process 14012 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2265.497212][ T1833] oom_reaper: reaped process 14012 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2265.497505][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2265.514524][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2265.623063][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2265.629474][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2266.013774][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2266.020094][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2266.412724][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2266.418734][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2266.664468][ T9367] device bridge_slave_1 left promiscuous mode [ 2266.670962][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2266.705368][ T9367] device bridge_slave_0 left promiscuous mode [ 2266.712055][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2267.573234][ T9367] device hsr_slave_0 left promiscuous mode [ 2267.632630][ T9367] device hsr_slave_1 left promiscuous mode [ 2267.686362][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2267.700225][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2267.715472][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2267.769137][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2267.841874][ T9367] bond0 (unregistering): Released all slaves 20:59:35 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@local, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@remote, 0x0, 0x32}, 0x2, @in6=@empty, 0x0, 0x4, 0x0, 0x6}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 20:59:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(0xffffffffffffffff, 0xc0385650, 0x0) 20:59:35 executing program 3: bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8910, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000000)) r1 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000300)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x68000000, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="2c000000000000000000000007000000441c0701e0000080effdffff00000000020000000000200000000000010000000087e6674214ed029c22d957005b4ae42bac902743f41beeb584284e67edac0fecae"], 0x30, 0x5}, 0x0) close(0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=ANY=[]}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000006c0)={0x0, 0x70, 0x2, 0xfffffffffffffeff, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x6, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x7, 0x3, 0x2, 0x3, 0xcd, 0xd64a, 0x7, 0xc54, 0x81, 0x4, 0x41, 0x0, 0xfffffffffffffffb, 0x6, 0x3, 0x1, 0x8, 0x4, 0x3, 0xfff, 0x1, 0x0, 0x3fd, 0x0, @perf_config_ext={0x80, 0x7ff}, 0x14004, 0x0, 0x3fc00000, 0x0, 0x7b6, 0x8001, 0x81}, r2, 0x9, r3, 0x9) r4 = getpid() perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x4, 0x8, 0x5, 0xffffffffffffff31, 0x0, 0x5, 0x80040, 0x5, 0x9b9c, 0x401, 0x4f, 0xfffffffffffffffe, 0x4, 0x0, 0x13fd, 0x0, 0x0, 0x5, 0x0, 0x7fff, 0x1000, 0x52, 0x0, 0xffff, 0x0, 0x0, 0x9, 0xe3, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf80000, 0x0, 0x3ff, 0x0, 0x0, 0x5, @perf_bp={0x0}, 0x0, 0xffffffff80000000, 0x0, 0x0, 0x0, 0x4}, r4, 0xa, 0xffffffffffffffff, 0x0) perf_event_open(0x0, r4, 0x0, 0xffffffffffffffff, 0x3) r5 = socket$kcm(0xa, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x890b, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000140), 0x4) 20:59:35 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioprio_set$pid(0x0, r0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) dup(r1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)={[], 0x7fff, 0x0, 0xe6}) clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r2, &(0x7f0000000600), 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r2, 0x0, 0x0) ioctl$TUNSETVNETLE(r3, 0x400454dc, &(0x7f0000000080)) mknod$loop(0x0, 0x2000, 0x1) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r4 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r4, 0x0, 0x0) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r6, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 20:59:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x0, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 20:59:35 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x2f9, 0x0, &(0x7f0000000280)=[@acquire, @acquire, @request_death, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x1000001ed, 0x0, 0x0}) 20:59:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f00000002c0)={'team0\x00', {0x2, 0x0, @multicast2}}) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000680)="ff5b93baf4715971ba778a4091bf32a5307d1aad95db841680c544d506ab1c3405176a92ebe5ce0025e269e33dba850c0edff31990e83f65d40e8aec1f8801132a4088456b3f9166215a20ce4113818fe8668752a06696602189d19eb27eeb7c7a8fe69d0e65a052a93b5c4cf71bc11c4bc0bc7fbc5637850e7cf553dc9683e2a77d09196b818171d8e2b85add4e45494bc588edfedd7bd8045fa963bdd79c6885fb32e67153a5050367a53907b55917d7f298c40364e253", 0xffffffe1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x2}, 0x0) sched_setattr(0x0, 0x0, 0x0) r4 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r4, &(0x7f00000004c0)='1', 0x1) sendfile(r4, r4, &(0x7f0000000200), 0xff8) 20:59:35 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3660, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0xffffffffffffff7c, &(0x7f00000bfff0)={&(0x7f0000006440)=ANY=[@ANYBLOB="b800000019000100000006005b000000ff010000000000000000000000000001e000000100000000800000000000000000000000000000000a0001000000002e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000fbbccf810000000000000000fd85d16e79bad40ac3794899000000000000000000000000000000d94bfeadbfce0d4ed6f71b242b42000000ea00000000000000000000000000000000000005000000000000f5000000000000000000000000e6010000000100000000002000"], 0xb8}}, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) 20:59:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0xef03, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa4}, [@ldst]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) 20:59:35 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="f3"], 0x1) 20:59:36 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(0x0, 0x40c2, 0x0) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) mknod$loop(0x0, 0x2000, 0x1) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) 20:59:36 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0xffa7, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141403}}, 0x1c) geteuid() pipe(0x0) setxattr$trusted_overlay_redirect(0x0, &(0x7f0000000580)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) [ 2271.084478][T14567] IPVS: ftp: loaded support on port[0] = 21 [ 2271.179581][T14567] chnl_net:caif_netlink_parms(): no params data found [ 2271.220795][T14567] bridge0: port 1(bridge_slave_0) entered blocking state [ 2271.228202][T14567] bridge0: port 1(bridge_slave_0) entered disabled state [ 2271.237456][T14567] device bridge_slave_0 entered promiscuous mode [ 2271.247042][T14567] bridge0: port 2(bridge_slave_1) entered blocking state [ 2271.254421][T14567] bridge0: port 2(bridge_slave_1) entered disabled state [ 2271.264416][T14567] device bridge_slave_1 entered promiscuous mode [ 2271.290125][T14567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2271.303708][T14567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2271.331644][T14567] team0: Port device team_slave_0 added [ 2271.340824][T14567] team0: Port device team_slave_1 added [ 2271.406372][T14567] device hsr_slave_0 entered promiscuous mode [ 2271.463983][T14567] device hsr_slave_1 entered promiscuous mode [ 2271.502638][T14567] debugfs: Directory 'hsr0' with parent '/' already present! [ 2271.526898][T14567] bridge0: port 2(bridge_slave_1) entered blocking state [ 2271.535391][T14567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2271.543327][T14567] bridge0: port 1(bridge_slave_0) entered blocking state [ 2271.550500][T14567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2271.615544][T14567] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2271.635560][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2271.646040][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2271.655032][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2271.666592][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2271.685102][T14567] 8021q: adding VLAN 0 to HW filter on device team0 [ 2271.700298][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2271.709431][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 2271.716912][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2271.733473][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2271.743740][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2271.750940][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2271.781778][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2271.793834][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2271.816692][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2271.826536][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2271.847283][T14567] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2271.859756][T14567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2271.871768][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2271.905673][T14567] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2272.049169][T14573] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2272.059901][T14573] CPU: 0 PID: 14573 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2272.068431][T14573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.078797][T14573] Call Trace: [ 2272.082134][T14573] dump_stack+0x191/0x1f0 [ 2272.086611][T14573] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2272.092720][T14573] dump_header+0x1e7/0xd00 [ 2272.097176][T14573] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2272.103358][T14573] ? ___ratelimit+0x542/0x720 [ 2272.108064][T14573] ? task_will_free_mem+0x14c/0x810 [ 2272.113326][T14573] oom_kill_process+0x210/0x560 [ 2272.118320][T14573] out_of_memory+0x1796/0x1c70 [ 2272.123155][T14573] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2272.128914][T14573] memory_max_write+0x90b/0xb60 [ 2272.133833][T14573] ? memory_max_show+0x1b0/0x1b0 [ 2272.138800][T14573] cgroup_file_write+0x41a/0x8e0 [ 2272.143896][T14573] ? cgroup_seqfile_stop+0x150/0x150 [ 2272.149217][T14573] kernfs_fop_write+0x55f/0x840 [ 2272.154415][T14573] ? kernfs_fop_read+0x9a0/0x9a0 [ 2272.159399][T14573] __vfs_write+0x1a9/0xcb0 [ 2272.163885][T14573] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2272.170016][T14573] ? __sb_start_write+0x10b/0x230 [ 2272.175075][T14573] vfs_write+0x481/0x920 [ 2272.179346][T14573] ksys_write+0x265/0x430 [ 2272.183721][T14573] __se_sys_write+0x92/0xb0 [ 2272.188276][T14573] __x64_sys_write+0x4a/0x70 [ 2272.192940][T14573] do_syscall_64+0xb6/0x160 [ 2272.197554][T14573] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2272.203499][T14573] RIP: 0033:0x459a59 [ 2272.207578][T14573] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2272.227405][T14573] RSP: 002b:00007f2ce14dec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2272.235951][T14573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2272.244058][T14573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2272.252396][T14573] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2272.260385][T14573] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ce14df6d4 [ 2272.268544][T14573] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2272.280407][T14573] memory: usage 5540kB, limit 0kB, failcnt 2914 [ 2272.287031][T14573] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2272.294271][T14573] Memory cgroup stats for /syz5: [ 2272.294569][T14573] anon 24576 [ 2272.294569][T14573] file 2920448 [ 2272.294569][T14573] kernel_stack 196608 [ 2272.294569][T14573] slab 1986560 [ 2272.294569][T14573] sock 0 [ 2272.294569][T14573] shmem 2920448 [ 2272.294569][T14573] file_mapped 0 [ 2272.294569][T14573] file_dirty 0 [ 2272.294569][T14573] file_writeback 0 [ 2272.294569][T14573] anon_thp 0 [ 2272.294569][T14573] inactive_anon 2973696 [ 2272.294569][T14573] active_anon 98304 [ 2272.294569][T14573] inactive_file 0 [ 2272.294569][T14573] active_file 0 [ 2272.294569][T14573] unevictable 0 [ 2272.294569][T14573] slab_reclaimable 413696 [ 2272.294569][T14573] slab_unreclaimable 1572864 [ 2272.294569][T14573] pgfault 125862 [ 2272.294569][T14573] pgmajfault 0 [ 2272.294569][T14573] workingset_refault 0 [ 2272.294569][T14573] workingset_activate 0 [ 2272.294569][T14573] workingset_nodereclaim 0 [ 2272.294569][T14573] pgrefill 0 [ 2272.294569][T14573] pgscan 0 [ 2272.294569][T14573] pgsteal 0 [ 2272.294569][T14573] pgactivate 0 [ 2272.389580][T14573] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14571,uid=0 [ 2272.405408][T14573] Memory cgroup out of memory: Killed process 14571 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2272.426252][ T1833] oom_reaper: reaped process 14571 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2272.469515][T14567] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2272.479807][T14567] CPU: 1 PID: 14567 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2272.487803][T14567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.497919][T14567] Call Trace: [ 2272.501252][T14567] dump_stack+0x191/0x1f0 [ 2272.505749][T14567] dump_header+0x1e7/0xd00 [ 2272.510329][T14567] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2272.516505][T14567] ? ___ratelimit+0x542/0x720 [ 2272.521200][T14567] ? task_will_free_mem+0x2c9/0x810 [ 2272.526428][T14567] oom_kill_process+0x210/0x560 [ 2272.531316][T14567] out_of_memory+0x1796/0x1c70 [ 2272.536104][T14567] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2272.541761][T14567] try_charge+0x2889/0x3d70 [ 2272.546377][T14567] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2272.552575][T14567] mem_cgroup_try_charge+0xa29/0xe40 [ 2272.557905][T14567] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2272.563727][T14567] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2272.569673][T14567] handle_mm_fault+0x522b/0x9f70 [ 2272.576845][T14567] do_user_addr_fault+0x905/0x1510 [ 2272.582078][T14567] __do_page_fault+0x1a2/0x410 [ 2272.586970][T14567] do_page_fault+0xbb/0x500 [ 2272.591687][T14567] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2272.597149][T14567] page_fault+0x4e/0x60 [ 2272.601766][T14567] RIP: 0033:0x403522 [ 2272.606020][T14567] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2272.625691][T14567] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2272.631798][T14567] RAX: 0000000000000000 RBX: 000000000022ab71 RCX: 0000000000413660 [ 2272.639785][T14567] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2272.647776][T14567] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000116a940 [ 2272.656030][T14567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2272.664035][T14567] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2272.672211][T14567] memory: usage 5120kB, limit 0kB, failcnt 2929 [ 2272.678566][T14567] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2272.685511][T14567] Memory cgroup stats for /syz5: [ 2272.685804][T14567] anon 24576 [ 2272.685804][T14567] file 2920448 [ 2272.685804][T14567] kernel_stack 0 [ 2272.685804][T14567] slab 1986560 [ 2272.685804][T14567] sock 0 [ 2272.685804][T14567] shmem 2920448 [ 2272.685804][T14567] file_mapped 0 [ 2272.685804][T14567] file_dirty 0 [ 2272.685804][T14567] file_writeback 0 [ 2272.685804][T14567] anon_thp 0 [ 2272.685804][T14567] inactive_anon 2973696 [ 2272.685804][T14567] active_anon 98304 [ 2272.685804][T14567] inactive_file 0 [ 2272.685804][T14567] active_file 0 [ 2272.685804][T14567] unevictable 0 [ 2272.685804][T14567] slab_reclaimable 413696 [ 2272.685804][T14567] slab_unreclaimable 1572864 [ 2272.685804][T14567] pgfault 125862 [ 2272.685804][T14567] pgmajfault 0 [ 2272.685804][T14567] workingset_refault 0 [ 2272.685804][T14567] workingset_activate 0 [ 2272.685804][T14567] workingset_nodereclaim 0 [ 2272.685804][T14567] pgrefill 0 [ 2272.685804][T14567] pgscan 0 [ 2272.685804][T14567] pgsteal 0 [ 2272.685804][T14567] pgactivate 0 [ 2272.780118][T14567] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14567,uid=0 [ 2272.796123][T14567] Memory cgroup out of memory: Killed process 14567 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2273.844022][ T9353] device bridge_slave_1 left promiscuous mode [ 2273.850790][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2273.904308][ T9353] device bridge_slave_0 left promiscuous mode [ 2273.911238][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state 20:59:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 20:59:40 executing program 3: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) syz_open_dev$vivid(&(0x7f0000000080)='/dev/video#\x00', 0x3, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="54808200", @ANYRES16=r3], 0x2}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000440)={0x1c, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f00000002c0)={0x0, 0x2}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 20:59:40 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000000)=0x80000000002, 0xe3) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000000)=@gcm_256={{}, "441b30cf8619394c", "b1b7640babcf8109c3bc07c9071824f2ddeee9e07528bb03ced792b7c4e742dc", "ba3017d9", "1712cc825e966e25"}, 0x38) [ 2275.255957][ T9353] device hsr_slave_0 left promiscuous mode [ 2275.294766][ T9353] device hsr_slave_1 left promiscuous mode [ 2275.344780][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2275.358592][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2275.372241][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2275.409098][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2275.489375][ T9353] bond0 (unregistering): Released all slaves 20:59:42 executing program 0: r0 = open(&(0x7f0000000280)='./file0\x00', 0x60400, 0x7e) r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r4 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000440)={r6}, 0x8) r7 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f0000000440)={r9}, 0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000440)={r9, 0x2000000}, 0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000300)={r3, 0xa4d, 0x40, 0xfff, 0x10001}, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000380)=@assoc_value={r10, 0x1ff}, 0x8) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') sendfile(r11, 0xffffffffffffffff, 0x0, 0x1) ioctl$KDGETLED(r11, 0x4b31, &(0x7f0000000080)) r12 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000040), 0x4) bind$inet6(r12, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c) listen(r12, 0x400000001ffffffd) r13 = socket$inet6(0xa, 0x6, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r14 = add_key$keyring(&(0x7f0000000040)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$search(0xa, 0x0, &(0x7f00000002c0)='cifs.spnego\x00', 0x0, r14) connect$inet6(r13, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r15 = accept4(r12, 0x0, 0x0, 0x0) sendmmsg(r15, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}}], 0x4000000000000d0, 0x0) r16 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getdents(r16, &(0x7f0000000040)=""/46, 0x2e) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f00000001c0)=0xffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r16, 0x4018620d, &(0x7f0000000e80)={0x73622a85, 0x1000}) getsockname$packet(r16, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) 20:59:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x0, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2277.975776][T14688] IPVS: ftp: loaded support on port[0] = 21 [ 2278.076168][T14688] chnl_net:caif_netlink_parms(): no params data found [ 2278.121667][T14688] bridge0: port 1(bridge_slave_0) entered blocking state [ 2278.129158][T14688] bridge0: port 1(bridge_slave_0) entered disabled state [ 2278.138610][T14688] device bridge_slave_0 entered promiscuous mode [ 2278.148090][T14688] bridge0: port 2(bridge_slave_1) entered blocking state [ 2278.155632][T14688] bridge0: port 2(bridge_slave_1) entered disabled state [ 2278.165086][T14688] device bridge_slave_1 entered promiscuous mode [ 2278.192576][T14688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2278.206087][T14688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2278.234307][T14688] team0: Port device team_slave_0 added [ 2278.243812][T14688] team0: Port device team_slave_1 added 20:59:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0xb00, 0x0) poll(&(0x7f0000000240)=[{r0}], 0x1, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 20:59:44 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) 20:59:44 executing program 3: openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3660, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) syz_open_procfs(0x0, 0x0) [ 2278.307926][T14688] device hsr_slave_0 entered promiscuous mode [ 2278.364211][T14688] device hsr_slave_1 entered promiscuous mode [ 2278.402636][T14688] debugfs: Directory 'hsr0' with parent '/' already present! 20:59:44 executing program 1: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket(0x840000000002, 0x3, 0x200000000000ff) sendmmsg$inet(r5, &(0x7f0000002dc0)=[{{&(0x7f0000000300), 0x10, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="109e093c00000000ca78deb3b94439c0513776de95ad29bbef21a4072f8786ca175af94beb1757ca8f303ed853c75fdf7020fca5"], 0x8}}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_buf(r4, 0x0, 0x30, &(0x7f00000003c0)="8c5929265f40a8ce371b9a1bffe4f3c7eb039fd8586165fc6f05700e1d2e27afc7baafdd94d9d3b9f7c3d329ebb865f28c5c022b28516c8ecabf9bbf11d94a0d02f496a00b46437fd54ed5d89917384b3a830d3f8420dc80f2fea1ba439c1f105155e80743b7fd346356e59a64efc33281c632cda1ecd42837564852c999757e9fbef1b3ef31fcbb81277cb27ffa11c688a60027dcccb971c55842e3ce975ffc26e84fef4c372be8974356105fe6af70043d05e71500c37f76ca92518bfe407d5ccf53a244093f8f8446eacaba40d0b021528d687c6cf7f634399a67390e26f50c601663a142d03b", 0xe8) r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x8, &(0x7f00000004c0)=0x0) io_submit(r7, 0xc2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0x10000}]) r8 = getpid() ptrace(0x10, r8) ptrace$pokeuser(0x6, r8, 0x388, 0xfffffffffffffffe) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) [ 2278.456424][T14688] bridge0: port 2(bridge_slave_1) entered blocking state [ 2278.463739][T14688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2278.471543][T14688] bridge0: port 1(bridge_slave_0) entered blocking state [ 2278.478891][T14688] bridge0: port 1(bridge_slave_0) entered forwarding state 20:59:44 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000005ac0)=[{{0x0, 0x0, &(0x7f0000002a40)=[{&(0x7f00000027c0)="d7", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) [ 2278.626985][T14688] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2278.653437][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2278.664697][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 2278.676354][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 2278.705605][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2278.738723][T14688] 8021q: adding VLAN 0 to HW filter on device team0 [ 2278.768450][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2278.779259][ T5] bridge0: port 1(bridge_slave_0) entered blocking state 20:59:44 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b70400001d0100006a0af2fe00000000850000001a000000b7000000000000009500000000000000a250cafa9644e2420d3e7d31336bcc6e4e7e850be0b2876878ac6285d39d0e21f16e5a33c405caa4a45d01ea0e354366cbb7db6da35a92e528e18ba9d09ce15f505ee4503a1b46"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) [ 2278.786619][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2278.867708][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2278.878025][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2278.885370][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2278.897381][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2278.908369][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 20:59:44 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x10, 0x0, &(0x7f0000000080)) [ 2278.918788][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2278.958311][T14688] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2278.971967][T14688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2279.004273][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2279.014175][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2279.056292][T14688] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2279.219904][T15022] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2279.230261][T15022] CPU: 1 PID: 15022 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2279.238186][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2279.248464][T15022] Call Trace: [ 2279.251801][T15022] dump_stack+0x191/0x1f0 [ 2279.256262][T15022] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2279.262172][T15022] dump_header+0x1e7/0xd00 [ 2279.266629][T15022] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2279.272811][T15022] ? ___ratelimit+0x542/0x720 [ 2279.277529][T15022] ? task_will_free_mem+0x14c/0x810 [ 2279.282774][T15022] oom_kill_process+0x210/0x560 [ 2279.287641][T15022] out_of_memory+0x1796/0x1c70 [ 2279.292431][T15022] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2279.298100][T15022] memory_max_write+0x90b/0xb60 [ 2279.303154][T15022] ? memory_max_show+0x1b0/0x1b0 [ 2279.308130][T15022] cgroup_file_write+0x41a/0x8e0 [ 2279.313449][T15022] ? cgroup_seqfile_stop+0x150/0x150 [ 2279.319721][T15022] kernfs_fop_write+0x55f/0x840 [ 2279.324612][T15022] ? kernfs_fop_read+0x9a0/0x9a0 [ 2279.329811][T15022] __vfs_write+0x1a9/0xcb0 [ 2279.334272][T15022] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2279.340367][T15022] ? __sb_start_write+0x10b/0x230 [ 2279.345414][T15022] vfs_write+0x481/0x920 [ 2279.349709][T15022] ksys_write+0x265/0x430 [ 2279.354081][T15022] __se_sys_write+0x92/0xb0 [ 2279.358612][T15022] __x64_sys_write+0x4a/0x70 [ 2279.363235][T15022] do_syscall_64+0xb6/0x160 [ 2279.367779][T15022] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2279.373725][T15022] RIP: 0033:0x459a59 [ 2279.377707][T15022] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2279.397326][T15022] RSP: 002b:00007fbdc7624c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2279.405755][T15022] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2279.413736][T15022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2279.421734][T15022] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2279.429744][T15022] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc76256d4 [ 2279.437742][T15022] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2279.445905][T15022] memory: usage 4268kB, limit 0kB, failcnt 2938 [ 2279.452216][T15022] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2279.459393][T15022] Memory cgroup stats for /syz5: [ 2279.459719][T15022] anon 159744 [ 2279.459719][T15022] file 1732608 [ 2279.459719][T15022] kernel_stack 196608 [ 2279.459719][T15022] slab 1986560 [ 2279.459719][T15022] sock 0 [ 2279.459719][T15022] shmem 1732608 [ 2279.459719][T15022] file_mapped 0 [ 2279.459719][T15022] file_dirty 0 [ 2279.459719][T15022] file_writeback 0 [ 2279.459719][T15022] anon_thp 0 [ 2279.459719][T15022] inactive_anon 1622016 [ 2279.459719][T15022] active_anon 233472 [ 2279.459719][T15022] inactive_file 0 [ 2279.459719][T15022] active_file 0 [ 2279.459719][T15022] unevictable 0 [ 2279.459719][T15022] slab_reclaimable 413696 [ 2279.459719][T15022] slab_unreclaimable 1572864 [ 2279.459719][T15022] pgfault 126357 [ 2279.459719][T15022] pgmajfault 0 [ 2279.459719][T15022] workingset_refault 0 [ 2279.459719][T15022] workingset_activate 0 [ 2279.459719][T15022] workingset_nodereclaim 0 [ 2279.459719][T15022] pgrefill 0 [ 2279.459719][T15022] pgscan 0 [ 2279.459719][T15022] pgsteal 0 [ 2279.459719][T15022] pgactivate 0 [ 2279.555522][T15022] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15019,uid=0 [ 2279.571187][T15022] Memory cgroup out of memory: Killed process 15019 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2279.592373][ T1833] oom_reaper: reaped process 15019 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2279.626857][T14688] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2279.636962][T14688] CPU: 1 PID: 14688 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2279.644902][T14688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2279.654979][T14688] Call Trace: [ 2279.658286][T14688] dump_stack+0x191/0x1f0 [ 2279.662628][T14688] dump_header+0x1e7/0xd00 [ 2279.667055][T14688] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2279.673302][T14688] ? ___ratelimit+0x542/0x720 [ 2279.677980][T14688] ? task_will_free_mem+0x2c9/0x810 [ 2279.683200][T14688] oom_kill_process+0x210/0x560 [ 2279.688062][T14688] out_of_memory+0x1796/0x1c70 [ 2279.692846][T14688] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2279.698500][T14688] try_charge+0x2889/0x3d70 [ 2279.703018][T14688] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2279.709293][T14688] mem_cgroup_try_charge+0xa29/0xe40 [ 2279.714595][T14688] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2279.720322][T14688] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2279.726225][T14688] handle_mm_fault+0x522b/0x9f70 [ 2279.731192][T14688] do_user_addr_fault+0x905/0x1510 [ 2279.736337][T14688] __do_page_fault+0x1a2/0x410 [ 2279.741111][T14688] do_page_fault+0xbb/0x500 [ 2279.745710][T14688] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2279.751124][T14688] page_fault+0x4e/0x60 [ 2279.755282][T14688] RIP: 0033:0x403522 [ 2279.759180][T14688] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2279.779315][T14688] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2279.785397][T14688] RAX: 0000000000000000 RBX: 000000000022c769 RCX: 0000000000413660 [ 2279.793377][T14688] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2279.801354][T14688] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001a95940 [ 2279.809349][T14688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2279.817374][T14688] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2279.826354][T14688] memory: usage 3856kB, limit 0kB, failcnt 2947 [ 2279.832757][T14688] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2279.839640][T14688] Memory cgroup stats for /syz5: [ 2279.839815][T14688] anon 159744 [ 2279.839815][T14688] file 1732608 [ 2279.839815][T14688] kernel_stack 0 [ 2279.839815][T14688] slab 1986560 [ 2279.839815][T14688] sock 0 [ 2279.839815][T14688] shmem 1732608 [ 2279.839815][T14688] file_mapped 0 [ 2279.839815][T14688] file_dirty 0 [ 2279.839815][T14688] file_writeback 0 [ 2279.839815][T14688] anon_thp 0 [ 2279.839815][T14688] inactive_anon 1622016 [ 2279.839815][T14688] active_anon 233472 [ 2279.839815][T14688] inactive_file 0 [ 2279.839815][T14688] active_file 0 [ 2279.839815][T14688] unevictable 0 [ 2279.839815][T14688] slab_reclaimable 413696 [ 2279.839815][T14688] slab_unreclaimable 1572864 [ 2279.839815][T14688] pgfault 126357 [ 2279.839815][T14688] pgmajfault 0 [ 2279.839815][T14688] workingset_refault 0 [ 2279.839815][T14688] workingset_activate 0 [ 2279.839815][T14688] workingset_nodereclaim 0 [ 2279.839815][T14688] pgrefill 0 [ 2279.839815][T14688] pgscan 0 [ 2279.839815][T14688] pgsteal 0 [ 2279.839815][T14688] pgactivate 0 [ 2279.936012][T14688] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14688,uid=0 [ 2279.951756][T14688] Memory cgroup out of memory: Killed process 14688 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2279.971146][ T1833] oom_reaper: reaped process 14688 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2281.044870][T12780] device bridge_slave_1 left promiscuous mode [ 2281.051489][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2281.094574][T12780] device bridge_slave_0 left promiscuous mode [ 2281.101978][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2281.893349][T12780] device hsr_slave_0 left promiscuous mode [ 2281.932848][T12780] device hsr_slave_1 left promiscuous mode [ 2281.984332][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2281.998696][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2282.010863][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2282.058974][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2282.128618][T12780] bond0 (unregistering): Released all slaves 20:59:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @request_death={0x400c630e, 0x3}, @decrefs], 0x0, 0x0, 0x0}) 20:59:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000e7b0dcc3daa5520d15393464e02ff4091800eb0c280a1d56bb729bd3378032a431db705eb5b2e2b965ac087ecd8645ab029395eb39974ae562cbe55909b8f1f99b9b939000c4bb63a84e2ab946b87fc14b688f5b4c456cb467e285de87dd3c9510a1aadeaf28fb9b710ecf7fdd4240aece1996b95aa33f7a702cf4314043558b94402b9ccfe9622f5aa1809e22cb6a6f516eb5ce41f2f2b733273edb89b06945b3ba545513b0f358d4553053807f609db7928b73b60c04bb9923de8272017f1dc2e6112fd9f7e967fc260299ba5ea9fb0d3fe1befc431917451d1f630256c08b8afbfa1c09b9eac772977a2b01108d5db00f75c66b7b295e96eb336d63ddf4fd217d929bde6a13695ecfa3aa958341f029c2009e91d2d4279af3cd57059a15b68956aa5aaf53fb12c423f9b637185d169b132f110c77a9bb735dd2811ece8f39092950a7e127fc47a78ccda231002246ec19b8a6376e0c1cff2aa8d30c8c7475bca6780028fcc73e0f46b3c4f3d59e2006f4bb84b5c46b7cc096a6570bb963196a"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x1ee, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1cf}, 0x48) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r2, r1, 0xd, 0x2}, 0xd) 20:59:49 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="37481dd5985e1e169613423cd7db8a6561710be0571891e736a563b9dc5378a7e1a3cdc8f6df7673b77425199820e7415870c3090a1cbd7a567b9558a46998ddceb9d4a5e1b21cd7f9c251417c8b9e3f"], 0x1) 20:59:49 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f00000000c0)='/dev/snd/seq\x00', 0x0, 0x0) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x40) 20:59:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x0, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2285.297708][T15138] IPVS: ftp: loaded support on port[0] = 21 [ 2285.394284][T15138] chnl_net:caif_netlink_parms(): no params data found [ 2285.437061][T15138] bridge0: port 1(bridge_slave_0) entered blocking state [ 2285.444461][T15138] bridge0: port 1(bridge_slave_0) entered disabled state [ 2285.454226][T15138] device bridge_slave_0 entered promiscuous mode [ 2285.463578][T15138] bridge0: port 2(bridge_slave_1) entered blocking state [ 2285.470897][T15138] bridge0: port 2(bridge_slave_1) entered disabled state [ 2285.480877][T15138] device bridge_slave_1 entered promiscuous mode 20:59:51 executing program 2: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xfffffffffffffffd, 0x30}, 0xc) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") write$binfmt_script(r0, &(0x7f0000000380)={'#! ', './file0'}, 0xb) 20:59:51 executing program 3: unshare(0x600) creat(&(0x7f0000000040)='./bus\x00', 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 20:59:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket(0x2, 0x3, 0x100000001) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'v\x85an0\x00'}) [ 2285.515085][T15138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2285.530395][T15138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 20:59:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000080)) [ 2285.597603][T15138] team0: Port device team_slave_0 added [ 2285.618478][T15138] team0: Port device team_slave_1 added 20:59:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x30, 0x0, &(0x7f0000000080)) 20:59:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0xc0045878, 0x0) [ 2285.688863][T15138] device hsr_slave_0 entered promiscuous mode [ 2285.724028][T15138] device hsr_slave_1 entered promiscuous mode [ 2285.762630][T15138] debugfs: Directory 'hsr0' with parent '/' already present! 20:59:51 executing program 1: r0 = socket$kcm(0xa, 0x1, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0x19, &(0x7f0000000000), 0x110) [ 2285.824870][T15138] bridge0: port 2(bridge_slave_1) entered blocking state [ 2285.832155][T15138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2285.840048][T15138] bridge0: port 1(bridge_slave_0) entered blocking state [ 2285.847342][T15138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2285.981608][T15138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2286.005612][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2286.018598][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2286.030497][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2286.047556][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2286.066651][T15138] 8021q: adding VLAN 0 to HW filter on device team0 [ 2286.081553][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2286.090983][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2286.098179][ T5226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2286.116101][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2286.125198][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2286.132632][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2286.161333][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2286.172523][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2286.194367][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2286.204771][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2286.218833][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2286.231731][T15138] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2286.260488][T15138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2286.413674][T15265] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2286.424224][T15265] CPU: 0 PID: 15265 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2286.432320][T15265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2286.442412][T15265] Call Trace: [ 2286.445730][T15265] dump_stack+0x191/0x1f0 [ 2286.450084][T15265] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2286.455994][T15265] dump_header+0x1e7/0xd00 [ 2286.460708][T15265] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2286.468153][T15265] ? ___ratelimit+0x542/0x720 [ 2286.472981][T15265] ? task_will_free_mem+0x14c/0x810 [ 2286.478345][T15265] oom_kill_process+0x210/0x560 [ 2286.483239][T15265] out_of_memory+0x1796/0x1c70 [ 2286.488034][T15265] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2286.496422][T15265] memory_max_write+0x90b/0xb60 [ 2286.501327][T15265] ? memory_max_show+0x1b0/0x1b0 [ 2286.506304][T15265] cgroup_file_write+0x41a/0x8e0 [ 2286.511287][T15265] ? cgroup_seqfile_stop+0x150/0x150 [ 2286.516790][T15265] kernfs_fop_write+0x55f/0x840 [ 2286.521673][T15265] ? kernfs_fop_read+0x9a0/0x9a0 [ 2286.526667][T15265] __vfs_write+0x1a9/0xcb0 [ 2286.531214][T15265] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2286.537503][T15265] ? __sb_start_write+0x10b/0x230 [ 2286.542568][T15265] vfs_write+0x481/0x920 [ 2286.546853][T15265] ksys_write+0x265/0x430 [ 2286.551213][T15265] __se_sys_write+0x92/0xb0 [ 2286.555740][T15265] __x64_sys_write+0x4a/0x70 [ 2286.560346][T15265] do_syscall_64+0xb6/0x160 [ 2286.565651][T15265] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2286.571550][T15265] RIP: 0033:0x459a59 [ 2286.575469][T15265] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2286.595732][T15265] RSP: 002b:00007f5e38765c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2286.604171][T15265] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2286.612152][T15265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2286.620312][T15265] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2286.628307][T15265] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e387666d4 [ 2286.636460][T15265] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2286.644636][T15265] memory: usage 5520kB, limit 0kB, failcnt 2956 [ 2286.651302][T15265] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2286.658290][T15265] Memory cgroup stats for /syz5: [ 2286.658613][T15265] anon 159744 [ 2286.658613][T15265] file 2928640 [ 2286.658613][T15265] kernel_stack 196608 [ 2286.658613][T15265] slab 1986560 [ 2286.658613][T15265] sock 0 [ 2286.658613][T15265] shmem 2928640 [ 2286.658613][T15265] file_mapped 0 [ 2286.658613][T15265] file_dirty 0 [ 2286.658613][T15265] file_writeback 0 [ 2286.658613][T15265] anon_thp 0 [ 2286.658613][T15265] inactive_anon 2973696 [ 2286.658613][T15265] active_anon 98304 [ 2286.658613][T15265] inactive_file 0 [ 2286.658613][T15265] active_file 0 [ 2286.658613][T15265] unevictable 0 [ 2286.658613][T15265] slab_reclaimable 413696 [ 2286.658613][T15265] slab_unreclaimable 1572864 [ 2286.658613][T15265] pgfault 126918 [ 2286.658613][T15265] pgmajfault 0 [ 2286.658613][T15265] workingset_refault 0 [ 2286.658613][T15265] workingset_activate 0 [ 2286.658613][T15265] workingset_nodereclaim 0 [ 2286.658613][T15265] pgrefill 0 [ 2286.658613][T15265] pgscan 0 [ 2286.658613][T15265] pgsteal 0 [ 2286.658613][T15265] pgactivate 0 [ 2286.753794][T15265] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15263,uid=0 [ 2286.769456][T15265] Memory cgroup out of memory: Killed process 15263 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2286.792216][ T1833] oom_reaper: reaped process 15263 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2286.825792][T15138] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2286.836302][T15138] CPU: 0 PID: 15138 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2286.844228][T15138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2286.854289][T15138] Call Trace: [ 2286.857605][T15138] dump_stack+0x191/0x1f0 [ 2286.861949][T15138] dump_header+0x1e7/0xd00 [ 2286.866812][T15138] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2286.874002][T15138] ? ___ratelimit+0x542/0x720 [ 2286.878697][T15138] ? task_will_free_mem+0x2c9/0x810 [ 2286.883924][T15138] oom_kill_process+0x210/0x560 [ 2286.888813][T15138] out_of_memory+0x1796/0x1c70 [ 2286.893593][T15138] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2286.899974][T15138] try_charge+0x2889/0x3d70 [ 2286.904512][T15138] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2286.910718][T15138] mem_cgroup_try_charge+0xa29/0xe40 [ 2286.916064][T15138] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2286.921797][T15138] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2286.927721][T15138] handle_mm_fault+0x522b/0x9f70 [ 2286.932726][T15138] do_user_addr_fault+0x905/0x1510 [ 2286.937887][T15138] __do_page_fault+0x1a2/0x410 [ 2286.942660][T15138] do_page_fault+0xbb/0x500 [ 2286.947171][T15138] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2286.952575][T15138] page_fault+0x4e/0x60 [ 2286.956726][T15138] RIP: 0033:0x403522 [ 2286.960729][T15138] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2286.980711][T15138] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2286.986968][T15138] RAX: 0000000000000000 RBX: 000000000022e38c RCX: 0000000000413660 [ 2286.995260][T15138] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2287.003240][T15138] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000028f9940 [ 2287.011470][T15138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2287.019876][T15138] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2287.029190][T15138] memory: usage 5100kB, limit 0kB, failcnt 2965 [ 2287.035589][T15138] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2287.042550][T15138] Memory cgroup stats for /syz5: [ 2287.042871][T15138] anon 159744 [ 2287.042871][T15138] file 2928640 [ 2287.042871][T15138] kernel_stack 0 [ 2287.042871][T15138] slab 1986560 [ 2287.042871][T15138] sock 0 [ 2287.042871][T15138] shmem 2928640 [ 2287.042871][T15138] file_mapped 0 [ 2287.042871][T15138] file_dirty 0 [ 2287.042871][T15138] file_writeback 0 [ 2287.042871][T15138] anon_thp 0 [ 2287.042871][T15138] inactive_anon 2973696 [ 2287.042871][T15138] active_anon 98304 [ 2287.042871][T15138] inactive_file 0 [ 2287.042871][T15138] active_file 0 [ 2287.042871][T15138] unevictable 0 [ 2287.042871][T15138] slab_reclaimable 413696 [ 2287.042871][T15138] slab_unreclaimable 1572864 [ 2287.042871][T15138] pgfault 126918 [ 2287.042871][T15138] pgmajfault 0 [ 2287.042871][T15138] workingset_refault 0 [ 2287.042871][T15138] workingset_activate 0 [ 2287.042871][T15138] workingset_nodereclaim 0 [ 2287.042871][T15138] pgrefill 0 [ 2287.042871][T15138] pgscan 0 [ 2287.042871][T15138] pgsteal 0 [ 2287.042871][T15138] pgactivate 0 [ 2287.138258][T15138] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15138,uid=0 [ 2287.153888][T15138] Memory cgroup out of memory: Killed process 15138 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2287.172836][ T1833] oom_reaper: reaped process 15138 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2288.254655][ T9367] device bridge_slave_1 left promiscuous mode [ 2288.261238][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2288.324928][ T9367] device bridge_slave_0 left promiscuous mode [ 2288.331352][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2289.043029][ T9367] device hsr_slave_0 left promiscuous mode [ 2289.082761][ T9367] device hsr_slave_1 left promiscuous mode [ 2289.142182][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2289.154891][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2289.167904][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2289.228612][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2289.302833][ T9367] bond0 (unregistering): Released all slaves 20:59:58 executing program 4: 20:59:58 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000acc000)={@multicast1, @multicast1, 0x2}, 0xc) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000000)={@multicast2, @multicast1, @empty}, 0xc) 20:59:58 executing program 1: 20:59:58 executing program 0: 20:59:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x0, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2294.574661][T15278] IPVS: ftp: loaded support on port[0] = 21 [ 2294.667847][T15278] chnl_net:caif_netlink_parms(): no params data found [ 2294.706578][T15278] bridge0: port 1(bridge_slave_0) entered blocking state [ 2294.714006][T15278] bridge0: port 1(bridge_slave_0) entered disabled state [ 2294.723583][T15278] device bridge_slave_0 entered promiscuous mode [ 2294.732411][T15278] bridge0: port 2(bridge_slave_1) entered blocking state [ 2294.739552][T15278] bridge0: port 2(bridge_slave_1) entered disabled state [ 2294.749819][T15278] device bridge_slave_1 entered promiscuous mode 21:00:00 executing program 2: 21:00:00 executing program 3: 21:00:00 executing program 1: [ 2294.776676][T15278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2294.790986][T15278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:00:00 executing program 3: 21:00:00 executing program 1: [ 2294.859272][T15278] team0: Port device team_slave_0 added [ 2294.909233][T15278] team0: Port device team_slave_1 added 21:00:01 executing program 3: 21:00:01 executing program 1: [ 2295.038001][T15278] device hsr_slave_0 entered promiscuous mode [ 2295.083761][T15278] device hsr_slave_1 entered promiscuous mode [ 2295.132913][T15278] debugfs: Directory 'hsr0' with parent '/' already present! [ 2295.165608][T15278] bridge0: port 2(bridge_slave_1) entered blocking state [ 2295.172926][T15278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2295.184848][T15278] bridge0: port 1(bridge_slave_0) entered blocking state [ 2295.192123][T15278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2295.251966][T15278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2295.270919][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2295.282555][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2295.291273][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 2295.301634][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2295.319941][T15278] 8021q: adding VLAN 0 to HW filter on device team0 [ 2295.334793][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2295.344249][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 2295.351385][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2295.377160][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2295.387133][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 2295.394381][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2295.415773][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2295.426711][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2295.437437][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2295.452575][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2295.469190][T15278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2295.482118][T15278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2295.494455][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2295.525594][T15278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2295.673476][T15298] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2295.685172][T15298] CPU: 1 PID: 15298 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2295.693115][T15298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2295.704173][T15298] Call Trace: [ 2295.707539][T15298] dump_stack+0x191/0x1f0 [ 2295.711931][T15298] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2295.717888][T15298] dump_header+0x1e7/0xd00 [ 2295.722583][T15298] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2295.728824][T15298] ? ___ratelimit+0x542/0x720 [ 2295.733995][T15298] ? task_will_free_mem+0x14c/0x810 [ 2295.739754][T15298] oom_kill_process+0x210/0x560 [ 2295.744637][T15298] out_of_memory+0x1796/0x1c70 [ 2295.749446][T15298] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2295.755151][T15298] memory_max_write+0x90b/0xb60 [ 2295.760052][T15298] ? memory_max_show+0x1b0/0x1b0 [ 2295.765020][T15298] cgroup_file_write+0x41a/0x8e0 [ 2295.770027][T15298] ? cgroup_seqfile_stop+0x150/0x150 [ 2295.775343][T15298] kernfs_fop_write+0x55f/0x840 [ 2295.780243][T15298] ? kernfs_fop_read+0x9a0/0x9a0 [ 2295.785225][T15298] __vfs_write+0x1a9/0xcb0 [ 2295.789697][T15298] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2295.796054][T15298] ? __sb_start_write+0x10b/0x230 [ 2295.801102][T15298] vfs_write+0x481/0x920 [ 2295.805383][T15298] ksys_write+0x265/0x430 [ 2295.809757][T15298] __se_sys_write+0x92/0xb0 [ 2295.814286][T15298] __x64_sys_write+0x4a/0x70 [ 2295.819003][T15298] do_syscall_64+0xb6/0x160 [ 2295.823579][T15298] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2295.829525][T15298] RIP: 0033:0x459a59 [ 2295.833520][T15298] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2295.853523][T15298] RSP: 002b:00007fadcf6dec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2295.861974][T15298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2295.870516][T15298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2295.878751][T15298] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2295.886883][T15298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadcf6df6d4 [ 2295.895070][T15298] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2295.903798][T15298] memory: usage 5080kB, limit 0kB, failcnt 2974 [ 2295.910083][T15298] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2295.917171][T15298] Memory cgroup stats for /syz5: [ 2295.917477][T15298] anon 159744 [ 2295.917477][T15298] file 2445312 [ 2295.917477][T15298] kernel_stack 196608 [ 2295.917477][T15298] slab 1986560 [ 2295.917477][T15298] sock 0 [ 2295.917477][T15298] shmem 2445312 [ 2295.917477][T15298] file_mapped 0 [ 2295.917477][T15298] file_dirty 0 [ 2295.917477][T15298] file_writeback 0 [ 2295.917477][T15298] anon_thp 0 [ 2295.917477][T15298] inactive_anon 2433024 [ 2295.917477][T15298] active_anon 98304 [ 2295.917477][T15298] inactive_file 0 [ 2295.917477][T15298] active_file 0 [ 2295.917477][T15298] unevictable 0 [ 2295.917477][T15298] slab_reclaimable 413696 [ 2295.917477][T15298] slab_unreclaimable 1572864 [ 2295.917477][T15298] pgfault 127479 [ 2295.917477][T15298] pgmajfault 0 [ 2295.917477][T15298] workingset_refault 0 [ 2295.917477][T15298] workingset_activate 0 [ 2295.917477][T15298] workingset_nodereclaim 0 [ 2295.917477][T15298] pgrefill 0 [ 2295.917477][T15298] pgscan 0 [ 2295.917477][T15298] pgsteal 0 [ 2295.917477][T15298] pgactivate 0 [ 2296.014749][T15298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15296,uid=0 [ 2296.030816][T15298] Memory cgroup out of memory: Killed process 15296 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2296.055357][ T1833] oom_reaper: reaped process 15296 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2296.092074][T15278] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2296.102465][T15278] CPU: 1 PID: 15278 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2296.110471][T15278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2296.121443][T15278] Call Trace: [ 2296.124782][T15278] dump_stack+0x191/0x1f0 [ 2296.129139][T15278] dump_header+0x1e7/0xd00 [ 2296.134467][T15278] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2296.140811][T15278] ? ___ratelimit+0x542/0x720 [ 2296.145502][T15278] ? task_will_free_mem+0x2c9/0x810 [ 2296.150718][T15278] oom_kill_process+0x210/0x560 [ 2296.155779][T15278] out_of_memory+0x1796/0x1c70 [ 2296.160553][T15278] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2296.166237][T15278] try_charge+0x2889/0x3d70 [ 2296.170777][T15278] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2296.177033][T15278] mem_cgroup_try_charge+0xa29/0xe40 [ 2296.182376][T15278] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2296.188137][T15278] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2296.194055][T15278] handle_mm_fault+0x522b/0x9f70 [ 2296.199048][T15278] do_user_addr_fault+0x905/0x1510 [ 2296.208573][T15278] __do_page_fault+0x1a2/0x410 [ 2296.213490][T15278] do_page_fault+0xbb/0x500 [ 2296.218108][T15278] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2296.223522][T15278] page_fault+0x4e/0x60 [ 2296.227806][T15278] RIP: 0033:0x403522 [ 2296.232343][T15278] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2296.251977][T15278] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2296.259260][T15278] RAX: 0000000000000000 RBX: 00000000002307b8 RCX: 0000000000413660 [ 2296.267246][T15278] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2296.275447][T15278] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002725940 [ 2296.283620][T15278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2296.291641][T15278] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2296.301077][T15278] memory: usage 4664kB, limit 0kB, failcnt 2983 [ 2296.307421][T15278] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2296.314551][T15278] Memory cgroup stats for /syz5: [ 2296.314913][T15278] anon 20480 [ 2296.314913][T15278] file 2445312 [ 2296.314913][T15278] kernel_stack 0 [ 2296.314913][T15278] slab 1986560 [ 2296.314913][T15278] sock 0 [ 2296.314913][T15278] shmem 2445312 [ 2296.314913][T15278] file_mapped 0 [ 2296.314913][T15278] file_dirty 0 [ 2296.314913][T15278] file_writeback 0 [ 2296.314913][T15278] anon_thp 0 [ 2296.314913][T15278] inactive_anon 2568192 [ 2296.314913][T15278] active_anon 98304 [ 2296.314913][T15278] inactive_file 0 [ 2296.314913][T15278] active_file 0 [ 2296.314913][T15278] unevictable 0 [ 2296.314913][T15278] slab_reclaimable 413696 [ 2296.314913][T15278] slab_unreclaimable 1572864 [ 2296.314913][T15278] pgfault 127512 [ 2296.314913][T15278] pgmajfault 0 [ 2296.314913][T15278] workingset_refault 0 [ 2296.314913][T15278] workingset_activate 0 [ 2296.314913][T15278] workingset_nodereclaim 0 [ 2296.314913][T15278] pgrefill 0 [ 2296.314913][T15278] pgscan 0 [ 2296.314913][T15278] pgsteal 0 [ 2296.314913][T15278] pgactivate 0 [ 2296.409312][T15278] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15278,uid=0 [ 2296.425256][T15278] Memory cgroup out of memory: Killed process 15278 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2297.434441][T12780] device bridge_slave_1 left promiscuous mode [ 2297.444547][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2297.494794][T12780] device bridge_slave_0 left promiscuous mode [ 2297.501492][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.223295][T12780] device hsr_slave_0 left promiscuous mode [ 2298.262779][T12780] device hsr_slave_1 left promiscuous mode [ 2298.334748][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2298.348330][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2298.363165][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2298.409275][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2298.496483][T12780] bond0 (unregistering): Released all slaves 21:00:05 executing program 4: 21:00:05 executing program 3: 21:00:05 executing program 1: 21:00:05 executing program 0: 21:00:05 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x0, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2300.843183][T15308] IPVS: ftp: loaded support on port[0] = 21 [ 2300.929879][T15308] chnl_net:caif_netlink_parms(): no params data found [ 2300.968916][T15308] bridge0: port 1(bridge_slave_0) entered blocking state [ 2300.976411][T15308] bridge0: port 1(bridge_slave_0) entered disabled state [ 2300.985423][T15308] device bridge_slave_0 entered promiscuous mode [ 2300.995080][T15308] bridge0: port 2(bridge_slave_1) entered blocking state [ 2301.002187][T15308] bridge0: port 2(bridge_slave_1) entered disabled state [ 2301.011087][T15308] device bridge_slave_1 entered promiscuous mode [ 2301.035698][T15308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2301.048382][T15308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2301.089512][T15308] team0: Port device team_slave_0 added [ 2301.099939][T15308] team0: Port device team_slave_1 added [ 2301.155852][T15308] device hsr_slave_0 entered promiscuous mode [ 2301.203996][T15308] device hsr_slave_1 entered promiscuous mode [ 2301.242626][T15308] debugfs: Directory 'hsr0' with parent '/' already present! [ 2301.267163][T15308] bridge0: port 2(bridge_slave_1) entered blocking state [ 2301.274512][T15308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2301.282128][T15308] bridge0: port 1(bridge_slave_0) entered blocking state [ 2301.289414][T15308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2301.356303][T15308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2301.376145][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2301.386097][ T5303] bridge0: port 1(bridge_slave_0) entered disabled state [ 2301.395074][ T5303] bridge0: port 2(bridge_slave_1) entered disabled state [ 2301.406712][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2301.425649][T15308] 8021q: adding VLAN 0 to HW filter on device team0 [ 2301.440500][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2301.449938][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2301.457140][ T5226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2301.474523][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2301.483493][T12782] bridge0: port 2(bridge_slave_1) entered blocking state [ 2301.490604][T12782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2301.519410][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2301.533119][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2301.550337][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2301.573863][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2301.583516][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2301.597685][T15308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2301.633584][T15308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2301.783248][T15314] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2301.794051][T15314] CPU: 0 PID: 15314 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2301.802012][T15314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2301.812209][T15314] Call Trace: [ 2301.815781][T15314] dump_stack+0x191/0x1f0 [ 2301.820198][T15314] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2301.826141][T15314] dump_header+0x1e7/0xd00 [ 2301.830948][T15314] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2301.837145][T15314] ? ___ratelimit+0x542/0x720 [ 2301.841856][T15314] ? task_will_free_mem+0x14c/0x810 [ 2301.847109][T15314] oom_kill_process+0x210/0x560 [ 2301.852005][T15314] out_of_memory+0x1796/0x1c70 [ 2301.856820][T15314] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2301.862515][T15314] memory_max_write+0x90b/0xb60 [ 2301.867467][T15314] ? memory_max_show+0x1b0/0x1b0 [ 2301.872455][T15314] cgroup_file_write+0x41a/0x8e0 [ 2301.877439][T15314] ? cgroup_seqfile_stop+0x150/0x150 [ 2301.882749][T15314] kernfs_fop_write+0x55f/0x840 [ 2301.887632][T15314] ? kernfs_fop_read+0x9a0/0x9a0 [ 2301.892615][T15314] __vfs_write+0x1a9/0xcb0 [ 2301.897202][T15314] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2301.903304][T15314] ? __sb_start_write+0x10b/0x230 [ 2301.908701][T15314] vfs_write+0x481/0x920 [ 2301.912978][T15314] ksys_write+0x265/0x430 [ 2301.917414][T15314] __se_sys_write+0x92/0xb0 [ 2301.921980][T15314] __x64_sys_write+0x4a/0x70 [ 2301.926661][T15314] do_syscall_64+0xb6/0x160 [ 2301.931230][T15314] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2301.937147][T15314] RIP: 0033:0x459a59 [ 2301.941082][T15314] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2301.960716][T15314] RSP: 002b:00007f8223de0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2301.969643][T15314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2301.977669][T15314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2301.986836][T15314] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2301.994947][T15314] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8223de16d4 [ 2302.003115][T15314] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2302.011889][T15314] memory: usage 5172kB, limit 0kB, failcnt 2992 [ 2302.019476][T15314] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2302.026477][T15314] Memory cgroup stats for /syz5: [ 2302.026814][T15314] anon 155648 [ 2302.026814][T15314] file 2596864 [ 2302.026814][T15314] kernel_stack 196608 [ 2302.026814][T15314] slab 1986560 [ 2302.026814][T15314] sock 0 [ 2302.026814][T15314] shmem 2596864 [ 2302.026814][T15314] file_mapped 0 [ 2302.026814][T15314] file_dirty 0 [ 2302.026814][T15314] file_writeback 0 [ 2302.026814][T15314] anon_thp 0 [ 2302.026814][T15314] inactive_anon 2703360 [ 2302.026814][T15314] active_anon 98304 [ 2302.026814][T15314] inactive_file 0 [ 2302.026814][T15314] active_file 0 [ 2302.026814][T15314] unevictable 0 [ 2302.026814][T15314] slab_reclaimable 413696 [ 2302.026814][T15314] slab_unreclaimable 1572864 [ 2302.026814][T15314] pgfault 128073 [ 2302.026814][T15314] pgmajfault 0 [ 2302.026814][T15314] workingset_refault 0 [ 2302.026814][T15314] workingset_activate 0 [ 2302.026814][T15314] workingset_nodereclaim 0 [ 2302.026814][T15314] pgrefill 0 [ 2302.026814][T15314] pgscan 0 [ 2302.026814][T15314] pgsteal 0 [ 2302.026814][T15314] pgactivate 0 [ 2302.123683][T15314] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15312,uid=0 [ 2302.139803][T15314] Memory cgroup out of memory: Killed process 15312 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2302.163804][ T1833] oom_reaper: reaped process 15312 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2302.203825][T15308] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2302.213995][T15308] CPU: 0 PID: 15308 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2302.222672][T15308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2302.232907][T15308] Call Trace: [ 2302.236240][T15308] dump_stack+0x191/0x1f0 [ 2302.240600][T15308] dump_header+0x1e7/0xd00 [ 2302.245045][T15308] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2302.252898][T15308] ? ___ratelimit+0x542/0x720 [ 2302.257942][T15308] ? task_will_free_mem+0x2c9/0x810 [ 2302.263337][T15308] oom_kill_process+0x210/0x560 [ 2302.269947][T15308] out_of_memory+0x1796/0x1c70 [ 2302.274746][T15308] try_charge+0x2889/0x3d70 [ 2302.279332][T15308] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2302.285538][T15308] mem_cgroup_try_charge+0xa29/0xe40 [ 2302.290863][T15308] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2302.296628][T15308] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2302.302548][T15308] handle_mm_fault+0x522b/0x9f70 [ 2302.307536][T15308] do_user_addr_fault+0x905/0x1510 [ 2302.312777][T15308] __do_page_fault+0x1a2/0x410 [ 2302.317599][T15308] do_page_fault+0xbb/0x500 [ 2302.322179][T15308] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2302.327613][T15308] page_fault+0x4e/0x60 [ 2302.331783][T15308] RIP: 0033:0x403522 [ 2302.335698][T15308] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2302.356042][T15308] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2302.362260][T15308] RAX: 0000000000000000 RBX: 0000000000231f89 RCX: 0000000000413660 [ 2302.370442][T15308] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2302.378423][T15308] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000185a940 [ 2302.387198][T15308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2302.395877][T15308] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2302.406313][T15308] memory: usage 4752kB, limit 0kB, failcnt 3001 [ 2302.412719][T15308] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2302.419623][T15308] Memory cgroup stats for /syz5: [ 2302.419983][T15308] anon 155648 [ 2302.419983][T15308] file 2596864 [ 2302.419983][T15308] kernel_stack 0 [ 2302.419983][T15308] slab 1986560 [ 2302.419983][T15308] sock 0 [ 2302.419983][T15308] shmem 2596864 [ 2302.419983][T15308] file_mapped 0 [ 2302.419983][T15308] file_dirty 0 [ 2302.419983][T15308] file_writeback 0 [ 2302.419983][T15308] anon_thp 0 [ 2302.419983][T15308] inactive_anon 2703360 [ 2302.419983][T15308] active_anon 98304 [ 2302.419983][T15308] inactive_file 0 [ 2302.419983][T15308] active_file 0 [ 2302.419983][T15308] unevictable 0 [ 2302.419983][T15308] slab_reclaimable 413696 [ 2302.419983][T15308] slab_unreclaimable 1572864 [ 2302.419983][T15308] pgfault 128073 [ 2302.419983][T15308] pgmajfault 0 [ 2302.419983][T15308] workingset_refault 0 [ 2302.419983][T15308] workingset_activate 0 [ 2302.419983][T15308] workingset_nodereclaim 0 [ 2302.419983][T15308] pgrefill 0 [ 2302.419983][T15308] pgscan 0 [ 2302.419983][T15308] pgsteal 0 [ 2302.419983][T15308] pgactivate 0 [ 2302.518260][T15308] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15308,uid=0 [ 2302.534012][T15308] Memory cgroup out of memory: Killed process 15308 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2302.553118][ T1833] oom_reaper: reaped process 15308 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2303.694879][ T9367] device bridge_slave_1 left promiscuous mode [ 2303.701354][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2303.764675][ T9367] device bridge_slave_0 left promiscuous mode [ 2303.771139][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state 21:00:10 executing program 2: 21:00:10 executing program 1: 21:00:10 executing program 3: 21:00:10 executing program 4: 21:00:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x0, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) eventfd(0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r6, r5, 0x0) 21:00:10 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='mem\x00\x00\x00\x00\xa9\xc8\a\x13', 0x275a, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e0000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100738d7a3100000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000050000000000000000000000000000000000cf0a000000000000000000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000003b38e967ac8206eaae86b97eec0b2bed1ee23364b10d6aad5102000000e2a1db3c6a31e30dee4afc66d2442805201c39389a804c41c2993fc17e8a149f27084210126e8bd691a40bc4e19e9a6045e14e8a0800550e6a25c0ef65f6ec71f0084254d140187fafa4a1ee6ece53c67385b883a36ad24a7dce0973c362bd726a8ab11b0a0b00e77e6c16189cf816cbe01a4ce411378eaab7372dab5eef84c31b3cad868a53e6f5e69746a7a0beda0686d2aa4d394286e5c81eae45e3a25b942b8da11edb570f553acab1d57f25833d4d4c13eef0e0e62be2015eedef3c32984c6c4b2b9c33d8a624cea95c3b3c6dd8735690f4786fc5166b0300000000000000008565da15000000592f1e58ac5adfcb2c735251df5155581209087af5b484f1315d1453c8d55cd77c768bbd325a0df1c66157565fcde1b23f77b236b3af131d270847e13d6c0461d02e8f139f13e0f395ec57e8f5be27deb307e3fe835907"], 0x12e) write$UHID_DESTROY(r0, &(0x7f0000000280), 0xfed0) mmap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x200000c, 0x11, r0, 0xff0f0000) [ 2304.315269][ T5226] hid-generic 0000:0000:0000.0007: ignoring exceeding usage max [ 2304.379852][ T5226] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on sz1 21:00:10 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write(0xffffffffffffffff, &(0x7f0000000000)="fc00000048000700ab0925ee090007000a060000000000000001369321000100ff0100000005d00000000000000398996c92770411419da79bb94b46fe000000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bb6b07e4f40000000000005a32e280fc83ab82f605f70c9ddef245c1bc79ebbaa08a", 0x88) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000002c0)=0x9) readv(r0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/195, 0x57}], 0x1) write$binfmt_elf32(r0, &(0x7f0000000480)=ANY=[], 0xf5) 21:00:10 executing program 1: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$EVIOCGLED(0xffffffffffffffff, 0x80404519, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) 21:00:11 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') rmdir(&(0x7f0000000040)='./file0\x00') [ 2305.623316][ T9367] device hsr_slave_0 left promiscuous mode [ 2305.682631][ T9367] device hsr_slave_1 left promiscuous mode [ 2305.766326][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2305.782119][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2305.798257][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2305.839258][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2305.920159][ T9367] bond0 (unregistering): Released all slaves [ 2306.536913][T15648] IPVS: ftp: loaded support on port[0] = 21 [ 2306.640430][T15648] chnl_net:caif_netlink_parms(): no params data found [ 2306.691910][T15648] bridge0: port 1(bridge_slave_0) entered blocking state [ 2306.699297][T15648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2306.708902][T15648] device bridge_slave_0 entered promiscuous mode [ 2306.718548][T15648] bridge0: port 2(bridge_slave_1) entered blocking state [ 2306.726157][T15648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2306.735468][T15648] device bridge_slave_1 entered promiscuous mode [ 2306.763196][T15648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2306.777227][T15648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2306.806687][T15648] team0: Port device team_slave_0 added [ 2306.816024][T15648] team0: Port device team_slave_1 added [ 2306.886789][T15648] device hsr_slave_0 entered promiscuous mode [ 2306.933703][T15648] device hsr_slave_1 entered promiscuous mode [ 2307.002852][T15648] debugfs: Directory 'hsr0' with parent '/' already present! [ 2307.101554][T15648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2307.120892][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2307.130238][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2307.145033][T15648] 8021q: adding VLAN 0 to HW filter on device team0 [ 2307.158607][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2307.168856][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2307.178122][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2307.185408][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2307.196038][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2307.215339][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2307.227937][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2307.238656][T12782] bridge0: port 2(bridge_slave_1) entered blocking state [ 2307.246011][T12782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2307.256143][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2307.273916][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2307.290122][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2307.300560][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2307.311800][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2307.325883][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2307.335950][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2307.356988][T15648] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2307.367599][T15648] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2307.382254][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2307.393522][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2307.403808][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2307.413500][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2307.423315][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2307.453503][T15648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2307.588904][T15653] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2307.600497][T15653] CPU: 0 PID: 15653 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2307.608653][T15653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2307.618746][T15653] Call Trace: [ 2307.622696][T15653] dump_stack+0x191/0x1f0 [ 2307.627193][T15653] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2307.633812][T15653] dump_header+0x1e7/0xd00 [ 2307.638311][T15653] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2307.644527][T15653] ? ___ratelimit+0x542/0x720 [ 2307.649327][T15653] ? task_will_free_mem+0x14c/0x810 [ 2307.654825][T15653] oom_kill_process+0x210/0x560 [ 2307.659718][T15653] out_of_memory+0x1796/0x1c70 [ 2307.664546][T15653] memory_max_write+0x90b/0xb60 [ 2307.669493][T15653] ? memory_max_show+0x1b0/0x1b0 [ 2307.674493][T15653] cgroup_file_write+0x41a/0x8e0 [ 2307.679474][T15653] ? cgroup_seqfile_stop+0x150/0x150 [ 2307.684819][T15653] kernfs_fop_write+0x55f/0x840 [ 2307.689731][T15653] ? kernfs_fop_read+0x9a0/0x9a0 [ 2307.694716][T15653] __vfs_write+0x1a9/0xcb0 [ 2307.699265][T15653] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2307.705360][T15653] ? __sb_start_write+0x10b/0x230 [ 2307.710406][T15653] vfs_write+0x481/0x920 [ 2307.714679][T15653] ksys_write+0x265/0x430 [ 2307.719063][T15653] __se_sys_write+0x92/0xb0 [ 2307.723945][T15653] __x64_sys_write+0x4a/0x70 [ 2307.728807][T15653] do_syscall_64+0xb6/0x160 [ 2307.733386][T15653] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2307.739331][T15653] RIP: 0033:0x459a59 [ 2307.743345][T15653] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2307.764045][T15653] RSP: 002b:00007f39c8bc0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2307.772511][T15653] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2307.780761][T15653] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2307.788887][T15653] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2307.796889][T15653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f39c8bc16d4 [ 2307.804879][T15653] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2307.813236][T15653] memory: usage 5396kB, limit 0kB, failcnt 3010 [ 2307.819566][T15653] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2307.826587][T15653] Memory cgroup stats for /syz5: [ 2307.826937][T15653] anon 155648 [ 2307.826937][T15653] file 2895872 [ 2307.826937][T15653] kernel_stack 196608 [ 2307.826937][T15653] slab 1986560 [ 2307.826937][T15653] sock 0 [ 2307.826937][T15653] shmem 2895872 [ 2307.826937][T15653] file_mapped 0 [ 2307.826937][T15653] file_dirty 0 [ 2307.826937][T15653] file_writeback 0 [ 2307.826937][T15653] anon_thp 0 [ 2307.826937][T15653] inactive_anon 2838528 [ 2307.826937][T15653] active_anon 98304 [ 2307.826937][T15653] inactive_file 0 [ 2307.826937][T15653] active_file 0 [ 2307.826937][T15653] unevictable 0 [ 2307.826937][T15653] slab_reclaimable 413696 [ 2307.826937][T15653] slab_unreclaimable 1572864 [ 2307.826937][T15653] pgfault 128667 [ 2307.826937][T15653] pgmajfault 0 [ 2307.826937][T15653] workingset_refault 0 [ 2307.826937][T15653] workingset_activate 0 [ 2307.826937][T15653] workingset_nodereclaim 0 [ 2307.826937][T15653] pgrefill 0 [ 2307.826937][T15653] pgscan 0 [ 2307.826937][T15653] pgsteal 0 [ 2307.826937][T15653] pgactivate 0 [ 2307.924124][T15653] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15651,uid=0 [ 2307.939800][T15653] Memory cgroup out of memory: Killed process 15651 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2307.961691][ T1833] oom_reaper: reaped process 15651 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2307.999512][T15648] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2308.009830][T15648] CPU: 0 PID: 15648 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2308.017879][T15648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2308.028087][T15648] Call Trace: [ 2308.031439][T15648] dump_stack+0x191/0x1f0 [ 2308.035821][T15648] dump_header+0x1e7/0xd00 [ 2308.040604][T15648] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2308.046801][T15648] ? ___ratelimit+0x542/0x720 [ 2308.051515][T15648] ? task_will_free_mem+0x2c9/0x810 [ 2308.057276][T15648] oom_kill_process+0x210/0x560 [ 2308.062166][T15648] out_of_memory+0x1796/0x1c70 [ 2308.066963][T15648] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2308.072644][T15648] try_charge+0x2889/0x3d70 [ 2308.077186][T15648] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2308.083405][T15648] mem_cgroup_try_charge+0xa29/0xe40 [ 2308.088739][T15648] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2308.094678][T15648] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2308.100607][T15648] handle_mm_fault+0x522b/0x9f70 [ 2308.105838][T15648] do_user_addr_fault+0x905/0x1510 [ 2308.111044][T15648] __do_page_fault+0x1a2/0x410 [ 2308.116308][T15648] do_page_fault+0xbb/0x500 [ 2308.121040][T15648] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2308.126455][T15648] page_fault+0x4e/0x60 [ 2308.130633][T15648] RIP: 0033:0x403522 [ 2308.134556][T15648] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2308.155043][T15648] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2308.161330][T15648] RAX: 0000000000000000 RBX: 0000000000233643 RCX: 0000000000413660 [ 2308.169317][T15648] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2308.177322][T15648] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000021fa940 [ 2308.185507][T15648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2308.193723][T15648] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2308.204044][T15648] memory: usage 4976kB, limit 0kB, failcnt 3025 [ 2308.210467][T15648] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2308.217437][T15648] Memory cgroup stats for /syz5: [ 2308.217764][T15648] anon 155648 [ 2308.217764][T15648] file 2895872 [ 2308.217764][T15648] kernel_stack 0 [ 2308.217764][T15648] slab 1986560 [ 2308.217764][T15648] sock 0 [ 2308.217764][T15648] shmem 2895872 [ 2308.217764][T15648] file_mapped 0 [ 2308.217764][T15648] file_dirty 0 [ 2308.217764][T15648] file_writeback 0 [ 2308.217764][T15648] anon_thp 0 [ 2308.217764][T15648] inactive_anon 2838528 [ 2308.217764][T15648] active_anon 98304 [ 2308.217764][T15648] inactive_file 0 [ 2308.217764][T15648] active_file 0 [ 2308.217764][T15648] unevictable 0 [ 2308.217764][T15648] slab_reclaimable 413696 [ 2308.217764][T15648] slab_unreclaimable 1572864 [ 2308.217764][T15648] pgfault 128667 [ 2308.217764][T15648] pgmajfault 0 [ 2308.217764][T15648] workingset_refault 0 [ 2308.217764][T15648] workingset_activate 0 [ 2308.217764][T15648] workingset_nodereclaim 0 [ 2308.217764][T15648] pgrefill 0 [ 2308.217764][T15648] pgscan 0 [ 2308.217764][T15648] pgsteal 0 [ 2308.217764][T15648] pgactivate 0 [ 2308.313330][T15648] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15648,uid=0 [ 2308.328946][T15648] Memory cgroup out of memory: Killed process 15648 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 21:00:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2) 21:00:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2308.347858][ T1833] oom_reaper: reaped process 15648 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2309.424798][T14927] device bridge_slave_1 left promiscuous mode [ 2309.431212][T14927] bridge0: port 2(bridge_slave_1) entered disabled state [ 2309.494267][T14927] device bridge_slave_0 left promiscuous mode [ 2309.500750][T14927] bridge0: port 1(bridge_slave_0) entered disabled state [ 2310.183250][T14927] device hsr_slave_0 left promiscuous mode [ 2310.252629][T14927] device hsr_slave_1 left promiscuous mode [ 2310.302916][T14927] team0 (unregistering): Port device team_slave_1 removed [ 2310.316508][T14927] team0 (unregistering): Port device team_slave_0 removed [ 2310.330097][T14927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2310.368283][T14927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2310.457811][T14927] bond0 (unregistering): Released all slaves 21:00:19 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000040)=0xb1e, 0x4) 21:00:19 executing program 1: r0 = socket$kcm(0xa, 0x2, 0x73) setsockopt$sock_attach_bpf(r0, 0x29, 0x16, 0x0, 0x0) 21:00:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x0, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:19 executing program 4: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2014840}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x98, 0x0, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfd66}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x84dd}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7d04}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}]}]}, 0x98}, 0x1, 0x0, 0x0, 0xe4be57b1f0241fdc}, 0x4000) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400440, 0x0) dup3(0xffffffffffffffff, r2, 0x80000) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7ff}}, 0xe8) sendmmsg(r3, 0x0, 0x0, 0x0) r4 = dup(r3) renameat2(r2, &(0x7f0000000100)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00', 0x0) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) eventfd(0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x2}) r8 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r8, r7, 0x0) pipe2(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 21:00:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:19 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x1, 0x2) write$P9_RLCREATE(r0, &(0x7f0000000140)={0x18}, 0x18) 21:00:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r1, 0x0, 0xff1b, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f0000000240), 0x1192aca8268c9077, 0x0, 0x0, 0xffffffffffffff06) connect(r1, &(0x7f0000000080)=@un=@file={0x0, './file0\x00'}, 0x80) 21:00:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, 0x0) 21:00:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2313.948811][T15683] binder: BINDER_SET_CONTEXT_MGR already set [ 2313.955652][T15683] binder: 15682:15683 ioctl 40046207 0 returned -16 21:00:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2315.477217][T15795] IPVS: ftp: loaded support on port[0] = 21 [ 2315.568178][T15795] chnl_net:caif_netlink_parms(): no params data found [ 2315.605579][T15795] bridge0: port 1(bridge_slave_0) entered blocking state [ 2315.613491][T15795] bridge0: port 1(bridge_slave_0) entered disabled state [ 2315.622636][T15795] device bridge_slave_0 entered promiscuous mode [ 2315.631511][T15795] bridge0: port 2(bridge_slave_1) entered blocking state [ 2315.638824][T15795] bridge0: port 2(bridge_slave_1) entered disabled state [ 2315.647580][T15795] device bridge_slave_1 entered promiscuous mode [ 2315.675928][T15795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2315.688648][T15795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2315.718072][T15795] team0: Port device team_slave_0 added [ 2315.727066][T15795] team0: Port device team_slave_1 added [ 2315.786752][T15795] device hsr_slave_0 entered promiscuous mode [ 2315.833197][T15795] device hsr_slave_1 entered promiscuous mode [ 2315.872410][T15795] debugfs: Directory 'hsr0' with parent '/' already present! [ 2315.895687][T15795] bridge0: port 2(bridge_slave_1) entered blocking state [ 2315.902978][T15795] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2315.910522][T15795] bridge0: port 1(bridge_slave_0) entered blocking state [ 2315.917786][T15795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2315.975340][T15795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2315.993763][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2316.004674][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2316.013714][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2316.026455][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2316.044191][T15795] 8021q: adding VLAN 0 to HW filter on device team0 [ 2316.058097][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2316.066951][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2316.074203][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2316.093983][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2316.103745][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2316.110971][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2316.145245][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2316.157583][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2316.167141][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2316.176977][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2316.193304][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2316.208045][T15795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2316.238167][T15795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2316.376793][T15802] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2316.387322][T15802] CPU: 1 PID: 15802 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2316.395334][T15802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.405659][T15802] Call Trace: [ 2316.409059][T15802] dump_stack+0x191/0x1f0 [ 2316.413451][T15802] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2316.419366][T15802] dump_header+0x1e7/0xd00 [ 2316.423805][T15802] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2316.430072][T15802] ? ___ratelimit+0x542/0x720 [ 2316.434873][T15802] ? task_will_free_mem+0x14c/0x810 [ 2316.440140][T15802] oom_kill_process+0x210/0x560 [ 2316.445194][T15802] out_of_memory+0x1796/0x1c70 [ 2316.450091][T15802] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2316.455815][T15802] memory_max_write+0x90b/0xb60 [ 2316.460792][T15802] ? memory_max_show+0x1b0/0x1b0 [ 2316.465794][T15802] cgroup_file_write+0x41a/0x8e0 [ 2316.470888][T15802] ? cgroup_seqfile_stop+0x150/0x150 [ 2316.476350][T15802] kernfs_fop_write+0x55f/0x840 [ 2316.481241][T15802] ? kernfs_fop_read+0x9a0/0x9a0 [ 2316.486872][T15802] __vfs_write+0x1a9/0xcb0 [ 2316.491373][T15802] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2316.497735][T15802] ? __sb_start_write+0x10b/0x230 [ 2316.502953][T15802] vfs_write+0x481/0x920 [ 2316.507231][T15802] ksys_write+0x265/0x430 [ 2316.511661][T15802] __se_sys_write+0x92/0xb0 [ 2316.516219][T15802] __x64_sys_write+0x4a/0x70 [ 2316.520838][T15802] do_syscall_64+0xb6/0x160 [ 2316.525374][T15802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2316.531283][T15802] RIP: 0033:0x459a59 [ 2316.535240][T15802] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2316.554942][T15802] RSP: 002b:00007efda44bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2316.563421][T15802] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2316.571599][T15802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2316.579595][T15802] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2316.587591][T15802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efda44c06d4 [ 2316.595586][T15802] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2316.604529][T15802] memory: usage 5700kB, limit 0kB, failcnt 3034 [ 2316.610843][T15802] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2316.617834][T15802] Memory cgroup stats for /syz5: [ 2316.618155][T15802] anon 155648 [ 2316.618155][T15802] file 3272704 [ 2316.618155][T15802] kernel_stack 196608 [ 2316.618155][T15802] slab 1986560 [ 2316.618155][T15802] sock 0 [ 2316.618155][T15802] shmem 3272704 [ 2316.618155][T15802] file_mapped 0 [ 2316.618155][T15802] file_dirty 0 [ 2316.618155][T15802] file_writeback 0 [ 2316.618155][T15802] anon_thp 0 [ 2316.618155][T15802] inactive_anon 3108864 [ 2316.618155][T15802] active_anon 98304 [ 2316.618155][T15802] inactive_file 0 [ 2316.618155][T15802] active_file 0 [ 2316.618155][T15802] unevictable 0 [ 2316.618155][T15802] slab_reclaimable 413696 [ 2316.618155][T15802] slab_unreclaimable 1572864 [ 2316.618155][T15802] pgfault 129228 [ 2316.618155][T15802] pgmajfault 0 [ 2316.618155][T15802] workingset_refault 0 [ 2316.618155][T15802] workingset_activate 0 [ 2316.618155][T15802] workingset_nodereclaim 0 [ 2316.618155][T15802] pgrefill 0 [ 2316.618155][T15802] pgscan 0 [ 2316.618155][T15802] pgsteal 0 [ 2316.618155][T15802] pgactivate 0 [ 2316.714183][T15802] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15800,uid=0 [ 2316.729908][T15802] Memory cgroup out of memory: Killed process 15800 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2316.752033][ T1833] oom_reaper: reaped process 15800 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2316.789512][T15795] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2316.799714][T15795] CPU: 0 PID: 15795 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2316.807643][T15795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.817720][T15795] Call Trace: [ 2316.821040][T15795] dump_stack+0x191/0x1f0 [ 2316.825401][T15795] dump_header+0x1e7/0xd00 [ 2316.829872][T15795] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2316.836055][T15795] ? ___ratelimit+0x542/0x720 [ 2316.840754][T15795] ? task_will_free_mem+0x2c9/0x810 [ 2316.845983][T15795] oom_kill_process+0x210/0x560 [ 2316.850868][T15795] out_of_memory+0x1796/0x1c70 [ 2316.855662][T15795] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2316.861331][T15795] try_charge+0x2889/0x3d70 [ 2316.865893][T15795] mem_cgroup_try_charge+0xa29/0xe40 [ 2316.871258][T15795] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2316.877011][T15795] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2316.883287][T15795] handle_mm_fault+0x522b/0x9f70 [ 2316.888338][T15795] do_user_addr_fault+0x905/0x1510 [ 2316.893492][T15795] __do_page_fault+0x1a2/0x410 [ 2316.898318][T15795] do_page_fault+0xbb/0x500 [ 2316.903567][T15795] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2316.908986][T15795] page_fault+0x4e/0x60 [ 2316.913965][T15795] RIP: 0033:0x403522 [ 2316.917879][T15795] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2316.937815][T15795] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2316.943912][T15795] RAX: 0000000000000000 RBX: 0000000000235896 RCX: 0000000000413660 [ 2316.952861][T15795] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2316.960957][T15795] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000023e7940 [ 2316.969057][T15795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2316.977060][T15795] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2316.986273][T15795] memory: usage 5280kB, limit 0kB, failcnt 3049 [ 2316.992670][T15795] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2316.999555][T15795] Memory cgroup stats for /syz5: [ 2316.999886][T15795] anon 4096 [ 2316.999886][T15795] file 3272704 [ 2316.999886][T15795] kernel_stack 0 [ 2316.999886][T15795] slab 1986560 [ 2316.999886][T15795] sock 0 [ 2316.999886][T15795] shmem 3272704 [ 2316.999886][T15795] file_mapped 0 [ 2316.999886][T15795] file_dirty 0 [ 2316.999886][T15795] file_writeback 0 [ 2316.999886][T15795] anon_thp 0 [ 2316.999886][T15795] inactive_anon 3244032 [ 2316.999886][T15795] active_anon 98304 [ 2316.999886][T15795] inactive_file 0 [ 2316.999886][T15795] active_file 0 [ 2316.999886][T15795] unevictable 0 [ 2316.999886][T15795] slab_reclaimable 413696 [ 2316.999886][T15795] slab_unreclaimable 1572864 [ 2316.999886][T15795] pgfault 129228 [ 2316.999886][T15795] pgmajfault 0 [ 2316.999886][T15795] workingset_refault 0 [ 2316.999886][T15795] workingset_activate 0 [ 2316.999886][T15795] workingset_nodereclaim 0 [ 2316.999886][T15795] pgrefill 0 [ 2316.999886][T15795] pgscan 0 [ 2316.999886][T15795] pgsteal 0 [ 2316.999886][T15795] pgactivate 0 [ 2317.096443][T15795] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15795,uid=0 [ 2317.112108][T15795] Memory cgroup out of memory: Killed process 15795 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2317.131128][ T1833] oom_reaper: reaped process 15795 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2318.195087][ T893] device bridge_slave_1 left promiscuous mode [ 2318.201585][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2318.255382][ T893] device bridge_slave_0 left promiscuous mode [ 2318.261990][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2319.145474][ T893] device hsr_slave_0 left promiscuous mode [ 2319.202808][ T893] device hsr_slave_1 left promiscuous mode [ 2319.254348][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2319.269321][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2319.283975][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2319.340159][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2319.429768][ T893] bond0 (unregistering): Released all slaves 21:00:25 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r0, 0x65, 0x1, 0x0, 0xff7d) 21:00:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:25 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) 21:00:25 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x0, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x58, 0x0, &(0x7f0000000280)=[@acquire, @request_death, @release, @decrefs={0x40046304}, @dead_binder_done, @clear_death, @acquire_done], 0x0, 0x0, 0x0}) 21:00:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x14, r2, 0x25, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) 21:00:26 executing program 1: r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$kcm(0x11, 0x10000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f0000001a00)=r1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) r3 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000862000"], 0xb107) 21:00:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2320.843583][T15921] device nr0 entered promiscuous mode 21:00:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:27 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2321.132815][ C1] net_ratelimit: 12 callbacks suppressed [ 2321.132839][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2321.145264][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2321.151619][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2321.157676][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2321.163848][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2321.169988][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2321.650821][T16034] IPVS: ftp: loaded support on port[0] = 21 [ 2321.741991][T16034] chnl_net:caif_netlink_parms(): no params data found [ 2321.783695][T16034] bridge0: port 1(bridge_slave_0) entered blocking state [ 2321.790860][T16034] bridge0: port 1(bridge_slave_0) entered disabled state [ 2321.799900][T16034] device bridge_slave_0 entered promiscuous mode [ 2321.809251][T16034] bridge0: port 2(bridge_slave_1) entered blocking state [ 2321.816996][T16034] bridge0: port 2(bridge_slave_1) entered disabled state [ 2321.826564][T16034] device bridge_slave_1 entered promiscuous mode [ 2321.850765][T16034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2321.868101][T16034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2321.893832][T16034] team0: Port device team_slave_0 added [ 2321.902588][T16034] team0: Port device team_slave_1 added [ 2321.966731][T16034] device hsr_slave_0 entered promiscuous mode [ 2322.023914][T16034] device hsr_slave_1 entered promiscuous mode [ 2322.062579][T16034] debugfs: Directory 'hsr0' with parent '/' already present! [ 2322.088804][T16034] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.096302][T16034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2322.104090][T16034] bridge0: port 1(bridge_slave_0) entered blocking state [ 2322.111306][T16034] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2322.122782][ T5303] bridge0: port 1(bridge_slave_0) entered disabled state [ 2322.131754][ T5303] bridge0: port 2(bridge_slave_1) entered disabled state [ 2322.191548][T16034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2322.210281][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2322.219729][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2322.234249][T16034] 8021q: adding VLAN 0 to HW filter on device team0 [ 2322.247495][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2322.258780][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2322.268148][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2322.275308][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2322.291026][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2322.301110][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2322.310526][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.317714][ T5226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2322.334487][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2322.354539][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2322.365811][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2322.376322][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2322.387370][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2322.402608][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2322.413723][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2322.435321][T16034] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2322.445764][T16034] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2322.460633][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2322.470177][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2322.480564][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2322.490229][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2322.500530][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2322.532242][T16034] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2322.688109][T16040] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2322.698534][T16040] CPU: 0 PID: 16040 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2322.706581][T16040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2322.716843][T16040] Call Trace: [ 2322.720180][T16040] dump_stack+0x191/0x1f0 [ 2322.724564][T16040] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2322.730490][T16040] dump_header+0x1e7/0xd00 [ 2322.734939][T16040] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2322.741131][T16040] ? ___ratelimit+0x542/0x720 [ 2322.745835][T16040] ? task_will_free_mem+0x14c/0x810 [ 2322.751076][T16040] oom_kill_process+0x210/0x560 [ 2322.755958][T16040] out_of_memory+0x1796/0x1c70 [ 2322.760777][T16040] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2322.766531][T16040] memory_max_write+0x90b/0xb60 [ 2322.771436][T16040] ? memory_max_show+0x1b0/0x1b0 [ 2322.776419][T16040] cgroup_file_write+0x41a/0x8e0 [ 2322.781401][T16040] ? cgroup_seqfile_stop+0x150/0x150 [ 2322.786842][T16040] kernfs_fop_write+0x55f/0x840 [ 2322.791759][T16040] ? kernfs_fop_read+0x9a0/0x9a0 [ 2322.796721][T16040] __vfs_write+0x1a9/0xcb0 [ 2322.801191][T16040] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2322.807330][T16040] ? __sb_start_write+0x10b/0x230 [ 2322.812400][T16040] vfs_write+0x481/0x920 [ 2322.816666][T16040] ksys_write+0x265/0x430 [ 2322.821100][T16040] __se_sys_write+0x92/0xb0 [ 2322.825678][T16040] __x64_sys_write+0x4a/0x70 [ 2322.830321][T16040] do_syscall_64+0xb6/0x160 [ 2322.835107][T16040] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2322.841036][T16040] RIP: 0033:0x459a59 [ 2322.844953][T16040] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2322.864606][T16040] RSP: 002b:00007f7b0a3eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2322.873115][T16040] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2322.881108][T16040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2322.889134][T16040] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2322.897496][T16040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b0a3eb6d4 [ 2322.905517][T16040] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2322.914022][T16040] memory: usage 5188kB, limit 0kB, failcnt 3058 [ 2322.920340][T16040] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2322.927380][T16040] Memory cgroup stats for /syz5: [ 2322.927747][T16040] anon 139264 [ 2322.927747][T16040] file 2580480 [ 2322.927747][T16040] kernel_stack 196608 [ 2322.927747][T16040] slab 1986560 [ 2322.927747][T16040] sock 0 [ 2322.927747][T16040] shmem 2580480 [ 2322.927747][T16040] file_mapped 0 [ 2322.927747][T16040] file_dirty 0 [ 2322.927747][T16040] file_writeback 0 [ 2322.927747][T16040] anon_thp 0 [ 2322.927747][T16040] inactive_anon 2568192 [ 2322.927747][T16040] active_anon 233472 [ 2322.927747][T16040] inactive_file 0 [ 2322.927747][T16040] active_file 0 [ 2322.927747][T16040] unevictable 0 [ 2322.927747][T16040] slab_reclaimable 413696 [ 2322.927747][T16040] slab_unreclaimable 1572864 [ 2322.927747][T16040] pgfault 129822 [ 2322.927747][T16040] pgmajfault 0 [ 2322.927747][T16040] workingset_refault 0 [ 2322.927747][T16040] workingset_activate 0 [ 2322.927747][T16040] workingset_nodereclaim 0 [ 2322.927747][T16040] pgrefill 0 [ 2322.927747][T16040] pgscan 0 [ 2322.927747][T16040] pgsteal 0 [ 2322.927747][T16040] pgactivate 0 [ 2323.023737][T16040] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16038,uid=0 [ 2323.039774][T16040] Memory cgroup out of memory: Killed process 16038 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2323.059962][ T1833] oom_reaper: reaped process 16038 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2323.096454][T16034] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2323.106811][T16034] CPU: 0 PID: 16034 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2323.114747][T16034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2323.124829][T16034] Call Trace: [ 2323.128163][T16034] dump_stack+0x191/0x1f0 [ 2323.132523][T16034] dump_header+0x1e7/0xd00 [ 2323.136972][T16034] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2323.143450][T16034] ? ___ratelimit+0x542/0x720 [ 2323.148158][T16034] ? task_will_free_mem+0x2c9/0x810 [ 2323.153393][T16034] oom_kill_process+0x210/0x560 [ 2323.158286][T16034] out_of_memory+0x1796/0x1c70 [ 2323.163076][T16034] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2323.168729][T16034] try_charge+0x2889/0x3d70 [ 2323.173261][T16034] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2323.179505][T16034] mem_cgroup_try_charge+0xa29/0xe40 [ 2323.185976][T16034] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2323.191729][T16034] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2323.197639][T16034] handle_mm_fault+0x522b/0x9f70 [ 2323.202923][T16034] do_user_addr_fault+0x905/0x1510 [ 2323.208126][T16034] __do_page_fault+0x1a2/0x410 [ 2323.212935][T16034] do_page_fault+0xbb/0x500 [ 2323.217503][T16034] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2323.223562][T16034] page_fault+0x4e/0x60 [ 2323.227749][T16034] RIP: 0033:0x403522 [ 2323.231667][T16034] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2323.251429][T16034] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2323.257531][T16034] RAX: 0000000000000000 RBX: 0000000000237140 RCX: 0000000000413660 [ 2323.265522][T16034] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2323.273515][T16034] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000010cb940 [ 2323.281536][T16034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2323.290181][T16034] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2323.299223][T16034] memory: usage 4776kB, limit 0kB, failcnt 3073 [ 2323.305641][T16034] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2323.312645][T16034] Memory cgroup stats for /syz5: [ 2323.313005][T16034] anon 4096 [ 2323.313005][T16034] file 2580480 [ 2323.313005][T16034] kernel_stack 0 [ 2323.313005][T16034] slab 1986560 [ 2323.313005][T16034] sock 0 [ 2323.313005][T16034] shmem 2580480 [ 2323.313005][T16034] file_mapped 0 [ 2323.313005][T16034] file_dirty 0 [ 2323.313005][T16034] file_writeback 0 [ 2323.313005][T16034] anon_thp 0 [ 2323.313005][T16034] inactive_anon 2568192 [ 2323.313005][T16034] active_anon 98304 [ 2323.313005][T16034] inactive_file 0 [ 2323.313005][T16034] active_file 0 [ 2323.313005][T16034] unevictable 0 [ 2323.313005][T16034] slab_reclaimable 413696 [ 2323.313005][T16034] slab_unreclaimable 1572864 [ 2323.313005][T16034] pgfault 129822 [ 2323.313005][T16034] pgmajfault 0 [ 2323.313005][T16034] workingset_refault 0 [ 2323.313005][T16034] workingset_activate 0 [ 2323.313005][T16034] workingset_nodereclaim 0 [ 2323.313005][T16034] pgrefill 0 [ 2323.313005][T16034] pgscan 0 [ 2323.313005][T16034] pgsteal 0 [ 2323.313005][T16034] pgactivate 0 [ 2323.408405][T16034] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16034,uid=0 [ 2323.424163][T16034] Memory cgroup out of memory: Killed process 16034 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2323.443411][ T1833] oom_reaper: reaped process 16034 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2324.474339][ T893] device bridge_slave_1 left promiscuous mode [ 2324.480815][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2324.524097][ T893] device bridge_slave_0 left promiscuous mode [ 2324.530640][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2325.332864][ T893] device hsr_slave_0 left promiscuous mode [ 2325.383023][ T893] device hsr_slave_1 left promiscuous mode [ 2325.445691][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2325.459972][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2325.475050][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2325.528951][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2325.619864][ T893] bond0 (unregistering): Released all slaves 21:00:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)) write(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x10000000002) 21:00:35 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000040)) 21:00:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x0, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:35 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000100)={'security\x00', 0x4, "bf7bfc6c"}, &(0x7f0000000040)=0x28) 21:00:35 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x802102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x37) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3f, 0x0, 0x0, 0x1, 0x116, 0xffffffffffffffff}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 21:00:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffe}}, 0xe8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) 21:00:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) getpid() pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mknod$loop(0x0, 0x2000, 0x1) open$dir(0x0, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 21:00:35 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2331.145716][T16277] IPVS: ftp: loaded support on port[0] = 21 [ 2331.235816][T16277] chnl_net:caif_netlink_parms(): no params data found [ 2331.277013][T16277] bridge0: port 1(bridge_slave_0) entered blocking state [ 2331.284369][T16277] bridge0: port 1(bridge_slave_0) entered disabled state [ 2331.293463][T16277] device bridge_slave_0 entered promiscuous mode [ 2331.302194][T16277] bridge0: port 2(bridge_slave_1) entered blocking state [ 2331.309594][T16277] bridge0: port 2(bridge_slave_1) entered disabled state [ 2331.318433][T16277] device bridge_slave_1 entered promiscuous mode [ 2331.343364][T16277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2331.355937][T16277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2331.381964][T16277] team0: Port device team_slave_0 added [ 2331.392545][T16277] team0: Port device team_slave_1 added [ 2331.456695][T16277] device hsr_slave_0 entered promiscuous mode [ 2331.513700][T16277] device hsr_slave_1 entered promiscuous mode [ 2331.552562][T16277] debugfs: Directory 'hsr0' with parent '/' already present! [ 2331.574874][T16277] bridge0: port 2(bridge_slave_1) entered blocking state [ 2331.582006][T16277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2331.589808][T16277] bridge0: port 1(bridge_slave_0) entered blocking state [ 2331.597102][T16277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2331.655428][T16277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2331.671402][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2331.684703][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2331.694162][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2331.705326][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2331.720992][T16277] 8021q: adding VLAN 0 to HW filter on device team0 [ 2331.735542][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2331.744718][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 2331.751906][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2331.775779][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2331.786663][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 2331.793900][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2331.810059][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2331.820801][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2331.844755][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2331.855276][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2331.875398][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2331.887401][T16277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2331.916716][T16277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2332.037449][T16284] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2332.047882][T16284] CPU: 0 PID: 16284 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2332.055974][T16284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2332.066154][T16284] Call Trace: [ 2332.069584][T16284] dump_stack+0x191/0x1f0 [ 2332.073947][T16284] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2332.079892][T16284] dump_header+0x1e7/0xd00 [ 2332.084390][T16284] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2332.090576][T16284] ? ___ratelimit+0x542/0x720 [ 2332.095280][T16284] ? task_will_free_mem+0x14c/0x810 [ 2332.100781][T16284] oom_kill_process+0x210/0x560 [ 2332.105662][T16284] out_of_memory+0x1796/0x1c70 [ 2332.110660][T16284] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2332.116463][T16284] memory_max_write+0x90b/0xb60 [ 2332.121452][T16284] ? memory_max_show+0x1b0/0x1b0 [ 2332.126482][T16284] cgroup_file_write+0x41a/0x8e0 [ 2332.131884][T16284] ? cgroup_seqfile_stop+0x150/0x150 [ 2332.137574][T16284] kernfs_fop_write+0x55f/0x840 [ 2332.143127][T16284] ? kernfs_fop_read+0x9a0/0x9a0 [ 2332.148103][T16284] __vfs_write+0x1a9/0xcb0 [ 2332.152576][T16284] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2332.158937][T16284] ? __sb_start_write+0x10b/0x230 [ 2332.164010][T16284] vfs_write+0x481/0x920 [ 2332.168285][T16284] ksys_write+0x265/0x430 [ 2332.172858][T16284] __se_sys_write+0x92/0xb0 [ 2332.177515][T16284] __x64_sys_write+0x4a/0x70 [ 2332.182278][T16284] do_syscall_64+0xb6/0x160 [ 2332.186936][T16284] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2332.192850][T16284] RIP: 0033:0x459a59 [ 2332.196791][T16284] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2332.216653][T16284] RSP: 002b:00007f15bf8e9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2332.225100][T16284] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2332.233093][T16284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2332.241169][T16284] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2332.249255][T16284] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15bf8ea6d4 [ 2332.257258][T16284] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2332.265448][T16284] memory: usage 5272kB, limit 0kB, failcnt 3082 [ 2332.271760][T16284] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2332.278956][T16284] Memory cgroup stats for /syz5: [ 2332.279275][T16284] anon 4096 [ 2332.279275][T16284] file 2588672 [ 2332.279275][T16284] kernel_stack 196608 [ 2332.279275][T16284] slab 1986560 [ 2332.279275][T16284] sock 0 [ 2332.279275][T16284] shmem 2588672 [ 2332.279275][T16284] file_mapped 0 [ 2332.279275][T16284] file_dirty 0 [ 2332.279275][T16284] file_writeback 0 [ 2332.279275][T16284] anon_thp 0 [ 2332.279275][T16284] inactive_anon 2568192 [ 2332.279275][T16284] active_anon 98304 [ 2332.279275][T16284] inactive_file 0 [ 2332.279275][T16284] active_file 0 [ 2332.279275][T16284] unevictable 0 [ 2332.279275][T16284] slab_reclaimable 413696 [ 2332.279275][T16284] slab_unreclaimable 1572864 [ 2332.279275][T16284] pgfault 130416 [ 2332.279275][T16284] pgmajfault 0 [ 2332.279275][T16284] workingset_refault 0 [ 2332.279275][T16284] workingset_activate 0 [ 2332.279275][T16284] workingset_nodereclaim 0 [ 2332.279275][T16284] pgrefill 0 [ 2332.279275][T16284] pgscan 0 [ 2332.279275][T16284] pgsteal 0 [ 2332.279275][T16284] pgactivate 0 [ 2332.377995][T16284] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16282,uid=0 [ 2332.396989][T16284] Memory cgroup out of memory: Killed process 16282 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2332.418252][ T1833] oom_reaper: reaped process 16282 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2332.463647][T16277] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2332.474557][T16277] CPU: 1 PID: 16277 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2332.482522][T16277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2332.492605][T16277] Call Trace: [ 2332.495949][T16277] dump_stack+0x191/0x1f0 [ 2332.500307][T16277] dump_header+0x1e7/0xd00 [ 2332.504749][T16277] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2332.510930][T16277] ? ___ratelimit+0x542/0x720 [ 2332.515640][T16277] ? task_will_free_mem+0x2c9/0x810 [ 2332.523659][T16277] oom_kill_process+0x210/0x560 [ 2332.528583][T16277] out_of_memory+0x1796/0x1c70 [ 2332.533416][T16277] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2332.539112][T16277] try_charge+0x2889/0x3d70 [ 2332.543659][T16277] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2332.549862][T16277] mem_cgroup_try_charge+0xa29/0xe40 [ 2332.555196][T16277] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2332.560932][T16277] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2332.567105][T16277] handle_mm_fault+0x522b/0x9f70 [ 2332.572165][T16277] do_user_addr_fault+0x905/0x1510 [ 2332.577338][T16277] __do_page_fault+0x1a2/0x410 [ 2332.582136][T16277] do_page_fault+0xbb/0x500 [ 2332.586683][T16277] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2332.592083][T16277] page_fault+0x4e/0x60 [ 2332.596276][T16277] RIP: 0033:0x403522 [ 2332.600190][T16277] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2332.620009][T16277] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2332.626091][T16277] RAX: 0000000000000000 RBX: 00000000002395c2 RCX: 0000000000413660 [ 2332.634202][T16277] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2332.642222][T16277] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000025d9940 [ 2332.650250][T16277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2332.658278][T16277] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2332.666461][T16277] memory: usage 4848kB, limit 0kB, failcnt 3097 [ 2332.672846][T16277] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2332.679722][T16277] Memory cgroup stats for /syz5: [ 2332.679913][T16277] anon 4096 [ 2332.679913][T16277] file 2588672 [ 2332.679913][T16277] kernel_stack 0 [ 2332.679913][T16277] slab 1986560 [ 2332.679913][T16277] sock 0 [ 2332.679913][T16277] shmem 2588672 [ 2332.679913][T16277] file_mapped 0 [ 2332.679913][T16277] file_dirty 0 [ 2332.679913][T16277] file_writeback 0 [ 2332.679913][T16277] anon_thp 0 [ 2332.679913][T16277] inactive_anon 2568192 [ 2332.679913][T16277] active_anon 98304 [ 2332.679913][T16277] inactive_file 0 [ 2332.679913][T16277] active_file 0 [ 2332.679913][T16277] unevictable 0 [ 2332.679913][T16277] slab_reclaimable 413696 [ 2332.679913][T16277] slab_unreclaimable 1572864 [ 2332.679913][T16277] pgfault 130416 [ 2332.679913][T16277] pgmajfault 0 [ 2332.679913][T16277] workingset_refault 0 [ 2332.679913][T16277] workingset_activate 0 [ 2332.679913][T16277] workingset_nodereclaim 0 [ 2332.679913][T16277] pgrefill 0 [ 2332.679913][T16277] pgscan 0 [ 2332.679913][T16277] pgsteal 0 [ 2332.679913][T16277] pgactivate 0 [ 2332.777437][T16277] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16277,uid=0 [ 2332.793177][T16277] Memory cgroup out of memory: Killed process 16277 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 2332.812061][ T1833] oom_reaper: reaped process 16277 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2333.864927][ T893] device bridge_slave_1 left promiscuous mode [ 2333.871416][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2333.914883][ T893] device bridge_slave_0 left promiscuous mode [ 2333.921537][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2334.743599][ T893] device hsr_slave_0 left promiscuous mode [ 2334.783077][ T893] device hsr_slave_1 left promiscuous mode [ 2334.866439][ T893] team0 (unregistering): Port device team_slave_1 removed [ 2334.880125][ T893] team0 (unregistering): Port device team_slave_0 removed [ 2334.894865][ T893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2334.939307][ T893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2335.006682][ T893] bond0 (unregistering): Released all slaves 21:00:42 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x400000000000038) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x2000008, 0x40000000000000, 0x1a}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 21:00:42 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) getpgrp(r0) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}, 0x80000000}, {{&(0x7f0000000840)=@nfc, 0x80, &(0x7f0000001b00)=[{&(0x7f00000008c0)=""/226, 0xe2}, {&(0x7f00000009c0)=""/117, 0x75}, {&(0x7f0000000180)=""/14, 0xe}, {&(0x7f0000000240)=""/54, 0x36}, {&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/162, 0xa2}], 0x6, &(0x7f0000001b80)=""/202, 0xca}, 0x2}, {{&(0x7f0000001fc0)=@nfc, 0x80, &(0x7f00000034c0)=[{&(0x7f0000004a00)=""/168, 0xa8}, {0x0}, {&(0x7f0000002280)=""/126, 0x7e}, {0x0}, {&(0x7f00000033c0)=""/184, 0xb8}, {0x0}], 0x6, &(0x7f0000003580)=""/78, 0x4e}}, {{&(0x7f0000003600)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000004800)=""/132, 0x84}}], 0x4, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) open(&(0x7f0000000140)='./bus\x00', 0x145042, 0x0) getgroups(0x1, &(0x7f00000002c0)=[0xee00]) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) sched_setattr(r0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(r3, &(0x7f0000000680)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x0, 0x80800) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') preadv(r5, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) setsockopt$inet_tcp_int(r5, 0x6, 0x2, &(0x7f0000000000)=0xfffffffb, 0x4) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, 0x0, 0x1) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f0000001cc0)={&(0x7f0000000700), 0xc, 0x0, 0x1, 0x0, 0x0, 0x24040054}, 0x1) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) 21:00:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x0, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:42 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x6000000, 0x100000001, 0x6000000, 0x1}, 0x1c) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000000), 0x4) dup2(r0, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2338.057073][T16403] IPVS: ftp: loaded support on port[0] = 21 [ 2338.160857][T16403] chnl_net:caif_netlink_parms(): no params data found [ 2338.205003][T16403] bridge0: port 1(bridge_slave_0) entered blocking state [ 2338.212190][T16403] bridge0: port 1(bridge_slave_0) entered disabled state [ 2338.221501][T16403] device bridge_slave_0 entered promiscuous mode [ 2338.230947][T16403] bridge0: port 2(bridge_slave_1) entered blocking state [ 2338.238397][T16403] bridge0: port 2(bridge_slave_1) entered disabled state [ 2338.247713][T16403] device bridge_slave_1 entered promiscuous mode [ 2338.274829][T16403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2338.287893][T16403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:00:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) sysfs$2(0x2, 0x0, &(0x7f0000000400)=""/40) 21:00:44 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:44 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2338.324689][T16403] team0: Port device team_slave_0 added [ 2338.336341][T16403] team0: Port device team_slave_1 added 21:00:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2338.450133][T16403] device hsr_slave_0 entered promiscuous mode 21:00:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2338.493970][T16403] device hsr_slave_1 entered promiscuous mode [ 2338.514383][T16403] debugfs: Directory 'hsr0' with parent '/' already present! 21:00:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2338.603705][T16403] bridge0: port 2(bridge_slave_1) entered blocking state [ 2338.611138][T16403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2338.619009][T16403] bridge0: port 1(bridge_slave_0) entered blocking state [ 2338.626498][T16403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2338.777926][T16403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2338.795021][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2338.805775][T12782] bridge0: port 1(bridge_slave_0) entered disabled state [ 2338.814497][T12782] bridge0: port 2(bridge_slave_1) entered disabled state [ 2338.826474][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2338.843868][T16403] 8021q: adding VLAN 0 to HW filter on device team0 [ 2338.857836][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2338.867404][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 2338.875366][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2338.896010][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2338.906177][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2338.913502][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2338.947366][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2338.958260][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2338.969281][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2338.994405][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2339.004064][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2339.018434][T16403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2339.051250][T16403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2339.188102][T16530] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2339.198617][T16530] CPU: 1 PID: 16530 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2339.206538][T16530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.216661][T16530] Call Trace: [ 2339.220101][T16530] dump_stack+0x191/0x1f0 [ 2339.224586][T16530] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2339.231999][T16530] dump_header+0x1e7/0xd00 [ 2339.236467][T16530] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2339.242655][T16530] ? ___ratelimit+0x542/0x720 [ 2339.247365][T16530] ? task_will_free_mem+0x14c/0x810 [ 2339.252596][T16530] oom_kill_process+0x210/0x560 [ 2339.257476][T16530] out_of_memory+0x1796/0x1c70 [ 2339.262297][T16530] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2339.268014][T16530] memory_max_write+0x90b/0xb60 [ 2339.272942][T16530] ? memory_max_show+0x1b0/0x1b0 [ 2339.277994][T16530] cgroup_file_write+0x41a/0x8e0 [ 2339.283236][T16530] ? cgroup_seqfile_stop+0x150/0x150 [ 2339.288758][T16530] kernfs_fop_write+0x55f/0x840 [ 2339.293688][T16530] ? kernfs_fop_read+0x9a0/0x9a0 [ 2339.298640][T16530] __vfs_write+0x1a9/0xcb0 [ 2339.303217][T16530] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2339.309326][T16530] ? __sb_start_write+0x10b/0x230 [ 2339.314453][T16530] vfs_write+0x481/0x920 [ 2339.318819][T16530] ksys_write+0x265/0x430 [ 2339.323202][T16530] __se_sys_write+0x92/0xb0 [ 2339.327753][T16530] __x64_sys_write+0x4a/0x70 [ 2339.332429][T16530] do_syscall_64+0xb6/0x160 [ 2339.337041][T16530] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2339.342976][T16530] RIP: 0033:0x459a59 [ 2339.346893][T16530] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2339.367579][T16530] RSP: 002b:00007f0ede5d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2339.376192][T16530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2339.384196][T16530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2339.392306][T16530] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2339.400321][T16530] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ede5d76d4 [ 2339.408310][T16530] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2339.416694][T16530] memory: usage 4804kB, limit 0kB, failcnt 3106 [ 2339.423032][T16530] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.430067][T16530] Memory cgroup stats for /syz5: [ 2339.430273][T16530] anon 139264 [ 2339.430273][T16530] file 2318336 [ 2339.430273][T16530] kernel_stack 196608 [ 2339.430273][T16530] slab 1986560 [ 2339.430273][T16530] sock 0 [ 2339.430273][T16530] shmem 2318336 [ 2339.430273][T16530] file_mapped 0 [ 2339.430273][T16530] file_dirty 0 [ 2339.430273][T16530] file_writeback 0 [ 2339.430273][T16530] anon_thp 0 [ 2339.430273][T16530] inactive_anon 2297856 [ 2339.430273][T16530] active_anon 98304 [ 2339.430273][T16530] inactive_file 0 [ 2339.430273][T16530] active_file 0 [ 2339.430273][T16530] unevictable 0 [ 2339.430273][T16530] slab_reclaimable 413696 [ 2339.430273][T16530] slab_unreclaimable 1572864 [ 2339.430273][T16530] pgfault 130977 [ 2339.430273][T16530] pgmajfault 0 [ 2339.430273][T16530] workingset_refault 0 [ 2339.430273][T16530] workingset_activate 0 [ 2339.430273][T16530] workingset_nodereclaim 0 [ 2339.430273][T16530] pgrefill 0 [ 2339.430273][T16530] pgscan 0 [ 2339.430273][T16530] pgsteal 0 [ 2339.430273][T16530] pgactivate 0 [ 2339.525708][T16530] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16528,uid=0 [ 2339.541397][T16530] Memory cgroup out of memory: Killed process 16528 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2339.561671][ T1833] oom_reaper: reaped process 16528 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2339.595827][T16403] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2339.606879][T16403] CPU: 0 PID: 16403 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2339.614915][T16403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.624976][T16403] Call Trace: [ 2339.628298][T16403] dump_stack+0x191/0x1f0 [ 2339.633081][T16403] dump_header+0x1e7/0xd00 [ 2339.637545][T16403] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2339.643861][T16403] ? ___ratelimit+0x542/0x720 [ 2339.648572][T16403] ? task_will_free_mem+0x2c9/0x810 [ 2339.653819][T16403] oom_kill_process+0x210/0x560 [ 2339.658710][T16403] out_of_memory+0x1796/0x1c70 [ 2339.663512][T16403] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2339.669191][T16403] try_charge+0x2889/0x3d70 [ 2339.673747][T16403] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2339.679975][T16403] mem_cgroup_try_charge+0xa29/0xe40 [ 2339.685308][T16403] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2339.691331][T16403] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2339.697275][T16403] handle_mm_fault+0x522b/0x9f70 [ 2339.702333][T16403] do_user_addr_fault+0x905/0x1510 [ 2339.707517][T16403] __do_page_fault+0x1a2/0x410 [ 2339.712574][T16403] do_page_fault+0xbb/0x500 [ 2339.717124][T16403] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2339.722528][T16403] page_fault+0x4e/0x60 [ 2339.726700][T16403] RIP: 0033:0x403522 [ 2339.731488][T16403] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2339.751293][T16403] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2339.757408][T16403] RAX: 0000000000000000 RBX: 000000000023b1b3 RCX: 0000000000413660 [ 2339.765587][T16403] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2339.773585][T16403] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000010b0940 [ 2339.781764][T16403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2339.789890][T16403] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2339.798918][T16403] memory: usage 4384kB, limit 0kB, failcnt 3121 [ 2339.805361][T16403] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.812877][T16403] Memory cgroup stats for /syz5: [ 2339.813216][T16403] anon 139264 [ 2339.813216][T16403] file 2318336 [ 2339.813216][T16403] kernel_stack 0 [ 2339.813216][T16403] slab 1986560 [ 2339.813216][T16403] sock 0 [ 2339.813216][T16403] shmem 2318336 [ 2339.813216][T16403] file_mapped 0 [ 2339.813216][T16403] file_dirty 0 [ 2339.813216][T16403] file_writeback 0 [ 2339.813216][T16403] anon_thp 0 [ 2339.813216][T16403] inactive_anon 2297856 [ 2339.813216][T16403] active_anon 98304 [ 2339.813216][T16403] inactive_file 0 [ 2339.813216][T16403] active_file 0 [ 2339.813216][T16403] unevictable 0 [ 2339.813216][T16403] slab_reclaimable 413696 [ 2339.813216][T16403] slab_unreclaimable 1572864 [ 2339.813216][T16403] pgfault 130977 [ 2339.813216][T16403] pgmajfault 0 [ 2339.813216][T16403] workingset_refault 0 [ 2339.813216][T16403] workingset_activate 0 [ 2339.813216][T16403] workingset_nodereclaim 0 [ 2339.813216][T16403] pgrefill 0 [ 2339.813216][T16403] pgscan 0 [ 2339.813216][T16403] pgsteal 0 [ 2339.813216][T16403] pgactivate 0 [ 2339.909713][T16403] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16403,uid=0 [ 2339.925358][T16403] Memory cgroup out of memory: Killed process 16403 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2339.945438][ T1833] oom_reaper: reaped process 16403 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2340.964600][ T9367] device bridge_slave_1 left promiscuous mode [ 2340.971186][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2341.014364][ T9367] device bridge_slave_0 left promiscuous mode [ 2341.021313][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2341.803778][ T9367] device hsr_slave_0 left promiscuous mode [ 2341.843004][ T9367] device hsr_slave_1 left promiscuous mode [ 2341.893539][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2341.907220][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2341.920500][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2341.958799][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2342.037402][ T9367] bond0 (unregistering): Released all slaves 21:00:49 executing program 2: ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="5800000000000000140100000700000080000000f7ffffff", @ANYPTR=&(0x7f0000000040)=ANY=[], @ANYPTR, @ANYBLOB="06000000000000000101000000000000090000000000000000000300000000025400000014000000ff00000000000000"], 0x58}, 0x0) 21:00:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f00000000c0)=[@increfs_done], 0x0, 0x0, 0x0}) 21:00:49 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:49 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x0, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2345.146503][T16642] IPVS: ftp: loaded support on port[0] = 21 [ 2345.253173][T16642] chnl_net:caif_netlink_parms(): no params data found [ 2345.297741][T16642] bridge0: port 1(bridge_slave_0) entered blocking state [ 2345.305035][T16642] bridge0: port 1(bridge_slave_0) entered disabled state [ 2345.316190][T16642] device bridge_slave_0 entered promiscuous mode [ 2345.325914][T16642] bridge0: port 2(bridge_slave_1) entered blocking state [ 2345.333243][T16642] bridge0: port 2(bridge_slave_1) entered disabled state [ 2345.342035][T16642] device bridge_slave_1 entered promiscuous mode [ 2345.369081][T16642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2345.381873][T16642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2345.409298][T16642] team0: Port device team_slave_0 added [ 2345.418172][T16642] team0: Port device team_slave_1 added [ 2345.476831][T16642] device hsr_slave_0 entered promiscuous mode [ 2345.523626][T16642] device hsr_slave_1 entered promiscuous mode [ 2345.574125][T16642] debugfs: Directory 'hsr0' with parent '/' already present! [ 2345.609670][T16642] bridge0: port 2(bridge_slave_1) entered blocking state [ 2345.617004][T16642] bridge0: port 2(bridge_slave_1) entered forwarding state 21:00:51 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0), 0x2000000000000027, 0x90) 21:00:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:51 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendmsg$nl_netfilter(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000cc0)=ANY=[@ANYPTR, @ANYBLOB="49c6499c757b67f681ec6af99b728ffb3b1eaf5fb9be26e8c474c503de42feeec693603e074058253ff55d42f9ec0c12f708e38077a7dd43ec1d5b5e567edb4940f06ca4fc921d2621d39a00000000000000bb0800610062627200dc00890008008700ffffffff0332dbce860e406186359b488c0131bb7341ca12dcbb9af7cd74bfba47d2316f07cc6cb96ed6747390561567e1c881c823492b5f467153b91df7b96bec7e48c4921489be8dd8b1062ee38108167750e194cf06f896542516081f6fe91425a9f858b125a6c2a3a39ee42abe8f5b9505e965a7f0545162d106c7ea7e1f815d66ffff326dbbd9cef1a05345a3ec7517c60f3b05767bab26e941cf6cf368e8cfb59f4daeddc53d804191462abdee3daa244f0787ef6fad3d6152fb689cc71faf5959ef25f6353fba1a2281a100008407cee579d0ca07168af43e7e976bffe4fe7d51bcd6417c1e9ed310f3ebb84e2945b8f1d08414d677155c359fff31c0979667afc45438b633d98f05a1b85b22effb858c70eca7f9472af67f2d67f78028088784a343695b89d15ca08c707e2288b53c33e48d9dc3e092765d5b2127e7d74114114ebbe9145e82e62b46a5f63f542cfd0b5071c37a0f080c55f6d99e2af2ae2d3514837110d6e49c594698c156aba574809ee1d701c6139357954bd43d03b66ee5f874d2d6e00b9bd89f995c9f211417673720a028ceaafc552840"], 0x209}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac623ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a92825a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x104eb, 0x11, 0x0, 0x27) 21:00:51 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x7a4, 0x1a0ffffffff, &(0x7f0000000200)="5c71f905cac413551b2ac06c0800", 0x0, 0x4000}, 0x28) [ 2345.624909][T16642] bridge0: port 1(bridge_slave_0) entered blocking state [ 2345.632134][T16642] bridge0: port 1(bridge_slave_0) entered forwarding state 21:00:51 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfdee}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) 21:00:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2345.804396][T16642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2345.843212][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 21:00:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2345.865137][ T5303] bridge0: port 1(bridge_slave_0) entered disabled state [ 2345.878439][ T5303] bridge0: port 2(bridge_slave_1) entered disabled state [ 2345.892992][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2345.916631][T16642] 8021q: adding VLAN 0 to HW filter on device team0 [ 2345.961505][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2345.972073][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 2345.979448][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state 21:00:52 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfdee}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) [ 2346.006057][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2346.016930][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 2346.024303][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2346.061501][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2346.105931][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2346.116186][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2346.149840][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2346.168480][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2346.189754][T16642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2346.245665][T16642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2346.389665][T16770] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2346.400711][T16770] CPU: 1 PID: 16770 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2346.408656][T16770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2346.418727][T16770] Call Trace: [ 2346.422070][T16770] dump_stack+0x191/0x1f0 [ 2346.426534][T16770] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2346.432475][T16770] dump_header+0x1e7/0xd00 [ 2346.436954][T16770] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2346.443168][T16770] ? ___ratelimit+0x542/0x720 [ 2346.447886][T16770] ? task_will_free_mem+0x14c/0x810 [ 2346.453151][T16770] oom_kill_process+0x210/0x560 [ 2346.458046][T16770] out_of_memory+0x1796/0x1c70 [ 2346.462828][T16770] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2346.468481][T16770] memory_max_write+0x90b/0xb60 [ 2346.473428][T16770] ? memory_max_show+0x1b0/0x1b0 [ 2346.478408][T16770] cgroup_file_write+0x41a/0x8e0 [ 2346.483371][T16770] ? cgroup_seqfile_stop+0x150/0x150 [ 2346.488754][T16770] kernfs_fop_write+0x55f/0x840 [ 2346.493663][T16770] ? kernfs_fop_read+0x9a0/0x9a0 [ 2346.498716][T16770] __vfs_write+0x1a9/0xcb0 [ 2346.503184][T16770] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2346.509267][T16770] ? __sb_start_write+0x10b/0x230 [ 2346.514330][T16770] vfs_write+0x481/0x920 [ 2346.518699][T16770] ksys_write+0x265/0x430 [ 2346.523048][T16770] __se_sys_write+0x92/0xb0 [ 2346.527740][T16770] __x64_sys_write+0x4a/0x70 [ 2346.532368][T16770] do_syscall_64+0xb6/0x160 [ 2346.536908][T16770] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2346.542867][T16770] RIP: 0033:0x459a59 [ 2346.546795][T16770] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2346.566425][T16770] RSP: 002b:00007fa73b250c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2346.575570][T16770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2346.583844][T16770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2346.591880][T16770] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2346.600193][T16770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa73b2516d4 [ 2346.608206][T16770] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2346.616343][T16770] memory: usage 5236kB, limit 0kB, failcnt 3130 [ 2346.622710][T16770] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2346.630813][T16770] Memory cgroup stats for /syz5: [ 2346.631072][T16770] anon 139264 [ 2346.631072][T16770] file 2674688 [ 2346.631072][T16770] kernel_stack 196608 [ 2346.631072][T16770] slab 1986560 [ 2346.631072][T16770] sock 0 [ 2346.631072][T16770] shmem 2674688 [ 2346.631072][T16770] file_mapped 0 [ 2346.631072][T16770] file_dirty 0 [ 2346.631072][T16770] file_writeback 0 [ 2346.631072][T16770] anon_thp 0 [ 2346.631072][T16770] inactive_anon 2838528 [ 2346.631072][T16770] active_anon 233472 [ 2346.631072][T16770] inactive_file 0 [ 2346.631072][T16770] active_file 0 [ 2346.631072][T16770] unevictable 0 [ 2346.631072][T16770] slab_reclaimable 413696 [ 2346.631072][T16770] slab_unreclaimable 1572864 [ 2346.631072][T16770] pgfault 131571 [ 2346.631072][T16770] pgmajfault 0 [ 2346.631072][T16770] workingset_refault 0 [ 2346.631072][T16770] workingset_activate 0 [ 2346.631072][T16770] workingset_nodereclaim 0 [ 2346.631072][T16770] pgrefill 0 [ 2346.631072][T16770] pgscan 0 [ 2346.631072][T16770] pgsteal 0 [ 2346.631072][T16770] pgactivate 0 [ 2346.727533][T16770] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16768,uid=0 [ 2346.743240][T16770] Memory cgroup out of memory: Killed process 16768 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2346.764695][ T1833] oom_reaper: reaped process 16768 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2346.802131][T16642] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2346.813212][T16642] CPU: 0 PID: 16642 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2346.821148][T16642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2346.831246][T16642] Call Trace: [ 2346.834627][T16642] dump_stack+0x191/0x1f0 [ 2346.839549][T16642] dump_header+0x1e7/0xd00 [ 2346.843992][T16642] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2346.850193][T16642] ? ___ratelimit+0x542/0x720 [ 2346.854919][T16642] ? task_will_free_mem+0x2c9/0x810 [ 2346.860175][T16642] oom_kill_process+0x210/0x560 [ 2346.865107][T16642] out_of_memory+0x1796/0x1c70 [ 2346.869913][T16642] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2346.875578][T16642] try_charge+0x2889/0x3d70 [ 2346.880103][T16642] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2346.886311][T16642] mem_cgroup_try_charge+0xa29/0xe40 [ 2346.891717][T16642] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2346.897479][T16642] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2346.903406][T16642] handle_mm_fault+0x522b/0x9f70 [ 2346.908515][T16642] do_user_addr_fault+0x905/0x1510 [ 2346.913695][T16642] __do_page_fault+0x1a2/0x410 [ 2346.918490][T16642] do_page_fault+0xbb/0x500 [ 2346.923300][T16642] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2346.928713][T16642] page_fault+0x4e/0x60 [ 2346.933074][T16642] RIP: 0033:0x403522 [ 2346.936997][T16642] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2346.957320][T16642] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2346.963582][T16642] RAX: 0000000000000000 RBX: 000000000023cdd4 RCX: 0000000000413660 [ 2346.971850][T16642] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2346.979834][T16642] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000014b1940 [ 2346.987815][T16642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2346.995989][T16642] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2347.005294][T16642] memory: usage 4820kB, limit 0kB, failcnt 3145 [ 2347.011641][T16642] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2347.018664][T16642] Memory cgroup stats for /syz5: [ 2347.019000][T16642] anon 4096 [ 2347.019000][T16642] file 2674688 [ 2347.019000][T16642] kernel_stack 0 [ 2347.019000][T16642] slab 1986560 [ 2347.019000][T16642] sock 0 [ 2347.019000][T16642] shmem 2674688 [ 2347.019000][T16642] file_mapped 0 [ 2347.019000][T16642] file_dirty 0 [ 2347.019000][T16642] file_writeback 0 [ 2347.019000][T16642] anon_thp 0 [ 2347.019000][T16642] inactive_anon 2838528 [ 2347.019000][T16642] active_anon 98304 [ 2347.019000][T16642] inactive_file 0 [ 2347.019000][T16642] active_file 0 [ 2347.019000][T16642] unevictable 0 [ 2347.019000][T16642] slab_reclaimable 413696 [ 2347.019000][T16642] slab_unreclaimable 1572864 [ 2347.019000][T16642] pgfault 131571 [ 2347.019000][T16642] pgmajfault 0 [ 2347.019000][T16642] workingset_refault 0 [ 2347.019000][T16642] workingset_activate 0 [ 2347.019000][T16642] workingset_nodereclaim 0 [ 2347.019000][T16642] pgrefill 0 [ 2347.019000][T16642] pgscan 0 [ 2347.019000][T16642] pgsteal 0 [ 2347.019000][T16642] pgactivate 0 [ 2347.122582][T16642] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16642,uid=0 [ 2347.138191][T16642] Memory cgroup out of memory: Killed process 16642 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2347.157082][ T1833] oom_reaper: reaped process 16642 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2348.314726][T14927] device bridge_slave_1 left promiscuous mode [ 2348.321295][T14927] bridge0: port 2(bridge_slave_1) entered disabled state [ 2348.364072][T14927] device bridge_slave_0 left promiscuous mode [ 2348.370579][T14927] bridge0: port 1(bridge_slave_0) entered disabled state 21:00:54 executing program 2: 21:00:54 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x29) ptrace$cont(0x9, r1, 0x0, 0x7) 21:00:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:54 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2349.563169][T14927] device hsr_slave_0 left promiscuous mode [ 2349.602632][T14927] device hsr_slave_1 left promiscuous mode [ 2349.653576][T14927] team0 (unregistering): Port device team_slave_1 removed [ 2349.666890][T14927] team0 (unregistering): Port device team_slave_0 removed [ 2349.681312][T14927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2349.728156][T14927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2349.818305][T14927] bond0 (unregistering): Released all slaves [ 2350.490266][T16882] IPVS: ftp: loaded support on port[0] = 21 [ 2350.590558][T16882] chnl_net:caif_netlink_parms(): no params data found [ 2350.637831][T16882] bridge0: port 1(bridge_slave_0) entered blocking state [ 2350.645280][T16882] bridge0: port 1(bridge_slave_0) entered disabled state [ 2350.655186][T16882] device bridge_slave_0 entered promiscuous mode [ 2350.665324][T16882] bridge0: port 2(bridge_slave_1) entered blocking state [ 2350.672637][T16882] bridge0: port 2(bridge_slave_1) entered disabled state [ 2350.682136][T16882] device bridge_slave_1 entered promiscuous mode [ 2350.709600][T16882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2350.723155][T16882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2350.749794][T16882] team0: Port device team_slave_0 added [ 2350.758678][T16882] team0: Port device team_slave_1 added [ 2350.826479][T16882] device hsr_slave_0 entered promiscuous mode [ 2350.873836][T16882] device hsr_slave_1 entered promiscuous mode [ 2350.932571][T16882] debugfs: Directory 'hsr0' with parent '/' already present! [ 2351.015130][T16882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2351.033056][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2351.041601][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2351.057403][T16882] 8021q: adding VLAN 0 to HW filter on device team0 [ 2351.069784][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2351.079472][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2351.088284][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2351.097074][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2351.107137][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2351.120473][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2351.130859][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2351.140147][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2351.147323][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2351.173899][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2351.184388][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2351.195394][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2351.205711][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2351.215241][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2351.225710][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2351.236253][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2351.251321][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2351.261055][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2351.278360][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2351.288165][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2351.303841][T16882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2351.335599][T16882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2351.469166][T16887] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2351.479559][T16887] CPU: 1 PID: 16887 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2351.487488][T16887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2351.497562][T16887] Call Trace: [ 2351.501087][T16887] dump_stack+0x191/0x1f0 [ 2351.505474][T16887] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2351.511538][T16887] dump_header+0x1e7/0xd00 [ 2351.516059][T16887] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2351.522298][T16887] ? ___ratelimit+0x542/0x720 [ 2351.527278][T16887] ? task_will_free_mem+0x14c/0x810 [ 2351.532610][T16887] oom_kill_process+0x210/0x560 [ 2351.537681][T16887] out_of_memory+0x1796/0x1c70 [ 2351.542511][T16887] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2351.548192][T16887] memory_max_write+0x90b/0xb60 [ 2351.553095][T16887] ? memory_max_show+0x1b0/0x1b0 [ 2351.558073][T16887] cgroup_file_write+0x41a/0x8e0 [ 2351.563207][T16887] ? cgroup_seqfile_stop+0x150/0x150 [ 2351.568544][T16887] kernfs_fop_write+0x55f/0x840 [ 2351.573467][T16887] ? kernfs_fop_read+0x9a0/0x9a0 [ 2351.578435][T16887] __vfs_write+0x1a9/0xcb0 [ 2351.582923][T16887] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2351.589125][T16887] ? __sb_start_write+0x10b/0x230 [ 2351.594219][T16887] vfs_write+0x481/0x920 [ 2351.598539][T16887] ksys_write+0x265/0x430 [ 2351.602925][T16887] __se_sys_write+0x92/0xb0 [ 2351.607457][T16887] __x64_sys_write+0x4a/0x70 [ 2351.612105][T16887] do_syscall_64+0xb6/0x160 [ 2351.616708][T16887] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2351.622643][T16887] RIP: 0033:0x459a59 [ 2351.626586][T16887] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2351.646337][T16887] RSP: 002b:00007fd2b558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2351.654799][T16887] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2351.662840][T16887] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2351.670853][T16887] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2351.678859][T16887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b55906d4 [ 2351.686866][T16887] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2351.696142][T16887] memory: usage 5472kB, limit 0kB, failcnt 3154 [ 2351.702581][T16887] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2351.711638][T16887] Memory cgroup stats for /syz5: [ 2351.711971][T16887] anon 139264 [ 2351.711971][T16887] file 2961408 [ 2351.711971][T16887] kernel_stack 196608 [ 2351.711971][T16887] slab 1986560 [ 2351.711971][T16887] sock 0 [ 2351.711971][T16887] shmem 2961408 [ 2351.711971][T16887] file_mapped 0 [ 2351.711971][T16887] file_dirty 0 [ 2351.711971][T16887] file_writeback 0 [ 2351.711971][T16887] anon_thp 0 [ 2351.711971][T16887] inactive_anon 2838528 [ 2351.711971][T16887] active_anon 98304 [ 2351.711971][T16887] inactive_file 0 [ 2351.711971][T16887] active_file 0 [ 2351.711971][T16887] unevictable 0 [ 2351.711971][T16887] slab_reclaimable 413696 [ 2351.711971][T16887] slab_unreclaimable 1572864 [ 2351.711971][T16887] pgfault 132132 [ 2351.711971][T16887] pgmajfault 0 [ 2351.711971][T16887] workingset_refault 0 [ 2351.711971][T16887] workingset_activate 0 [ 2351.711971][T16887] workingset_nodereclaim 0 [ 2351.711971][T16887] pgrefill 0 [ 2351.711971][T16887] pgscan 0 [ 2351.711971][T16887] pgsteal 0 [ 2351.711971][T16887] pgactivate 0 [ 2351.811105][T16887] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16885,uid=0 [ 2351.826860][T16887] Memory cgroup out of memory: Killed process 16885 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2351.849379][ T1833] oom_reaper: reaped process 16885 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2351.892847][T16882] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2351.903155][T16882] CPU: 1 PID: 16882 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2351.911073][T16882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2351.921164][T16882] Call Trace: [ 2351.924516][T16882] dump_stack+0x191/0x1f0 [ 2351.928875][T16882] dump_header+0x1e7/0xd00 [ 2351.933319][T16882] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2351.939507][T16882] ? ___ratelimit+0x542/0x720 [ 2351.944204][T16882] ? task_will_free_mem+0x2c9/0x810 [ 2351.949462][T16882] oom_kill_process+0x210/0x560 [ 2351.954352][T16882] out_of_memory+0x1796/0x1c70 [ 2351.959142][T16882] try_charge+0x2889/0x3d70 [ 2351.963665][T16882] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2351.969858][T16882] mem_cgroup_try_charge+0xa29/0xe40 [ 2351.975182][T16882] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2351.981267][T16882] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2351.987176][T16882] handle_mm_fault+0x522b/0x9f70 [ 2351.992157][T16882] do_user_addr_fault+0x905/0x1510 [ 2351.997302][T16882] __do_page_fault+0x1a2/0x410 [ 2352.002085][T16882] do_page_fault+0xbb/0x500 [ 2352.007238][T16882] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2352.012662][T16882] page_fault+0x4e/0x60 [ 2352.016840][T16882] RIP: 0033:0x403522 [ 2352.020763][T16882] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2352.040396][T16882] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2352.046600][T16882] RAX: 0000000000000000 RBX: 000000000023e1a2 RCX: 0000000000413660 [ 2352.054905][T16882] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2352.063036][T16882] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000d92940 [ 2352.071075][T16882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2352.079091][T16882] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2352.089634][T16882] memory: usage 5056kB, limit 0kB, failcnt 3163 [ 2352.096716][T16882] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2352.103745][T16882] Memory cgroup stats for /syz5: [ 2352.104068][T16882] anon 139264 [ 2352.104068][T16882] file 2961408 [ 2352.104068][T16882] kernel_stack 0 [ 2352.104068][T16882] slab 1986560 [ 2352.104068][T16882] sock 0 [ 2352.104068][T16882] shmem 2961408 [ 2352.104068][T16882] file_mapped 0 [ 2352.104068][T16882] file_dirty 0 [ 2352.104068][T16882] file_writeback 0 [ 2352.104068][T16882] anon_thp 0 [ 2352.104068][T16882] inactive_anon 2838528 [ 2352.104068][T16882] active_anon 0 [ 2352.104068][T16882] inactive_file 0 [ 2352.104068][T16882] active_file 0 [ 2352.104068][T16882] unevictable 0 [ 2352.104068][T16882] slab_reclaimable 413696 [ 2352.104068][T16882] slab_unreclaimable 1572864 [ 2352.104068][T16882] pgfault 132132 [ 2352.104068][T16882] pgmajfault 0 [ 2352.104068][T16882] workingset_refault 0 [ 2352.104068][T16882] workingset_activate 0 [ 2352.104068][T16882] workingset_nodereclaim 0 [ 2352.104068][T16882] pgrefill 0 [ 2352.104068][T16882] pgscan 0 [ 2352.104068][T16882] pgsteal 0 [ 2352.104068][T16882] pgactivate 0 [ 2352.199290][T16882] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16882,uid=0 [ 2352.215061][T16882] Memory cgroup out of memory: Killed process 16882 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2352.234153][ T1833] oom_reaper: reaped process 16882 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:00:58 executing program 4: 21:00:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:58 executing program 1: 21:00:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:00:58 executing program 2: 21:00:58 executing program 0: 21:00:59 executing program 1: 21:00:59 executing program 1: 21:00:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:59 executing program 1: 21:00:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:00:59 executing program 1: [ 2353.824559][T12780] device bridge_slave_1 left promiscuous mode [ 2353.830986][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2353.914046][T12780] device bridge_slave_0 left promiscuous mode [ 2353.921863][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2354.623562][T12780] device hsr_slave_0 left promiscuous mode [ 2354.662634][T12780] device hsr_slave_1 left promiscuous mode [ 2354.733072][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2354.747159][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2354.764031][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2354.922151][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2354.984379][T16916] IPVS: ftp: loaded support on port[0] = 21 [ 2355.053916][T12780] bond0 (unregistering): Released all slaves [ 2355.246356][T16916] chnl_net:caif_netlink_parms(): no params data found [ 2355.294992][T16916] bridge0: port 1(bridge_slave_0) entered blocking state [ 2355.302207][T16916] bridge0: port 1(bridge_slave_0) entered disabled state [ 2355.311452][T16916] device bridge_slave_0 entered promiscuous mode [ 2355.320612][T16916] bridge0: port 2(bridge_slave_1) entered blocking state [ 2355.327953][T16916] bridge0: port 2(bridge_slave_1) entered disabled state [ 2355.336866][T16916] device bridge_slave_1 entered promiscuous mode [ 2355.361384][T16916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2355.375857][T16916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2355.449171][T16916] team0: Port device team_slave_0 added [ 2355.460054][T16916] team0: Port device team_slave_1 added [ 2355.538459][T16916] device hsr_slave_0 entered promiscuous mode [ 2355.593485][T16916] device hsr_slave_1 entered promiscuous mode [ 2355.642592][T16916] debugfs: Directory 'hsr0' with parent '/' already present! [ 2355.674307][T16916] bridge0: port 2(bridge_slave_1) entered blocking state [ 2355.681489][T16916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2355.689596][T16916] bridge0: port 1(bridge_slave_0) entered blocking state [ 2355.696777][T16916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2355.795067][T16916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2355.814881][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2355.825192][T12782] bridge0: port 1(bridge_slave_0) entered disabled state [ 2355.834013][T12782] bridge0: port 2(bridge_slave_1) entered disabled state [ 2355.853709][T16916] 8021q: adding VLAN 0 to HW filter on device team0 [ 2355.868621][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2355.877901][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 2355.885215][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2355.918286][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2355.928533][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2355.935885][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2355.947114][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2355.958673][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2355.979535][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2355.998436][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2356.016140][T16916] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2356.028922][T16916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2356.040315][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2356.069601][T16916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2356.228473][T16921] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2356.239344][T16921] CPU: 1 PID: 16921 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2356.247306][T16921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2356.257411][T16921] Call Trace: [ 2356.260742][T16921] dump_stack+0x191/0x1f0 [ 2356.265109][T16921] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2356.271128][T16921] dump_header+0x1e7/0xd00 [ 2356.275591][T16921] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2356.281785][T16921] ? ___ratelimit+0x542/0x720 [ 2356.287192][T16921] ? task_will_free_mem+0x14c/0x810 [ 2356.292458][T16921] oom_kill_process+0x210/0x560 [ 2356.297359][T16921] out_of_memory+0x1796/0x1c70 [ 2356.302224][T16921] memory_max_write+0x90b/0xb60 [ 2356.307152][T16921] ? memory_max_show+0x1b0/0x1b0 [ 2356.312124][T16921] cgroup_file_write+0x41a/0x8e0 [ 2356.317136][T16921] ? cgroup_seqfile_stop+0x150/0x150 [ 2356.322491][T16921] kernfs_fop_write+0x55f/0x840 [ 2356.327387][T16921] ? kernfs_fop_read+0x9a0/0x9a0 [ 2356.332538][T16921] __vfs_write+0x1a9/0xcb0 [ 2356.337004][T16921] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2356.343126][T16921] ? __sb_start_write+0x10b/0x230 [ 2356.348167][T16921] vfs_write+0x481/0x920 [ 2356.352464][T16921] ksys_write+0x265/0x430 [ 2356.356845][T16921] __se_sys_write+0x92/0xb0 [ 2356.361466][T16921] __x64_sys_write+0x4a/0x70 [ 2356.366074][T16921] do_syscall_64+0xb6/0x160 [ 2356.370602][T16921] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2356.376511][T16921] RIP: 0033:0x459a59 [ 2356.380426][T16921] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2356.400188][T16921] RSP: 002b:00007f8eb32c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2356.409681][T16921] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2356.417758][T16921] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2356.425784][T16921] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2356.433961][T16921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8eb32c36d4 [ 2356.442122][T16921] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2356.450355][T16921] memory: usage 5656kB, limit 0kB, failcnt 3172 [ 2356.456700][T16921] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2356.463635][T16921] Memory cgroup stats for /syz5: [ 2356.463964][T16921] anon 139264 [ 2356.463964][T16921] file 3153920 [ 2356.463964][T16921] kernel_stack 196608 [ 2356.463964][T16921] slab 1986560 [ 2356.463964][T16921] sock 0 [ 2356.463964][T16921] shmem 3153920 [ 2356.463964][T16921] file_mapped 0 [ 2356.463964][T16921] file_dirty 0 [ 2356.463964][T16921] file_writeback 0 [ 2356.463964][T16921] anon_thp 0 [ 2356.463964][T16921] inactive_anon 3244032 [ 2356.463964][T16921] active_anon 98304 [ 2356.463964][T16921] inactive_file 0 [ 2356.463964][T16921] active_file 0 [ 2356.463964][T16921] unevictable 0 [ 2356.463964][T16921] slab_reclaimable 413696 [ 2356.463964][T16921] slab_unreclaimable 1572864 [ 2356.463964][T16921] pgfault 132726 [ 2356.463964][T16921] pgmajfault 0 [ 2356.463964][T16921] workingset_refault 0 [ 2356.463964][T16921] workingset_activate 0 [ 2356.463964][T16921] workingset_nodereclaim 0 [ 2356.463964][T16921] pgrefill 0 [ 2356.463964][T16921] pgscan 0 [ 2356.463964][T16921] pgsteal 0 [ 2356.463964][T16921] pgactivate 0 [ 2356.559189][T16921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16919,uid=0 [ 2356.575027][T16921] Memory cgroup out of memory: Killed process 16919 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2356.603157][ T1833] oom_reaper: reaped process 16919 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2356.639275][T16916] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2356.649511][T16916] CPU: 1 PID: 16916 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2356.657500][T16916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2356.667897][T16916] Call Trace: [ 2356.671224][T16916] dump_stack+0x191/0x1f0 [ 2356.675813][T16916] dump_header+0x1e7/0xd00 [ 2356.680262][T16916] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2356.686433][T16916] ? ___ratelimit+0x542/0x720 [ 2356.691262][T16916] ? task_will_free_mem+0x2c9/0x810 [ 2356.696499][T16916] oom_kill_process+0x210/0x560 [ 2356.701388][T16916] out_of_memory+0x1796/0x1c70 [ 2356.706215][T16916] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2356.711880][T16916] try_charge+0x2889/0x3d70 [ 2356.716424][T16916] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2356.722627][T16916] mem_cgroup_try_charge+0xa29/0xe40 [ 2356.727946][T16916] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2356.733711][T16916] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2356.739646][T16916] handle_mm_fault+0x522b/0x9f70 [ 2356.744647][T16916] do_user_addr_fault+0x905/0x1510 [ 2356.749805][T16916] __do_page_fault+0x1a2/0x410 [ 2356.754677][T16916] do_page_fault+0xbb/0x500 [ 2356.759231][T16916] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2356.764620][T16916] page_fault+0x4e/0x60 [ 2356.768779][T16916] RIP: 0033:0x403522 [ 2356.772704][T16916] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2356.792368][T16916] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2356.798482][T16916] RAX: 0000000000000000 RBX: 000000000023f443 RCX: 0000000000413660 [ 2356.806460][T16916] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2356.814464][T16916] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000be1940 [ 2356.822486][T16916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2356.830652][T16916] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2356.838842][T16916] memory: usage 5244kB, limit 0kB, failcnt 3187 [ 2356.845266][T16916] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2356.852130][T16916] Memory cgroup stats for /syz5: [ 2356.852492][T16916] anon 0 [ 2356.852492][T16916] file 3153920 [ 2356.852492][T16916] kernel_stack 0 [ 2356.852492][T16916] slab 1986560 [ 2356.852492][T16916] sock 0 [ 2356.852492][T16916] shmem 3153920 [ 2356.852492][T16916] file_mapped 0 [ 2356.852492][T16916] file_dirty 0 [ 2356.852492][T16916] file_writeback 0 [ 2356.852492][T16916] anon_thp 0 [ 2356.852492][T16916] inactive_anon 3244032 [ 2356.852492][T16916] active_anon 98304 [ 2356.852492][T16916] inactive_file 0 [ 2356.852492][T16916] active_file 0 [ 2356.852492][T16916] unevictable 0 [ 2356.852492][T16916] slab_reclaimable 413696 [ 2356.852492][T16916] slab_unreclaimable 1572864 [ 2356.852492][T16916] pgfault 132726 [ 2356.852492][T16916] pgmajfault 0 [ 2356.852492][T16916] workingset_refault 0 [ 2356.852492][T16916] workingset_activate 0 [ 2356.852492][T16916] workingset_nodereclaim 0 [ 2356.852492][T16916] pgrefill 0 [ 2356.852492][T16916] pgscan 0 [ 2356.852492][T16916] pgsteal 0 [ 2356.852492][T16916] pgactivate 0 [ 2356.946567][T16916] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16916,uid=0 [ 2356.962212][T16916] Memory cgroup out of memory: Killed process 16916 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:118784kB oom_score_adj:0 [ 2356.981099][ T1833] oom_reaper: reaped process 16916 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:01:03 executing program 4: 21:01:03 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:03 executing program 1: 21:01:03 executing program 0: 21:01:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000580)=ANY=[@ANYBLOB="b70200000000009cbfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000000000006a0a80fe000000008500000053000000b70000000000000095000000000000004e6201363034fdb11716a08af339d1a1ee35fe2a3a255c33282044b324953c0a9fa9a84452569957c1002ed7d4d8e17f791f4798c8eb484de03352c69b3edff5be27765ba5f8f2879021c2ea53ea79acd7fb38fdf79f2be9087b7c4ae7dd5e4dee8851d40c617b58c8108ddf12dddd4bfc6a4dd35383561cbe0458f1f5b6beba510b4229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6134e922bdd14a14ed248e023b6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a0578442926ef4e912f01a201e694e3806e8c8fe8b8091627fcb311a55a9875c606bda873a4bca7f6cd0c24d6e5e352655635a650a5a7ad0a7b1d7d10e14b1e2375f6f55b52028d758d2f7085054567383f309336c34c06e751f94655df5e7c30b609acbe29dc3e031d1164839c1d0a8a74c01fd7edac55c37c6315005cf47f486660371b9bbd7784c5c84014b972058bc07306c9a91f3b944073334e69532486ea2e023aec116803f8"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x0, 0xe, 0x0, &(0x7f0000000180)="c45c57ce395de5b2810f7d637a22", 0x0, 0xf0}, 0x28) 21:01:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:03 executing program 1: 21:01:03 executing program 1: 21:01:03 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:03 executing program 1: 21:01:03 executing program 1: [ 2358.283853][ T9367] device bridge_slave_1 left promiscuous mode [ 2358.290359][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2358.334742][ T9367] device bridge_slave_0 left promiscuous mode [ 2358.341365][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2359.064043][ T9367] device hsr_slave_0 left promiscuous mode [ 2359.102913][ T9367] device hsr_slave_1 left promiscuous mode [ 2359.161899][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2359.179462][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2359.195130][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2359.238954][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2359.316164][ T9367] bond0 (unregistering): Released all slaves 21:01:07 executing program 4: 21:01:07 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:07 executing program 1: 21:01:12 executing program 0: 21:01:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:12 executing program 1: 21:01:12 executing program 2: 21:01:12 executing program 1: 21:01:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:12 executing program 1: 21:01:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2368.270843][T16973] IPVS: ftp: loaded support on port[0] = 21 [ 2368.368585][T16973] chnl_net:caif_netlink_parms(): no params data found [ 2368.409380][T16973] bridge0: port 1(bridge_slave_0) entered blocking state [ 2368.416653][T16973] bridge0: port 1(bridge_slave_0) entered disabled state [ 2368.426699][T16973] device bridge_slave_0 entered promiscuous mode [ 2368.437636][T16973] bridge0: port 2(bridge_slave_1) entered blocking state [ 2368.444971][T16973] bridge0: port 2(bridge_slave_1) entered disabled state [ 2368.454024][T16973] device bridge_slave_1 entered promiscuous mode [ 2368.480963][T16973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2368.495046][T16973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2368.531771][T16973] team0: Port device team_slave_0 added [ 2368.540644][T16973] team0: Port device team_slave_1 added [ 2368.606837][T16973] device hsr_slave_0 entered promiscuous mode [ 2368.664238][T16973] device hsr_slave_1 entered promiscuous mode [ 2368.702579][T16973] debugfs: Directory 'hsr0' with parent '/' already present! [ 2368.727529][T16973] bridge0: port 2(bridge_slave_1) entered blocking state [ 2368.734746][T16973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2368.743394][T16973] bridge0: port 1(bridge_slave_0) entered blocking state [ 2368.750623][T16973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2368.816602][T16973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2368.837605][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2368.848409][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2368.857549][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2368.869076][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2368.888298][T16973] 8021q: adding VLAN 0 to HW filter on device team0 [ 2368.904432][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2368.913971][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2368.921100][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2368.938892][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2368.949217][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 2368.956518][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2368.988637][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2368.999652][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2369.019053][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2369.038580][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2369.057884][T16973] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2369.071638][T16973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2369.082942][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2369.115656][T16973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2369.276800][T16978] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2369.287813][T16978] CPU: 0 PID: 16978 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2369.295769][T16978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2369.305867][T16978] Call Trace: [ 2369.309301][T16978] dump_stack+0x191/0x1f0 [ 2369.313690][T16978] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2369.319727][T16978] dump_header+0x1e7/0xd00 [ 2369.324591][T16978] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2369.330840][T16978] ? ___ratelimit+0x542/0x720 [ 2369.335550][T16978] ? task_will_free_mem+0x14c/0x810 [ 2369.340821][T16978] oom_kill_process+0x210/0x560 [ 2369.346115][T16978] out_of_memory+0x1796/0x1c70 [ 2369.350972][T16978] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2369.356706][T16978] memory_max_write+0x90b/0xb60 [ 2369.361647][T16978] ? memory_max_show+0x1b0/0x1b0 [ 2369.368741][T16978] cgroup_file_write+0x41a/0x8e0 [ 2369.373776][T16978] ? cgroup_seqfile_stop+0x150/0x150 [ 2369.379118][T16978] kernfs_fop_write+0x55f/0x840 [ 2369.384033][T16978] ? kernfs_fop_read+0x9a0/0x9a0 [ 2369.388996][T16978] __vfs_write+0x1a9/0xcb0 [ 2369.393486][T16978] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2369.399592][T16978] ? __sb_start_write+0x10b/0x230 [ 2369.404658][T16978] vfs_write+0x481/0x920 [ 2369.409000][T16978] ksys_write+0x265/0x430 [ 2369.413468][T16978] __se_sys_write+0x92/0xb0 [ 2369.418042][T16978] __x64_sys_write+0x4a/0x70 [ 2369.422656][T16978] do_syscall_64+0xb6/0x160 [ 2369.427196][T16978] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2369.433117][T16978] RIP: 0033:0x459a59 [ 2369.437046][T16978] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2369.456916][T16978] RSP: 002b:00007fbcd9a67c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2369.465530][T16978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2369.473545][T16978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2369.481537][T16978] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2369.489542][T16978] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbcd9a686d4 [ 2369.497579][T16978] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2369.507637][T16978] memory: usage 5332kB, limit 0kB, failcnt 3196 [ 2369.514040][T16978] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2369.520932][T16978] Memory cgroup stats for /syz5: [ 2369.521289][T16978] anon 0 [ 2369.521289][T16978] file 2908160 [ 2369.521289][T16978] kernel_stack 196608 [ 2369.521289][T16978] slab 1986560 [ 2369.521289][T16978] sock 0 [ 2369.521289][T16978] shmem 2908160 [ 2369.521289][T16978] file_mapped 0 [ 2369.521289][T16978] file_dirty 0 [ 2369.521289][T16978] file_writeback 0 [ 2369.521289][T16978] anon_thp 0 [ 2369.521289][T16978] inactive_anon 2838528 [ 2369.521289][T16978] active_anon 98304 [ 2369.521289][T16978] inactive_file 0 [ 2369.521289][T16978] active_file 0 [ 2369.521289][T16978] unevictable 0 [ 2369.521289][T16978] slab_reclaimable 413696 [ 2369.521289][T16978] slab_unreclaimable 1572864 [ 2369.521289][T16978] pgfault 133287 [ 2369.521289][T16978] pgmajfault 0 [ 2369.521289][T16978] workingset_refault 0 [ 2369.521289][T16978] workingset_activate 0 [ 2369.521289][T16978] workingset_nodereclaim 0 [ 2369.521289][T16978] pgrefill 0 [ 2369.521289][T16978] pgscan 0 [ 2369.521289][T16978] pgsteal 0 [ 2369.521289][T16978] pgactivate 0 [ 2369.616460][T16978] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16976,uid=0 [ 2369.632332][T16978] Memory cgroup out of memory: Killed process 16976 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2369.655199][ T1833] oom_reaper: reaped process 16976 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2369.700419][T16973] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2369.711825][T16973] CPU: 1 PID: 16973 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2369.719858][T16973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2369.730249][T16973] Call Trace: [ 2369.733605][T16973] dump_stack+0x191/0x1f0 [ 2369.738044][T16973] dump_header+0x1e7/0xd00 [ 2369.742659][T16973] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2369.749537][T16973] ? ___ratelimit+0x542/0x720 [ 2369.754296][T16973] ? task_will_free_mem+0x2c9/0x810 [ 2369.759646][T16973] oom_kill_process+0x210/0x560 [ 2369.766451][T16973] out_of_memory+0x1796/0x1c70 [ 2369.771240][T16973] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2369.776916][T16973] try_charge+0x2889/0x3d70 [ 2369.782359][T16973] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2369.788841][T16973] mem_cgroup_try_charge+0xa29/0xe40 [ 2369.794241][T16973] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2369.800033][T16973] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2369.805999][T16973] handle_mm_fault+0x522b/0x9f70 [ 2369.811176][T16973] do_user_addr_fault+0x905/0x1510 [ 2369.816520][T16973] __do_page_fault+0x1a2/0x410 [ 2369.821631][T16973] do_page_fault+0xbb/0x500 [ 2369.826542][T16973] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2369.831980][T16973] page_fault+0x4e/0x60 [ 2369.836264][T16973] RIP: 0033:0x403522 [ 2369.840200][T16973] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2369.859832][T16973] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2369.865922][T16973] RAX: 0000000000000000 RBX: 000000000024273b RCX: 0000000000413660 [ 2369.873931][T16973] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2369.881955][T16973] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002410940 [ 2369.889977][T16973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2369.897971][T16973] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2369.906600][T16973] memory: usage 4916kB, limit 0kB, failcnt 3205 [ 2369.913014][T16973] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2369.920023][T16973] Memory cgroup stats for /syz5: [ 2369.920254][T16973] anon 0 [ 2369.920254][T16973] file 2908160 [ 2369.920254][T16973] kernel_stack 0 [ 2369.920254][T16973] slab 1986560 [ 2369.920254][T16973] sock 0 [ 2369.920254][T16973] shmem 2908160 [ 2369.920254][T16973] file_mapped 0 [ 2369.920254][T16973] file_dirty 0 [ 2369.920254][T16973] file_writeback 0 [ 2369.920254][T16973] anon_thp 0 [ 2369.920254][T16973] inactive_anon 2973696 [ 2369.920254][T16973] active_anon 98304 [ 2369.920254][T16973] inactive_file 0 [ 2369.920254][T16973] active_file 0 [ 2369.920254][T16973] unevictable 0 [ 2369.920254][T16973] slab_reclaimable 413696 [ 2369.920254][T16973] slab_unreclaimable 1572864 [ 2369.920254][T16973] pgfault 133320 [ 2369.920254][T16973] pgmajfault 0 [ 2369.920254][T16973] workingset_refault 0 [ 2369.920254][T16973] workingset_activate 0 [ 2369.920254][T16973] workingset_nodereclaim 0 [ 2369.920254][T16973] pgrefill 0 [ 2369.920254][T16973] pgscan 0 [ 2369.920254][T16973] pgsteal 0 [ 2369.920254][T16973] pgactivate 0 [ 2370.014685][T16973] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16973,uid=0 [ 2370.030433][T16973] Memory cgroup out of memory: Killed process 16973 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2370.050596][ T1833] oom_reaper: reaped process 16973 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:01:16 executing program 1: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x6000000, 0x100000001, 0x6000000, 0x1}, 0x1c) setsockopt$packet_int(r1, 0x107, 0x6a, &(0x7f0000000000), 0x4) dup2(r0, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 21:01:16 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:16 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendmsg$nl_netfilter(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000cc0)=ANY=[@ANYPTR, @ANYBLOB="49c6499c757b67f681ec6af99b728ffb3b1eaf5fb9be26e8c474c503de42feeec693603e074058253ff55d42f9ec0c12f708e38077a7dd43ec1d5b5e567edb4940f06ca4fc921d2621d39a00000000000000bb0800610062627200dc00890008008700ffffffff0332dbce860e406186359b488c0131bb7341ca12dcbb9af7cd74bfba47d2316f07cc6cb96ed6747390561567e1c881c823492b5f467153b91df7b96bec7e48c4921489be8dd8b1062ee38108167750e194cf06f896542516081f6fe91425a9f858b125a6c2a3a39ee42abe8f5b9505e965a7f0545162d106c7ea7e1f815d66ffff326dbbd9cef1a05345a3ec7517c60f3b05767bab26e941cf6cf3"], 0x10a}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac623ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a92825a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x104eb, 0x11, 0x0, 0x27) 21:01:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() ioprio_set$pid(0x0, r0, 0x0) pipe2$9p(0x0, 0x0) dup(0xffffffffffffffff) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000140)={[], 0x7fff}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(0x0, 0x141042, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 21:01:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b00") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:16 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001a40)=""/162, 0xa2}], 0x1}}], 0x1, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x40000004}, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, 0x0, 0x1) 21:01:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b00") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b00") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2371.132831][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2371.139189][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2371.145813][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2371.152065][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2371.158638][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2371.164958][ C1] protocol 88fb is buggy, dev hsr_slave_1 21:01:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2371.774325][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2371.780666][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2372.184567][T12780] device bridge_slave_1 left promiscuous mode [ 2372.191213][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2372.250022][T12780] device bridge_slave_0 left promiscuous mode [ 2372.256767][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2372.886553][T17117] IPVS: ftp: loaded support on port[0] = 21 [ 2373.413252][T12780] device hsr_slave_0 left promiscuous mode [ 2373.452725][T12780] device hsr_slave_1 left promiscuous mode [ 2373.504846][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2373.518497][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2373.531404][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2373.588799][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2373.681661][T12780] bond0 (unregistering): Released all slaves [ 2373.868017][T17117] chnl_net:caif_netlink_parms(): no params data found [ 2373.915314][T17117] bridge0: port 1(bridge_slave_0) entered blocking state [ 2373.923212][T17117] bridge0: port 1(bridge_slave_0) entered disabled state [ 2373.932206][T17117] device bridge_slave_0 entered promiscuous mode [ 2373.941819][T17117] bridge0: port 2(bridge_slave_1) entered blocking state [ 2373.949125][T17117] bridge0: port 2(bridge_slave_1) entered disabled state [ 2373.958593][T17117] device bridge_slave_1 entered promiscuous mode [ 2374.030504][T17117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2374.045440][T17117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2374.084444][T17117] team0: Port device team_slave_0 added [ 2374.095494][T17117] team0: Port device team_slave_1 added [ 2374.196961][T17117] device hsr_slave_0 entered promiscuous mode [ 2374.263582][T17117] device hsr_slave_1 entered promiscuous mode [ 2374.302561][T17117] debugfs: Directory 'hsr0' with parent '/' already present! [ 2374.334226][T17117] bridge0: port 2(bridge_slave_1) entered blocking state [ 2374.341627][T17117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2374.349699][T17117] bridge0: port 1(bridge_slave_0) entered blocking state [ 2374.356993][T17117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2374.427745][T17117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2374.454722][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2374.466674][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 2374.476514][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 2374.507963][T17117] 8021q: adding VLAN 0 to HW filter on device team0 [ 2374.523378][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2374.532836][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2374.540113][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2374.557457][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2374.566471][T12782] bridge0: port 2(bridge_slave_1) entered blocking state [ 2374.573757][T12782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2374.614530][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2374.637956][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2374.648844][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2374.673947][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2374.685737][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2374.699510][T17117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2374.731205][T17117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2374.861867][T17122] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2374.872916][T17122] CPU: 0 PID: 17122 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2374.880856][T17122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2374.890934][T17122] Call Trace: [ 2374.894289][T17122] dump_stack+0x191/0x1f0 [ 2374.898647][T17122] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2374.904558][T17122] dump_header+0x1e7/0xd00 [ 2374.909037][T17122] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2374.915244][T17122] ? ___ratelimit+0x542/0x720 [ 2374.919985][T17122] ? task_will_free_mem+0x14c/0x810 [ 2374.925269][T17122] oom_kill_process+0x210/0x560 [ 2374.930339][T17122] out_of_memory+0x1796/0x1c70 [ 2374.935123][T17122] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2374.940811][T17122] memory_max_write+0x90b/0xb60 [ 2374.945744][T17122] ? memory_max_show+0x1b0/0x1b0 [ 2374.950727][T17122] cgroup_file_write+0x41a/0x8e0 [ 2374.955713][T17122] ? cgroup_seqfile_stop+0x150/0x150 [ 2374.961038][T17122] kernfs_fop_write+0x55f/0x840 [ 2374.965930][T17122] ? kernfs_fop_read+0x9a0/0x9a0 [ 2374.970906][T17122] __vfs_write+0x1a9/0xcb0 [ 2374.975402][T17122] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2374.981540][T17122] ? __sb_start_write+0x10b/0x230 [ 2374.986608][T17122] vfs_write+0x481/0x920 [ 2374.991081][T17122] ksys_write+0x265/0x430 [ 2374.995472][T17122] __se_sys_write+0x92/0xb0 [ 2375.000046][T17122] __x64_sys_write+0x4a/0x70 [ 2375.004664][T17122] do_syscall_64+0xb6/0x160 [ 2375.009203][T17122] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2375.015106][T17122] RIP: 0033:0x459a59 [ 2375.019048][T17122] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2375.038802][T17122] RSP: 002b:00007f9bc68b1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2375.047277][T17122] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2375.055446][T17122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2375.063500][T17122] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2375.071687][T17122] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bc68b26d4 [ 2375.079788][T17122] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2375.088060][T17122] memory: usage 5192kB, limit 0kB, failcnt 3214 [ 2375.094558][T17122] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2375.101443][T17122] Memory cgroup stats for /syz5: [ 2375.101642][T17122] anon 118784 [ 2375.101642][T17122] file 2740224 [ 2375.101642][T17122] kernel_stack 196608 [ 2375.101642][T17122] slab 1986560 [ 2375.101642][T17122] sock 0 [ 2375.101642][T17122] shmem 2740224 [ 2375.101642][T17122] file_mapped 0 [ 2375.101642][T17122] file_dirty 0 [ 2375.101642][T17122] file_writeback 0 [ 2375.101642][T17122] anon_thp 0 [ 2375.101642][T17122] inactive_anon 2703360 [ 2375.101642][T17122] active_anon 98304 [ 2375.101642][T17122] inactive_file 0 [ 2375.101642][T17122] active_file 0 [ 2375.101642][T17122] unevictable 0 [ 2375.101642][T17122] slab_reclaimable 413696 [ 2375.101642][T17122] slab_unreclaimable 1572864 [ 2375.101642][T17122] pgfault 133881 [ 2375.101642][T17122] pgmajfault 0 [ 2375.101642][T17122] workingset_refault 0 [ 2375.101642][T17122] workingset_activate 0 [ 2375.101642][T17122] workingset_nodereclaim 0 [ 2375.101642][T17122] pgrefill 0 [ 2375.101642][T17122] pgscan 0 [ 2375.101642][T17122] pgsteal 0 [ 2375.101642][T17122] pgactivate 0 [ 2375.197644][T17122] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17120,uid=0 [ 2375.215615][T17122] Memory cgroup out of memory: Killed process 17120 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2375.238771][ T1833] oom_reaper: reaped process 17120 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2375.278989][T17117] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2375.289909][T17117] CPU: 1 PID: 17117 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2375.297950][T17117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.309128][T17117] Call Trace: [ 2375.312569][T17117] dump_stack+0x191/0x1f0 [ 2375.316932][T17117] dump_header+0x1e7/0xd00 [ 2375.321378][T17117] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2375.327568][T17117] ? ___ratelimit+0x542/0x720 [ 2375.332286][T17117] ? task_will_free_mem+0x2c9/0x810 [ 2375.337528][T17117] oom_kill_process+0x210/0x560 [ 2375.342439][T17117] out_of_memory+0x1796/0x1c70 [ 2375.347280][T17117] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2375.353022][T17117] try_charge+0x2889/0x3d70 [ 2375.357607][T17117] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2375.363902][T17117] mem_cgroup_try_charge+0xa29/0xe40 [ 2375.369374][T17117] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2375.375653][T17117] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2375.381675][T17117] handle_mm_fault+0x522b/0x9f70 [ 2375.386671][T17117] do_user_addr_fault+0x905/0x1510 [ 2375.391886][T17117] __do_page_fault+0x1a2/0x410 [ 2375.396723][T17117] do_page_fault+0xbb/0x500 [ 2375.401362][T17117] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2375.406780][T17117] page_fault+0x4e/0x60 [ 2375.411171][T17117] RIP: 0033:0x403522 [ 2375.415088][T17117] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2375.435138][T17117] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2375.441505][T17117] RAX: 0000000000000000 RBX: 0000000000243d15 RCX: 0000000000413660 [ 2375.449532][T17117] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2375.457770][T17117] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000011ee940 [ 2375.465868][T17117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2375.474003][T17117] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2375.482156][T17117] memory: usage 4776kB, limit 0kB, failcnt 3229 [ 2375.488574][T17117] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2375.495605][T17117] Memory cgroup stats for /syz5: [ 2375.495944][T17117] anon 118784 [ 2375.495944][T17117] file 2740224 [ 2375.495944][T17117] kernel_stack 0 [ 2375.495944][T17117] slab 1986560 [ 2375.495944][T17117] sock 0 [ 2375.495944][T17117] shmem 2740224 [ 2375.495944][T17117] file_mapped 0 [ 2375.495944][T17117] file_dirty 0 [ 2375.495944][T17117] file_writeback 0 [ 2375.495944][T17117] anon_thp 0 [ 2375.495944][T17117] inactive_anon 2703360 [ 2375.495944][T17117] active_anon 0 [ 2375.495944][T17117] inactive_file 0 [ 2375.495944][T17117] active_file 0 [ 2375.495944][T17117] unevictable 0 [ 2375.495944][T17117] slab_reclaimable 413696 [ 2375.495944][T17117] slab_unreclaimable 1572864 [ 2375.495944][T17117] pgfault 133881 [ 2375.495944][T17117] pgmajfault 0 [ 2375.495944][T17117] workingset_refault 0 [ 2375.495944][T17117] workingset_activate 0 [ 2375.495944][T17117] workingset_nodereclaim 0 [ 2375.495944][T17117] pgrefill 0 [ 2375.495944][T17117] pgscan 0 [ 2375.495944][T17117] pgsteal 0 [ 2375.495944][T17117] pgactivate 0 [ 2375.590339][T17117] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17117,uid=0 [ 2375.606092][T17117] Memory cgroup out of memory: Killed process 17117 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2375.625517][ T1833] oom_reaper: reaped process 17117 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2376.794123][T12780] device bridge_slave_1 left promiscuous mode [ 2376.800600][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2376.854829][T12780] device bridge_slave_0 left promiscuous mode [ 2376.861453][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2377.674331][T12780] device hsr_slave_0 left promiscuous mode [ 2377.712922][T12780] device hsr_slave_1 left promiscuous mode 21:01:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) fchmod(r0, 0x0) 21:01:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:23 executing program 1: syz_emit_ethernet(0x7a, &(0x7f0000000200)={@local, @random="2d90bc29ea0a", [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x44, 0x2f, 0x0, @remote, @empty, {[], @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}}}}}}, 0x0) 21:01:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:23 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$sock_buf(r0, 0x1, 0xf, 0x0, &(0x7f0000000000)=0x10) 21:01:23 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f00000000c0)='/dev/snd/seq\x00', 0x0, 0x0) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) [ 2377.793019][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2377.863808][T12780] team0 (unregistering): Port device team_slave_0 removed 21:01:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x1) r2 = dup3(r1, r0, 0x0) write$P9_RREAD(r2, 0x0, 0x0) [ 2377.910218][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2377.971543][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2378.061708][T12780] bond0 (unregistering): Released all slaves 21:01:24 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0) 21:01:24 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffd}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) uname(&(0x7f00000000c0)=""/30) creat(&(0x7f0000000400)='./file0\x00', 0x0) 21:01:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:01:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 2378.555349][T17306] binder: 17305:17306 ioctl c0306201 0 returned -14 21:01:24 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) [ 2379.769210][T17455] IPVS: ftp: loaded support on port[0] = 21 [ 2379.860625][T17455] chnl_net:caif_netlink_parms(): no params data found [ 2379.902807][T17455] bridge0: port 1(bridge_slave_0) entered blocking state [ 2379.910082][T17455] bridge0: port 1(bridge_slave_0) entered disabled state [ 2379.919292][T17455] device bridge_slave_0 entered promiscuous mode [ 2379.928059][T17455] bridge0: port 2(bridge_slave_1) entered blocking state [ 2379.935530][T17455] bridge0: port 2(bridge_slave_1) entered disabled state [ 2379.945334][T17455] device bridge_slave_1 entered promiscuous mode [ 2379.970378][T17455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2379.983880][T17455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2380.009926][T17455] team0: Port device team_slave_0 added [ 2380.018721][T17455] team0: Port device team_slave_1 added [ 2380.076813][T17455] device hsr_slave_0 entered promiscuous mode [ 2380.134060][T17455] device hsr_slave_1 entered promiscuous mode [ 2380.172690][T17455] debugfs: Directory 'hsr0' with parent '/' already present! [ 2380.195728][T17455] bridge0: port 2(bridge_slave_1) entered blocking state [ 2380.203006][T17455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2380.211097][T17455] bridge0: port 1(bridge_slave_0) entered blocking state [ 2380.218419][T17455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2380.278601][T17455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2380.297437][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2380.307507][T12782] bridge0: port 1(bridge_slave_0) entered disabled state [ 2380.316180][T12782] bridge0: port 2(bridge_slave_1) entered disabled state [ 2380.327313][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2380.345113][T17455] 8021q: adding VLAN 0 to HW filter on device team0 [ 2380.358996][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2380.369848][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2380.377149][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2380.393202][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2380.402208][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2380.409581][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2380.437541][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2380.449691][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2380.467654][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2380.491748][T17455] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2380.503877][T17455] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2380.519744][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2380.529696][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2380.540034][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2380.571360][T17455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2380.735438][T17462] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2380.746140][T17462] CPU: 1 PID: 17462 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2380.754089][T17462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2380.764198][T17462] Call Trace: [ 2380.767588][T17462] dump_stack+0x191/0x1f0 [ 2380.773210][T17462] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2380.779250][T17462] dump_header+0x1e7/0xd00 [ 2380.783787][T17462] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2380.790185][T17462] ? ___ratelimit+0x542/0x720 [ 2380.794929][T17462] ? task_will_free_mem+0x14c/0x810 [ 2380.800195][T17462] oom_kill_process+0x210/0x560 [ 2380.805087][T17462] out_of_memory+0x1796/0x1c70 [ 2380.809918][T17462] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2380.815608][T17462] memory_max_write+0x90b/0xb60 [ 2380.820605][T17462] ? memory_max_show+0x1b0/0x1b0 [ 2380.825614][T17462] cgroup_file_write+0x41a/0x8e0 [ 2380.830769][T17462] ? cgroup_seqfile_stop+0x150/0x150 [ 2380.836121][T17462] kernfs_fop_write+0x55f/0x840 [ 2380.841015][T17462] ? kernfs_fop_read+0x9a0/0x9a0 [ 2380.845981][T17462] __vfs_write+0x1a9/0xcb0 [ 2380.850532][T17462] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2380.856643][T17462] ? __sb_start_write+0x10b/0x230 [ 2380.861721][T17462] vfs_write+0x481/0x920 [ 2380.866022][T17462] ksys_write+0x265/0x430 [ 2380.870388][T17462] __se_sys_write+0x92/0xb0 [ 2380.875031][T17462] __x64_sys_write+0x4a/0x70 [ 2380.879652][T17462] do_syscall_64+0xb6/0x160 [ 2380.884222][T17462] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2380.890164][T17462] RIP: 0033:0x459a59 [ 2380.896440][T17462] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2380.916456][T17462] RSP: 002b:00007f1ebf813c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2380.924943][T17462] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2380.933194][T17462] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2380.941317][T17462] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2380.949324][T17462] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ebf8146d4 [ 2380.957360][T17462] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2380.967990][T17462] memory: usage 5784kB, limit 0kB, failcnt 3238 [ 2380.974353][T17462] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2380.981291][T17462] Memory cgroup stats for /syz5: [ 2380.981495][T17462] anon 106496 [ 2380.981495][T17462] file 3076096 [ 2380.981495][T17462] kernel_stack 196608 [ 2380.981495][T17462] slab 1986560 [ 2380.981495][T17462] sock 0 [ 2380.981495][T17462] shmem 3076096 [ 2380.981495][T17462] file_mapped 0 [ 2380.981495][T17462] file_dirty 0 [ 2380.981495][T17462] file_writeback 0 [ 2380.981495][T17462] anon_thp 0 [ 2380.981495][T17462] inactive_anon 3108864 [ 2380.981495][T17462] active_anon 98304 [ 2380.981495][T17462] inactive_file 0 [ 2380.981495][T17462] active_file 0 [ 2380.981495][T17462] unevictable 0 [ 2380.981495][T17462] slab_reclaimable 413696 [ 2380.981495][T17462] slab_unreclaimable 1572864 [ 2380.981495][T17462] pgfault 134442 [ 2380.981495][T17462] pgmajfault 0 [ 2380.981495][T17462] workingset_refault 0 [ 2380.981495][T17462] workingset_activate 0 [ 2380.981495][T17462] workingset_nodereclaim 0 [ 2380.981495][T17462] pgrefill 0 [ 2380.981495][T17462] pgscan 0 [ 2380.981495][T17462] pgsteal 0 [ 2380.981495][T17462] pgactivate 0 [ 2381.077754][T17462] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17460,uid=0 [ 2381.094887][T17462] Memory cgroup out of memory: Killed process 17460 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2381.116990][ T1833] oom_reaper: reaped process 17460 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2381.155641][T17455] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2381.166534][T17455] CPU: 1 PID: 17455 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2381.174562][T17455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2381.184635][T17455] Call Trace: [ 2381.187966][T17455] dump_stack+0x191/0x1f0 [ 2381.192344][T17455] dump_header+0x1e7/0xd00 [ 2381.196885][T17455] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2381.203088][T17455] ? ___ratelimit+0x542/0x720 [ 2381.207800][T17455] ? task_will_free_mem+0x2c9/0x810 [ 2381.214126][T17455] oom_kill_process+0x210/0x560 [ 2381.219010][T17455] out_of_memory+0x1796/0x1c70 [ 2381.223837][T17455] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2381.229536][T17455] try_charge+0x2889/0x3d70 [ 2381.234068][T17455] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2381.240271][T17455] mem_cgroup_try_charge+0xa29/0xe40 [ 2381.245600][T17455] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2381.251346][T17455] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2381.257257][T17455] handle_mm_fault+0x522b/0x9f70 [ 2381.262223][T17455] do_user_addr_fault+0x905/0x1510 [ 2381.267411][T17455] __do_page_fault+0x1a2/0x410 [ 2381.272205][T17455] do_page_fault+0xbb/0x500 [ 2381.276722][T17455] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2381.282203][T17455] page_fault+0x4e/0x60 [ 2381.286370][T17455] RIP: 0033:0x403522 [ 2381.290278][T17455] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2381.309927][T17455] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2381.316022][T17455] RAX: 0000000000000000 RBX: 00000000002453fd RCX: 0000000000413660 [ 2381.324195][T17455] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2381.332198][T17455] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002203940 [ 2381.340195][T17455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2381.348179][T17455] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2381.356347][T17455] memory: usage 5360kB, limit 0kB, failcnt 3253 [ 2381.362866][T17455] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2381.369886][T17455] Memory cgroup stats for /syz5: [ 2381.370077][T17455] anon 106496 [ 2381.370077][T17455] file 3076096 [ 2381.370077][T17455] kernel_stack 0 [ 2381.370077][T17455] slab 1986560 [ 2381.370077][T17455] sock 0 [ 2381.370077][T17455] shmem 3076096 [ 2381.370077][T17455] file_mapped 0 [ 2381.370077][T17455] file_dirty 0 [ 2381.370077][T17455] file_writeback 0 [ 2381.370077][T17455] anon_thp 0 [ 2381.370077][T17455] inactive_anon 3244032 [ 2381.370077][T17455] active_anon 98304 [ 2381.370077][T17455] inactive_file 0 [ 2381.370077][T17455] active_file 0 [ 2381.370077][T17455] unevictable 0 [ 2381.370077][T17455] slab_reclaimable 413696 [ 2381.370077][T17455] slab_unreclaimable 1572864 [ 2381.370077][T17455] pgfault 134442 [ 2381.370077][T17455] pgmajfault 0 [ 2381.370077][T17455] workingset_refault 0 [ 2381.370077][T17455] workingset_activate 0 [ 2381.370077][T17455] workingset_nodereclaim 0 [ 2381.370077][T17455] pgrefill 0 [ 2381.370077][T17455] pgscan 0 [ 2381.370077][T17455] pgsteal 0 [ 2381.370077][T17455] pgactivate 0 [ 2381.466505][T17455] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17455,uid=0 [ 2381.482114][T17455] Memory cgroup out of memory: Killed process 17455 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 2381.501702][ T1833] oom_reaper: reaped process 17455 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2382.584006][T12780] device bridge_slave_1 left promiscuous mode [ 2382.590514][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2382.655939][T12780] device bridge_slave_0 left promiscuous mode [ 2382.663301][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2383.524301][T12780] device hsr_slave_0 left promiscuous mode [ 2383.562843][T12780] device hsr_slave_1 left promiscuous mode [ 2383.614882][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2383.628302][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2383.641241][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2383.690960][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2383.770315][T12780] bond0 (unregistering): Released all slaves 21:01:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000001c0)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "215e2eb7b724937e", "df28196f6317ffbc13846cbe59f4f1b8c255c35c6b898da733494d6ae33cbdfb", "7b45bfdf", "1215ddea89823d54"}, 0x38) setsockopt$inet6_tcp_int(r1, 0x6, 0x19, &(0x7f0000000140), 0x4) 21:01:31 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 21:01:31 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) add_key$keyring(&(0x7f00000002c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) keyctl$update(0x2, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$reject(0x13, 0x0, 0x0, 0x7fffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @dev={0xac, 0xb, 0xa}}, {0x8, 0x0, @multicast2}, {}, 0x44}) syz_emit_ethernet(0x0, &(0x7f0000000500)=ANY=[], 0x0) 21:01:31 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2385.098091][T17467] binder: 17466:17467 ioctl c0306201 0 returned -14 [ 2386.815449][T17573] IPVS: ftp: loaded support on port[0] = 21 [ 2386.917469][T17573] chnl_net:caif_netlink_parms(): no params data found [ 2386.960924][T17573] bridge0: port 1(bridge_slave_0) entered blocking state [ 2386.968706][T17573] bridge0: port 1(bridge_slave_0) entered disabled state [ 2386.978591][T17573] device bridge_slave_0 entered promiscuous mode [ 2386.988692][T17573] bridge0: port 2(bridge_slave_1) entered blocking state [ 2386.996278][T17573] bridge0: port 2(bridge_slave_1) entered disabled state [ 2387.006127][T17573] device bridge_slave_1 entered promiscuous mode 21:01:33 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 21:01:33 executing program 0: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000001400)='*', 0x1}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x9, 0x4}, 0xc) 21:01:33 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 21:01:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000500)) ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f0000000500)) [ 2387.041807][T17573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2387.074934][T17573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2387.108936][T17583] binder: 17575:17583 ioctl c0306201 0 returned -14 21:01:33 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2387.151128][T17573] team0: Port device team_slave_0 added [ 2387.170275][T17573] team0: Port device team_slave_1 added 21:01:33 executing program 1: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x7fb, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 2387.268054][T17573] device hsr_slave_0 entered promiscuous mode [ 2387.314839][T17573] device hsr_slave_1 entered promiscuous mode [ 2387.352751][T17573] debugfs: Directory 'hsr0' with parent '/' already present! 21:01:33 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2387.394037][T17573] bridge0: port 2(bridge_slave_1) entered blocking state [ 2387.401289][T17573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2387.409281][T17573] bridge0: port 1(bridge_slave_0) entered blocking state [ 2387.416761][T17573] bridge0: port 1(bridge_slave_0) entered forwarding state 21:01:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) dup2(r0, r1) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) [ 2387.562964][T17573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2387.586399][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2387.611076][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2387.635917][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 2387.657889][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2387.684141][T17573] 8021q: adding VLAN 0 to HW filter on device team0 [ 2387.703060][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2387.712819][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2387.720773][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2387.767475][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2387.776897][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2387.784464][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2387.795607][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2387.805749][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2387.816036][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2387.826296][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2387.841693][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2387.858351][T17573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2387.891656][T17573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2388.046533][T17900] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2388.058395][T17900] CPU: 0 PID: 17900 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2388.066815][T17900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2388.077429][T17900] Call Trace: [ 2388.080859][T17900] dump_stack+0x191/0x1f0 [ 2388.085231][T17900] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2388.091221][T17900] dump_header+0x1e7/0xd00 [ 2388.096050][T17900] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2388.102312][T17900] ? ___ratelimit+0x542/0x720 [ 2388.107261][T17900] ? task_will_free_mem+0x14c/0x810 [ 2388.112589][T17900] oom_kill_process+0x210/0x560 [ 2388.117525][T17900] out_of_memory+0x1796/0x1c70 [ 2388.122845][T17900] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2388.128891][T17900] memory_max_write+0x90b/0xb60 [ 2388.134866][T17900] ? memory_max_show+0x1b0/0x1b0 [ 2388.139899][T17900] cgroup_file_write+0x41a/0x8e0 [ 2388.145145][T17900] ? cgroup_seqfile_stop+0x150/0x150 [ 2388.151054][T17900] kernfs_fop_write+0x55f/0x840 [ 2388.156170][T17900] ? kernfs_fop_read+0x9a0/0x9a0 [ 2388.161338][T17900] __vfs_write+0x1a9/0xcb0 [ 2388.166229][T17900] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2388.172547][T17900] ? __sb_start_write+0x10b/0x230 [ 2388.178078][T17900] vfs_write+0x481/0x920 [ 2388.182495][T17900] ksys_write+0x265/0x430 [ 2388.187031][T17900] __se_sys_write+0x92/0xb0 [ 2388.191878][T17900] __x64_sys_write+0x4a/0x70 [ 2388.197383][T17900] do_syscall_64+0xb6/0x160 [ 2388.202215][T17900] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2388.208135][T17900] RIP: 0033:0x459a59 [ 2388.212095][T17900] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2388.232943][T17900] RSP: 002b:00007f99c08bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2388.241735][T17900] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2388.249937][T17900] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2388.258060][T17900] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2388.266245][T17900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99c08bc6d4 [ 2388.274600][T17900] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2388.283018][T17900] memory: usage 5672kB, limit 0kB, failcnt 3262 [ 2388.289583][T17900] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2388.296839][T17900] Memory cgroup stats for /syz5: [ 2388.297181][T17900] anon 106496 [ 2388.297181][T17900] file 3190784 [ 2388.297181][T17900] kernel_stack 196608 [ 2388.297181][T17900] slab 1986560 [ 2388.297181][T17900] sock 0 [ 2388.297181][T17900] shmem 3190784 [ 2388.297181][T17900] file_mapped 0 [ 2388.297181][T17900] file_dirty 0 [ 2388.297181][T17900] file_writeback 0 [ 2388.297181][T17900] anon_thp 0 [ 2388.297181][T17900] inactive_anon 3108864 [ 2388.297181][T17900] active_anon 233472 [ 2388.297181][T17900] inactive_file 0 [ 2388.297181][T17900] active_file 0 [ 2388.297181][T17900] unevictable 0 [ 2388.297181][T17900] slab_reclaimable 413696 [ 2388.297181][T17900] slab_unreclaimable 1572864 [ 2388.297181][T17900] pgfault 135036 [ 2388.297181][T17900] pgmajfault 0 [ 2388.297181][T17900] workingset_refault 0 [ 2388.297181][T17900] workingset_activate 0 [ 2388.297181][T17900] workingset_nodereclaim 0 [ 2388.297181][T17900] pgrefill 0 [ 2388.297181][T17900] pgscan 0 [ 2388.297181][T17900] pgsteal 0 [ 2388.297181][T17900] pgactivate 0 [ 2388.396271][T17900] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17898,uid=0 [ 2388.414053][T17900] Memory cgroup out of memory: Killed process 17898 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2388.439515][ T1833] oom_reaper: reaped process 17898 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2388.477105][T17573] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2388.487289][T17573] CPU: 0 PID: 17573 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2388.495288][T17573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2388.505544][T17573] Call Trace: [ 2388.508878][T17573] dump_stack+0x191/0x1f0 [ 2388.513259][T17573] dump_header+0x1e7/0xd00 [ 2388.517699][T17573] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2388.523884][T17573] ? ___ratelimit+0x542/0x720 [ 2388.528589][T17573] ? task_will_free_mem+0x2c9/0x810 [ 2388.533956][T17573] oom_kill_process+0x210/0x560 [ 2388.538846][T17573] out_of_memory+0x1796/0x1c70 [ 2388.543642][T17573] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2388.549398][T17573] try_charge+0x2889/0x3d70 [ 2388.553995][T17573] mem_cgroup_try_charge+0xa29/0xe40 [ 2388.559880][T17573] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2388.565894][T17573] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2388.572207][T17573] handle_mm_fault+0x522b/0x9f70 [ 2388.577354][T17573] do_user_addr_fault+0x905/0x1510 [ 2388.583326][T17573] __do_page_fault+0x1a2/0x410 [ 2388.588478][T17573] do_page_fault+0xbb/0x500 [ 2388.593508][T17573] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2388.599140][T17573] page_fault+0x4e/0x60 [ 2388.603307][T17573] RIP: 0033:0x403522 [ 2388.607228][T17573] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2388.628155][T17573] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2388.634674][T17573] RAX: 0000000000000000 RBX: 000000000024708c RCX: 0000000000413660 [ 2388.643186][T17573] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2388.651423][T17573] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002185940 [ 2388.659636][T17573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2388.667628][T17573] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2388.676876][T17573] memory: usage 5256kB, limit 0kB, failcnt 3271 [ 2388.683363][T17573] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2388.690361][T17573] Memory cgroup stats for /syz5: [ 2388.690537][T17573] anon 106496 [ 2388.690537][T17573] file 3190784 [ 2388.690537][T17573] kernel_stack 0 [ 2388.690537][T17573] slab 1986560 [ 2388.690537][T17573] sock 0 [ 2388.690537][T17573] shmem 3190784 [ 2388.690537][T17573] file_mapped 0 [ 2388.690537][T17573] file_dirty 0 [ 2388.690537][T17573] file_writeback 0 [ 2388.690537][T17573] anon_thp 0 [ 2388.690537][T17573] inactive_anon 3244032 [ 2388.690537][T17573] active_anon 98304 [ 2388.690537][T17573] inactive_file 0 [ 2388.690537][T17573] active_file 0 [ 2388.690537][T17573] unevictable 0 [ 2388.690537][T17573] slab_reclaimable 413696 [ 2388.690537][T17573] slab_unreclaimable 1572864 [ 2388.690537][T17573] pgfault 135036 [ 2388.690537][T17573] pgmajfault 0 [ 2388.690537][T17573] workingset_refault 0 [ 2388.690537][T17573] workingset_activate 0 [ 2388.690537][T17573] workingset_nodereclaim 0 [ 2388.690537][T17573] pgrefill 0 [ 2388.690537][T17573] pgscan 0 [ 2388.690537][T17573] pgsteal 0 [ 2388.690537][T17573] pgactivate 0 [ 2388.787341][T17573] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17573,uid=0 [ 2388.803175][T17573] Memory cgroup out of memory: Killed process 17573 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2388.823375][ T1833] oom_reaper: reaped process 17573 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2389.856073][T12780] device bridge_slave_1 left promiscuous mode [ 2389.863068][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2389.914497][T12780] device bridge_slave_0 left promiscuous mode [ 2389.921538][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2390.633416][T12780] device hsr_slave_0 left promiscuous mode [ 2390.692998][T12780] device hsr_slave_1 left promiscuous mode [ 2390.774895][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2390.788636][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2390.802126][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2390.839392][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2390.926498][T12780] bond0 (unregistering): Released all slaves 21:01:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 21:01:40 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 21:01:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) dup2(r0, r1) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) 21:01:40 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2396.067792][T17912] IPVS: ftp: loaded support on port[0] = 21 [ 2396.169817][T17912] chnl_net:caif_netlink_parms(): no params data found [ 2396.214295][T17912] bridge0: port 1(bridge_slave_0) entered blocking state [ 2396.221455][T17912] bridge0: port 1(bridge_slave_0) entered disabled state [ 2396.230821][T17912] device bridge_slave_0 entered promiscuous mode [ 2396.240295][T17912] bridge0: port 2(bridge_slave_1) entered blocking state [ 2396.247633][T17912] bridge0: port 2(bridge_slave_1) entered disabled state [ 2396.256919][T17912] device bridge_slave_1 entered promiscuous mode [ 2396.284896][T17912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2396.299551][T17912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2396.337938][T17912] team0: Port device team_slave_0 added [ 2396.348560][T17912] team0: Port device team_slave_1 added 21:01:42 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x1000000002e, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) add_key$keyring(&(0x7f00000002c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$revoke(0x3, 0x0) add_key(&(0x7f0000000240)='user\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r1 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000200)='rxrpc_s\x00', &(0x7f0000000140)={'syz', 0x1}, r1) keyctl$update(0x2, r1, 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2) keyctl$reject(0x13, r1, 0x7, 0x7fffffff, r2) keyctl$set_timeout(0xf, r2, 0x10001) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x40d040, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @dev={0xac, 0xb, 0xa}}, {0x8, 0x0, @multicast2}, {}, 0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='bridge_slave_1\x00'}) syz_emit_ethernet(0x3e, &(0x7f0000000500)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd603e000000083a00fe8000000000000000000000080000bbff0200030000000000000000000000010000000000089078"], 0x0) 21:01:42 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x28, 0x0, &(0x7f0000000280)=[@acquire, @request_death, @release, @decrefs], 0x0, 0x0, 0x0}) 21:01:42 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) getpid() pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b215756", 0xed) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 21:01:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x48, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done], 0x0, 0x0, 0x0}) [ 2396.448254][T17912] device hsr_slave_0 entered promiscuous mode [ 2396.485800][T17912] device hsr_slave_1 entered promiscuous mode 21:01:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x48, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done], 0x0, 0x0, 0x0}) [ 2396.542795][T17912] debugfs: Directory 'hsr0' with parent '/' already present! [ 2396.597667][T17912] bridge0: port 2(bridge_slave_1) entered blocking state [ 2396.604977][T17912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2396.612776][T17912] bridge0: port 1(bridge_slave_0) entered blocking state [ 2396.620005][T17912] bridge0: port 1(bridge_slave_0) entered forwarding state 21:01:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death], 0x0, 0x0, 0x0}) 21:01:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death], 0x0, 0x0, 0x0}) [ 2396.756163][T17912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2396.795663][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2396.808887][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2396.835648][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state 21:01:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @request_death, @release], 0x0, 0x0, 0x0}) [ 2396.865459][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2396.893858][T17912] 8021q: adding VLAN 0 to HW filter on device team0 21:01:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @clear_death], 0x0, 0x0, 0x0}) [ 2396.931211][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2396.940882][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 2396.948164][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2397.029370][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2397.038831][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 2397.046101][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2397.057657][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2397.068186][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2397.080685][ T5303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2397.106424][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2397.124678][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2397.154305][T17912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2397.214189][T17912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2397.347468][T18146] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2397.359034][T18146] CPU: 0 PID: 18146 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2397.367082][T18146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2397.377145][T18146] Call Trace: [ 2397.380458][T18146] dump_stack+0x191/0x1f0 [ 2397.384807][T18146] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2397.390724][T18146] dump_header+0x1e7/0xd00 [ 2397.395185][T18146] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2397.401360][T18146] ? ___ratelimit+0x542/0x720 [ 2397.406136][T18146] ? task_will_free_mem+0x14c/0x810 [ 2397.411358][T18146] oom_kill_process+0x210/0x560 [ 2397.416266][T18146] out_of_memory+0x1796/0x1c70 [ 2397.421071][T18146] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2397.426919][T18146] memory_max_write+0x90b/0xb60 [ 2397.431813][T18146] ? memory_max_show+0x1b0/0x1b0 [ 2397.436771][T18146] cgroup_file_write+0x41a/0x8e0 [ 2397.441995][T18146] ? cgroup_seqfile_stop+0x150/0x150 [ 2397.447326][T18146] kernfs_fop_write+0x55f/0x840 [ 2397.452244][T18146] ? kernfs_fop_read+0x9a0/0x9a0 [ 2397.457248][T18146] __vfs_write+0x1a9/0xcb0 [ 2397.461749][T18146] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2397.467891][T18146] ? __sb_start_write+0x10b/0x230 [ 2397.472965][T18146] vfs_write+0x481/0x920 [ 2397.477278][T18146] ksys_write+0x265/0x430 [ 2397.481644][T18146] __se_sys_write+0x92/0xb0 [ 2397.486260][T18146] __x64_sys_write+0x4a/0x70 [ 2397.490933][T18146] do_syscall_64+0xb6/0x160 [ 2397.495542][T18146] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2397.501586][T18146] RIP: 0033:0x459a59 [ 2397.505519][T18146] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2397.525244][T18146] RSP: 002b:00007f1c8a6b3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2397.533725][T18146] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2397.541997][T18146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2397.549990][T18146] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2397.557974][T18146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1c8a6b46d4 [ 2397.566218][T18146] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2397.574383][T18146] memory: usage 5508kB, limit 0kB, failcnt 3280 [ 2397.580685][T18146] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2397.587644][T18146] Memory cgroup stats for /syz5: [ 2397.587955][T18146] anon 241664 [ 2397.587955][T18146] file 3018752 [ 2397.587955][T18146] kernel_stack 196608 [ 2397.587955][T18146] slab 1986560 [ 2397.587955][T18146] sock 0 [ 2397.587955][T18146] shmem 3018752 [ 2397.587955][T18146] file_mapped 0 [ 2397.587955][T18146] file_dirty 0 [ 2397.587955][T18146] file_writeback 0 [ 2397.587955][T18146] anon_thp 0 [ 2397.587955][T18146] inactive_anon 2973696 [ 2397.587955][T18146] active_anon 98304 [ 2397.587955][T18146] inactive_file 0 [ 2397.587955][T18146] active_file 0 [ 2397.587955][T18146] unevictable 0 [ 2397.587955][T18146] slab_reclaimable 413696 [ 2397.587955][T18146] slab_unreclaimable 1572864 [ 2397.587955][T18146] pgfault 135597 [ 2397.587955][T18146] pgmajfault 0 [ 2397.587955][T18146] workingset_refault 0 [ 2397.587955][T18146] workingset_activate 0 [ 2397.587955][T18146] workingset_nodereclaim 0 [ 2397.587955][T18146] pgrefill 0 [ 2397.587955][T18146] pgscan 0 [ 2397.587955][T18146] pgsteal 0 [ 2397.587955][T18146] pgactivate 0 [ 2397.683248][T18146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18144,uid=0 [ 2397.698993][T18146] Memory cgroup out of memory: Killed process 18144 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2397.719163][ T1833] oom_reaper: reaped process 18144 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2397.751141][T17912] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2397.762018][T17912] CPU: 1 PID: 17912 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2397.769954][T17912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2397.780025][T17912] Call Trace: [ 2397.783337][T17912] dump_stack+0x191/0x1f0 [ 2397.787680][T17912] dump_header+0x1e7/0xd00 [ 2397.792112][T17912] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2397.798410][T17912] ? ___ratelimit+0x542/0x720 [ 2397.803126][T17912] ? task_will_free_mem+0x2c9/0x810 [ 2397.808335][T17912] oom_kill_process+0x210/0x560 [ 2397.813192][T17912] out_of_memory+0x1796/0x1c70 [ 2397.817960][T17912] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2397.823605][T17912] try_charge+0x2889/0x3d70 [ 2397.828119][T17912] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2397.834305][T17912] mem_cgroup_try_charge+0xa29/0xe40 [ 2397.839603][T17912] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2397.845331][T17912] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2397.851238][T17912] handle_mm_fault+0x522b/0x9f70 [ 2397.856229][T17912] do_user_addr_fault+0x905/0x1510 [ 2397.862056][T17912] __do_page_fault+0x1a2/0x410 [ 2397.866828][T17912] do_page_fault+0xbb/0x500 [ 2397.871361][T17912] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2397.876739][T17912] page_fault+0x4e/0x60 [ 2397.880891][T17912] RIP: 0033:0x403522 [ 2397.884790][T17912] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2397.904457][T17912] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2397.910639][T17912] RAX: 0000000000000000 RBX: 00000000002494e3 RCX: 0000000000413660 [ 2397.918621][T17912] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2397.926748][T17912] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001504940 [ 2397.934724][T17912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2397.942699][T17912] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2397.950833][T17912] memory: usage 5088kB, limit 0kB, failcnt 3295 [ 2397.957213][T17912] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2397.964222][T17912] Memory cgroup stats for /syz5: [ 2397.964532][T17912] anon 241664 [ 2397.964532][T17912] file 3018752 [ 2397.964532][T17912] kernel_stack 0 [ 2397.964532][T17912] slab 1986560 [ 2397.964532][T17912] sock 0 [ 2397.964532][T17912] shmem 3018752 [ 2397.964532][T17912] file_mapped 0 [ 2397.964532][T17912] file_dirty 0 [ 2397.964532][T17912] file_writeback 0 [ 2397.964532][T17912] anon_thp 0 [ 2397.964532][T17912] inactive_anon 2973696 [ 2397.964532][T17912] active_anon 98304 [ 2397.964532][T17912] inactive_file 0 [ 2397.964532][T17912] active_file 0 [ 2397.964532][T17912] unevictable 0 [ 2397.964532][T17912] slab_reclaimable 413696 [ 2397.964532][T17912] slab_unreclaimable 1572864 [ 2397.964532][T17912] pgfault 135630 [ 2397.964532][T17912] pgmajfault 0 [ 2397.964532][T17912] workingset_refault 0 [ 2397.964532][T17912] workingset_activate 0 [ 2397.964532][T17912] workingset_nodereclaim 0 [ 2397.964532][T17912] pgrefill 0 [ 2397.964532][T17912] pgscan 0 [ 2397.964532][T17912] pgsteal 0 [ 2397.964532][T17912] pgactivate 0 [ 2398.059291][T17912] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17912,uid=0 [ 2398.074903][T17912] Memory cgroup out of memory: Killed process 17912 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2398.093928][ T1833] oom_reaper: reaped process 17912 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2399.084639][ T9367] device bridge_slave_1 left promiscuous mode [ 2399.091051][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2399.135485][ T9367] device bridge_slave_0 left promiscuous mode [ 2399.142076][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2399.873168][ T9367] device hsr_slave_0 left promiscuous mode [ 2399.912606][ T9367] device hsr_slave_1 left promiscuous mode [ 2399.974280][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2399.988486][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2400.000719][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2400.038601][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2400.116590][ T9367] bond0 (unregistering): Released all slaves 21:01:47 executing program 1: 21:01:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:47 executing program 4: [ 2403.200919][T18153] IPVS: ftp: loaded support on port[0] = 21 [ 2403.305633][T18153] chnl_net:caif_netlink_parms(): no params data found [ 2403.349783][T18153] bridge0: port 1(bridge_slave_0) entered blocking state [ 2403.357413][T18153] bridge0: port 1(bridge_slave_0) entered disabled state [ 2403.366844][T18153] device bridge_slave_0 entered promiscuous mode [ 2403.376388][T18153] bridge0: port 2(bridge_slave_1) entered blocking state [ 2403.384582][T18153] bridge0: port 2(bridge_slave_1) entered disabled state [ 2403.394781][T18153] device bridge_slave_1 entered promiscuous mode [ 2403.422887][T18153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2403.437004][T18153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2403.465454][T18153] team0: Port device team_slave_0 added [ 2403.475609][T18153] team0: Port device team_slave_1 added [ 2403.537094][T18153] device hsr_slave_0 entered promiscuous mode 21:01:49 executing program 2: 21:01:49 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x38, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:01:49 executing program 1: 21:01:49 executing program 0: [ 2403.583876][T18153] device hsr_slave_1 entered promiscuous mode [ 2403.642620][T18153] debugfs: Directory 'hsr0' with parent '/' already present! 21:01:49 executing program 1: 21:01:49 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x2c, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @acquire_done], 0x0, 0x0, 0x0}) [ 2403.727368][T18153] bridge0: port 2(bridge_slave_1) entered blocking state [ 2403.734698][T18153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2403.742607][T18153] bridge0: port 1(bridge_slave_0) entered blocking state [ 2403.749826][T18153] bridge0: port 1(bridge_slave_0) entered forwarding state 21:01:49 executing program 1: 21:01:49 executing program 1: 21:01:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x2c, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @acquire_done], 0x0, 0x0, 0x0}) 21:01:50 executing program 1: [ 2403.953144][T18153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2403.978125][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2403.989870][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2404.014309][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2404.045935][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2404.094302][T18153] 8021q: adding VLAN 0 to HW filter on device team0 [ 2404.135434][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2404.144989][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2404.152459][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2404.210223][T18153] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2404.222452][T18153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2404.241160][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2404.250293][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2404.257594][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2404.268831][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2404.279027][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2404.288586][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2404.298657][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2404.318394][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2404.327742][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2404.360348][T18153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2404.512106][T18180] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2404.522700][T18180] CPU: 0 PID: 18180 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2404.530628][T18180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2404.540699][T18180] Call Trace: [ 2404.544395][T18180] dump_stack+0x191/0x1f0 [ 2404.548778][T18180] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2404.554700][T18180] dump_header+0x1e7/0xd00 [ 2404.559178][T18180] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2404.565413][T18180] ? ___ratelimit+0x542/0x720 [ 2404.570108][T18180] ? task_will_free_mem+0x14c/0x810 [ 2404.575358][T18180] oom_kill_process+0x210/0x560 [ 2404.580324][T18180] out_of_memory+0x1796/0x1c70 [ 2404.585219][T18180] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2404.590915][T18180] memory_max_write+0x90b/0xb60 [ 2404.595815][T18180] ? memory_max_show+0x1b0/0x1b0 [ 2404.600772][T18180] cgroup_file_write+0x41a/0x8e0 [ 2404.605778][T18180] ? cgroup_seqfile_stop+0x150/0x150 [ 2404.611097][T18180] kernfs_fop_write+0x55f/0x840 [ 2404.616063][T18180] ? kernfs_fop_read+0x9a0/0x9a0 [ 2404.621219][T18180] __vfs_write+0x1a9/0xcb0 [ 2404.625671][T18180] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2404.631959][T18180] ? __sb_start_write+0x10b/0x230 [ 2404.637001][T18180] vfs_write+0x481/0x920 [ 2404.641290][T18180] ksys_write+0x265/0x430 [ 2404.645652][T18180] __se_sys_write+0x92/0xb0 [ 2404.650174][T18180] __x64_sys_write+0x4a/0x70 [ 2404.654785][T18180] do_syscall_64+0xb6/0x160 [ 2404.659306][T18180] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2404.665220][T18180] RIP: 0033:0x459a59 [ 2404.669137][T18180] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2404.688783][T18180] RSP: 002b:00007f8f98fd2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2404.697251][T18180] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2404.705237][T18180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2404.713311][T18180] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2404.721401][T18180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f98fd36d4 [ 2404.729384][T18180] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2404.737746][T18180] memory: usage 5920kB, limit 0kB, failcnt 3304 [ 2404.744291][T18180] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2404.751501][T18180] Memory cgroup stats for /syz5: [ 2404.751845][T18180] anon 98304 [ 2404.751845][T18180] file 3452928 [ 2404.751845][T18180] kernel_stack 196608 [ 2404.751845][T18180] slab 1986560 [ 2404.751845][T18180] sock 0 [ 2404.751845][T18180] shmem 3452928 [ 2404.751845][T18180] file_mapped 0 [ 2404.751845][T18180] file_dirty 0 [ 2404.751845][T18180] file_writeback 0 [ 2404.751845][T18180] anon_thp 0 [ 2404.751845][T18180] inactive_anon 3514368 [ 2404.751845][T18180] active_anon 98304 [ 2404.751845][T18180] inactive_file 0 [ 2404.751845][T18180] active_file 0 [ 2404.751845][T18180] unevictable 0 [ 2404.751845][T18180] slab_reclaimable 413696 [ 2404.751845][T18180] slab_unreclaimable 1572864 [ 2404.751845][T18180] pgfault 136191 [ 2404.751845][T18180] pgmajfault 0 [ 2404.751845][T18180] workingset_refault 0 [ 2404.751845][T18180] workingset_activate 0 [ 2404.751845][T18180] workingset_nodereclaim 0 [ 2404.751845][T18180] pgrefill 0 [ 2404.751845][T18180] pgscan 0 [ 2404.751845][T18180] pgsteal 0 [ 2404.751845][T18180] pgactivate 0 [ 2404.850469][T18180] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18178,uid=0 [ 2404.866386][T18180] Memory cgroup out of memory: Killed process 18178 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2404.890342][ T1833] oom_reaper: reaped process 18178 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2404.929557][T18153] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2404.940304][T18153] CPU: 0 PID: 18153 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2404.948201][T18153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2404.958285][T18153] Call Trace: [ 2404.961612][T18153] dump_stack+0x191/0x1f0 [ 2404.965957][T18153] dump_header+0x1e7/0xd00 [ 2404.970413][T18153] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2404.976583][T18153] ? ___ratelimit+0x542/0x720 [ 2404.981263][T18153] ? task_will_free_mem+0x2c9/0x810 [ 2404.986471][T18153] oom_kill_process+0x210/0x560 [ 2404.991447][T18153] out_of_memory+0x1796/0x1c70 [ 2404.996338][T18153] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2405.002212][T18153] try_charge+0x2889/0x3d70 [ 2405.006743][T18153] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2405.012940][T18153] mem_cgroup_try_charge+0xa29/0xe40 [ 2405.018429][T18153] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2405.024163][T18153] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2405.030273][T18153] handle_mm_fault+0x522b/0x9f70 [ 2405.035275][T18153] do_user_addr_fault+0x905/0x1510 [ 2405.040793][T18153] __do_page_fault+0x1a2/0x410 [ 2405.045644][T18153] do_page_fault+0xbb/0x500 [ 2405.050197][T18153] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2405.055618][T18153] page_fault+0x4e/0x60 [ 2405.059808][T18153] RIP: 0033:0x403522 [ 2405.063717][T18153] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2405.083592][T18153] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2405.089681][T18153] RAX: 0000000000000000 RBX: 000000000024b0dd RCX: 0000000000413660 [ 2405.097681][T18153] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2405.105848][T18153] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001522940 [ 2405.113850][T18153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2405.121847][T18153] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2405.130784][T18153] memory: usage 5504kB, limit 0kB, failcnt 3313 [ 2405.137183][T18153] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2405.144184][T18153] Memory cgroup stats for /syz5: [ 2405.144475][T18153] anon 98304 [ 2405.144475][T18153] file 3452928 [ 2405.144475][T18153] kernel_stack 0 [ 2405.144475][T18153] slab 1986560 [ 2405.144475][T18153] sock 0 [ 2405.144475][T18153] shmem 3452928 [ 2405.144475][T18153] file_mapped 0 [ 2405.144475][T18153] file_dirty 0 [ 2405.144475][T18153] file_writeback 0 [ 2405.144475][T18153] anon_thp 0 [ 2405.144475][T18153] inactive_anon 3514368 [ 2405.144475][T18153] active_anon 98304 [ 2405.144475][T18153] inactive_file 0 [ 2405.144475][T18153] active_file 0 [ 2405.144475][T18153] unevictable 0 [ 2405.144475][T18153] slab_reclaimable 413696 [ 2405.144475][T18153] slab_unreclaimable 1572864 [ 2405.144475][T18153] pgfault 136191 [ 2405.144475][T18153] pgmajfault 0 [ 2405.144475][T18153] workingset_refault 0 [ 2405.144475][T18153] workingset_activate 0 [ 2405.144475][T18153] workingset_nodereclaim 0 [ 2405.144475][T18153] pgrefill 0 [ 2405.144475][T18153] pgscan 0 [ 2405.144475][T18153] pgsteal 0 [ 2405.144475][T18153] pgactivate 0 [ 2405.239080][T18153] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18153,uid=0 [ 2405.254716][T18153] Memory cgroup out of memory: Killed process 18153 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2405.275285][ T1833] oom_reaper: reaped process 18153 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2406.314582][T12780] device bridge_slave_1 left promiscuous mode [ 2406.321278][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2406.363986][T12780] device bridge_slave_0 left promiscuous mode [ 2406.370521][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2407.073683][T12780] device hsr_slave_0 left promiscuous mode [ 2407.122839][T12780] device hsr_slave_1 left promiscuous mode [ 2407.202043][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2407.215508][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2407.228554][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2407.280422][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2407.343314][T12780] bond0 (unregistering): Released all slaves 21:01:53 executing program 4: 21:01:53 executing program 1: 21:01:58 executing program 2: 21:01:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x2c, 0x0, &(0x7f0000000280)=[@acquire, @release, @decrefs, @acquire_done], 0x0, 0x0, 0x0}) 21:01:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:01:58 executing program 1: 21:01:58 executing program 4: 21:01:58 executing program 0: 21:01:58 executing program 1: 21:01:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@acquire, @release, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:01:58 executing program 1: 21:01:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@acquire, @release, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:01:58 executing program 1: 21:01:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@acquire, @release, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) [ 2413.928084][T18213] IPVS: ftp: loaded support on port[0] = 21 [ 2414.019666][T18213] chnl_net:caif_netlink_parms(): no params data found [ 2414.060918][T18213] bridge0: port 1(bridge_slave_0) entered blocking state [ 2414.070274][T18213] bridge0: port 1(bridge_slave_0) entered disabled state [ 2414.079598][T18213] device bridge_slave_0 entered promiscuous mode [ 2414.088792][T18213] bridge0: port 2(bridge_slave_1) entered blocking state [ 2414.096213][T18213] bridge0: port 2(bridge_slave_1) entered disabled state [ 2414.106240][T18213] device bridge_slave_1 entered promiscuous mode [ 2414.134600][T18213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2414.147958][T18213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2414.175817][T18213] team0: Port device team_slave_0 added [ 2414.185733][T18213] team0: Port device team_slave_1 added [ 2414.247195][T18213] device hsr_slave_0 entered promiscuous mode [ 2414.293600][T18213] device hsr_slave_1 entered promiscuous mode [ 2414.332493][T18213] debugfs: Directory 'hsr0' with parent '/' already present! [ 2414.357728][T18213] bridge0: port 2(bridge_slave_1) entered blocking state [ 2414.365168][T18213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2414.373008][T18213] bridge0: port 1(bridge_slave_0) entered blocking state [ 2414.380160][T18213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2414.445106][T18213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2414.464431][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2414.474716][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2414.484536][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2414.496168][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2414.514176][T18213] 8021q: adding VLAN 0 to HW filter on device team0 [ 2414.528608][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2414.537964][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2414.545291][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2414.566077][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2414.575336][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2414.582600][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2414.605714][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2414.616594][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2414.632072][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2414.654403][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2414.666698][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2414.680931][T18213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2414.712852][T18213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2414.872627][T18218] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2414.883508][T18218] CPU: 0 PID: 18218 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2414.891553][T18218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2414.901737][T18218] Call Trace: [ 2414.905169][T18218] dump_stack+0x191/0x1f0 [ 2414.909639][T18218] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2414.915707][T18218] dump_header+0x1e7/0xd00 [ 2414.922515][T18218] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2414.928695][T18218] ? ___ratelimit+0x542/0x720 [ 2414.933413][T18218] ? task_will_free_mem+0x14c/0x810 [ 2414.938704][T18218] oom_kill_process+0x210/0x560 [ 2414.943613][T18218] out_of_memory+0x1796/0x1c70 [ 2414.948431][T18218] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2414.954147][T18218] memory_max_write+0x90b/0xb60 [ 2414.959052][T18218] ? memory_max_show+0x1b0/0x1b0 [ 2414.964022][T18218] cgroup_file_write+0x41a/0x8e0 [ 2414.969014][T18218] ? cgroup_seqfile_stop+0x150/0x150 [ 2414.974373][T18218] kernfs_fop_write+0x55f/0x840 [ 2414.979275][T18218] ? kernfs_fop_read+0x9a0/0x9a0 [ 2414.984443][T18218] __vfs_write+0x1a9/0xcb0 [ 2414.988912][T18218] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2414.995019][T18218] ? __sb_start_write+0x10b/0x230 [ 2415.000054][T18218] vfs_write+0x481/0x920 [ 2415.004532][T18218] ksys_write+0x265/0x430 [ 2415.008905][T18218] __se_sys_write+0x92/0xb0 [ 2415.013459][T18218] __x64_sys_write+0x4a/0x70 [ 2415.018306][T18218] do_syscall_64+0xb6/0x160 [ 2415.022871][T18218] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2415.028789][T18218] RIP: 0033:0x459a59 [ 2415.032755][T18218] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2415.052825][T18218] RSP: 002b:00007f8a85fb0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2415.061503][T18218] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2415.069708][T18218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2415.077722][T18218] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2415.085905][T18218] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a85fb16d4 [ 2415.093991][T18218] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2415.102191][T18218] memory: usage 5140kB, limit 0kB, failcnt 3322 [ 2415.108564][T18218] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2415.115612][T18218] Memory cgroup stats for /syz5: [ 2415.115931][T18218] anon 98304 [ 2415.115931][T18218] file 2682880 [ 2415.115931][T18218] kernel_stack 196608 [ 2415.115931][T18218] slab 1986560 [ 2415.115931][T18218] sock 0 [ 2415.115931][T18218] shmem 2682880 [ 2415.115931][T18218] file_mapped 0 [ 2415.115931][T18218] file_dirty 0 [ 2415.115931][T18218] file_writeback 0 [ 2415.115931][T18218] anon_thp 0 [ 2415.115931][T18218] inactive_anon 2703360 [ 2415.115931][T18218] active_anon 98304 [ 2415.115931][T18218] inactive_file 0 [ 2415.115931][T18218] active_file 0 [ 2415.115931][T18218] unevictable 0 [ 2415.115931][T18218] slab_reclaimable 413696 [ 2415.115931][T18218] slab_unreclaimable 1572864 [ 2415.115931][T18218] pgfault 136752 [ 2415.115931][T18218] pgmajfault 0 [ 2415.115931][T18218] workingset_refault 0 [ 2415.115931][T18218] workingset_activate 0 [ 2415.115931][T18218] workingset_nodereclaim 0 [ 2415.115931][T18218] pgrefill 0 [ 2415.115931][T18218] pgscan 0 [ 2415.115931][T18218] pgsteal 0 [ 2415.115931][T18218] pgactivate 0 [ 2415.211033][T18218] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18216,uid=0 [ 2415.227053][T18218] Memory cgroup out of memory: Killed process 18216 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2415.250251][ T1833] oom_reaper: reaped process 18216 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2415.288538][T18213] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2415.299318][T18213] CPU: 0 PID: 18213 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2415.307231][T18213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2415.317450][T18213] Call Trace: [ 2415.320778][T18213] dump_stack+0x191/0x1f0 [ 2415.325167][T18213] dump_header+0x1e7/0xd00 [ 2415.329711][T18213] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2415.335910][T18213] ? ___ratelimit+0x542/0x720 [ 2415.340649][T18213] ? task_will_free_mem+0x2c9/0x810 [ 2415.345916][T18213] oom_kill_process+0x210/0x560 [ 2415.350843][T18213] out_of_memory+0x1796/0x1c70 [ 2415.355684][T18213] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2415.361396][T18213] try_charge+0x2889/0x3d70 [ 2415.366041][T18213] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2415.372434][T18213] mem_cgroup_try_charge+0xa29/0xe40 [ 2415.377875][T18213] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2415.383793][T18213] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2415.389972][T18213] handle_mm_fault+0x522b/0x9f70 [ 2415.395046][T18213] do_user_addr_fault+0x905/0x1510 [ 2415.400196][T18213] __do_page_fault+0x1a2/0x410 [ 2415.405026][T18213] do_page_fault+0xbb/0x500 [ 2415.409574][T18213] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2415.414966][T18213] page_fault+0x4e/0x60 [ 2415.419143][T18213] RIP: 0033:0x403522 [ 2415.423094][T18213] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2415.442763][T18213] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2415.448876][T18213] RAX: 0000000000000000 RBX: 000000000024d958 RCX: 0000000000413660 [ 2415.456862][T18213] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2415.464856][T18213] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000010a0940 [ 2415.472943][T18213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2415.480933][T18213] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2415.489645][T18213] memory: usage 4724kB, limit 0kB, failcnt 3337 [ 2415.495982][T18213] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2415.502937][T18213] Memory cgroup stats for /syz5: [ 2415.503237][T18213] anon 0 [ 2415.503237][T18213] file 2682880 [ 2415.503237][T18213] kernel_stack 0 [ 2415.503237][T18213] slab 1986560 [ 2415.503237][T18213] sock 0 [ 2415.503237][T18213] shmem 2682880 [ 2415.503237][T18213] file_mapped 0 [ 2415.503237][T18213] file_dirty 0 [ 2415.503237][T18213] file_writeback 0 [ 2415.503237][T18213] anon_thp 0 [ 2415.503237][T18213] inactive_anon 2703360 [ 2415.503237][T18213] active_anon 98304 [ 2415.503237][T18213] inactive_file 0 [ 2415.503237][T18213] active_file 0 [ 2415.503237][T18213] unevictable 0 [ 2415.503237][T18213] slab_reclaimable 413696 [ 2415.503237][T18213] slab_unreclaimable 1572864 [ 2415.503237][T18213] pgfault 136785 [ 2415.503237][T18213] pgmajfault 0 [ 2415.503237][T18213] workingset_refault 0 [ 2415.503237][T18213] workingset_activate 0 [ 2415.503237][T18213] workingset_nodereclaim 0 [ 2415.503237][T18213] pgrefill 0 [ 2415.503237][T18213] pgscan 0 [ 2415.503237][T18213] pgsteal 0 [ 2415.503237][T18213] pgactivate 0 [ 2415.598706][T18213] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18213,uid=0 [ 2415.614463][T18213] Memory cgroup out of memory: Killed process 18213 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2415.633861][ T1833] oom_reaper: reaped process 18213 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2416.754314][T12780] device bridge_slave_1 left promiscuous mode [ 2416.760953][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2416.805303][T12780] device bridge_slave_0 left promiscuous mode [ 2416.811965][T12780] bridge0: port 1(bridge_slave_0) entered disabled state 21:02:03 executing program 2: 21:02:03 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@acquire, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:02:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:02:03 executing program 1: [ 2418.113177][T12780] device hsr_slave_0 left promiscuous mode [ 2418.162927][T12780] device hsr_slave_1 left promiscuous mode [ 2418.223173][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2418.236274][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2418.252088][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2418.309040][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2418.388837][T12780] bond0 (unregistering): Released all slaves [ 2419.118528][T18229] IPVS: ftp: loaded support on port[0] = 21 [ 2419.212785][T18229] chnl_net:caif_netlink_parms(): no params data found [ 2419.266167][T18229] bridge0: port 1(bridge_slave_0) entered blocking state [ 2419.273684][T18229] bridge0: port 1(bridge_slave_0) entered disabled state [ 2419.282918][T18229] device bridge_slave_0 entered promiscuous mode [ 2419.292463][T18229] bridge0: port 2(bridge_slave_1) entered blocking state [ 2419.299664][T18229] bridge0: port 2(bridge_slave_1) entered disabled state [ 2419.309798][T18229] device bridge_slave_1 entered promiscuous mode [ 2419.339596][T18229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2419.354865][T18229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2419.382365][T18229] team0: Port device team_slave_0 added [ 2419.391642][T18229] team0: Port device team_slave_1 added [ 2419.457965][T18229] device hsr_slave_0 entered promiscuous mode [ 2419.523563][T18229] device hsr_slave_1 entered promiscuous mode [ 2419.602504][T18229] debugfs: Directory 'hsr0' with parent '/' already present! [ 2419.690458][T18229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2419.708245][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2419.717219][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2419.731364][T18229] 8021q: adding VLAN 0 to HW filter on device team0 [ 2419.744725][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2419.754775][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2419.763882][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2419.770988][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2419.780898][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2419.795364][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2419.805329][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2419.814516][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2419.821814][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2419.837029][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2419.859774][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2419.876715][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2419.887224][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2419.897426][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2419.922998][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2419.933020][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2419.944648][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2419.955030][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2419.964372][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2419.974098][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2419.986510][T18229] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2420.019578][T18229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2420.147359][T18234] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2420.158814][T18234] CPU: 1 PID: 18234 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2420.166721][T18234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2420.176910][T18234] Call Trace: [ 2420.180352][T18234] dump_stack+0x191/0x1f0 [ 2420.184731][T18234] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2420.190779][T18234] dump_header+0x1e7/0xd00 [ 2420.195280][T18234] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2420.201646][T18234] ? ___ratelimit+0x542/0x720 [ 2420.208110][T18234] ? task_will_free_mem+0x14c/0x810 [ 2420.213395][T18234] oom_kill_process+0x210/0x560 [ 2420.218448][T18234] out_of_memory+0x1796/0x1c70 [ 2420.223260][T18234] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2420.228969][T18234] memory_max_write+0x90b/0xb60 [ 2420.233916][T18234] ? memory_max_show+0x1b0/0x1b0 [ 2420.238934][T18234] cgroup_file_write+0x41a/0x8e0 [ 2420.243919][T18234] ? cgroup_seqfile_stop+0x150/0x150 [ 2420.249230][T18234] kernfs_fop_write+0x55f/0x840 [ 2420.254515][T18234] ? kernfs_fop_read+0x9a0/0x9a0 [ 2420.259507][T18234] __vfs_write+0x1a9/0xcb0 [ 2420.263991][T18234] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2420.270197][T18234] ? __sb_start_write+0x10b/0x230 [ 2420.275410][T18234] vfs_write+0x481/0x920 [ 2420.279686][T18234] ksys_write+0x265/0x430 [ 2420.284079][T18234] __se_sys_write+0x92/0xb0 [ 2420.288656][T18234] __x64_sys_write+0x4a/0x70 [ 2420.293301][T18234] do_syscall_64+0xb6/0x160 [ 2420.297849][T18234] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2420.303779][T18234] RIP: 0033:0x459a59 [ 2420.307853][T18234] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2420.327698][T18234] RSP: 002b:00007fa70d0b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2420.336277][T18234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2420.344271][T18234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2420.352290][T18234] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2420.360304][T18234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa70d0b86d4 [ 2420.368298][T18234] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2420.376512][T18234] memory: usage 5464kB, limit 0kB, failcnt 3346 [ 2420.382877][T18234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.390781][T18234] Memory cgroup stats for /syz5: [ 2420.390987][T18234] anon 0 [ 2420.390987][T18234] file 2789376 [ 2420.390987][T18234] kernel_stack 196608 [ 2420.390987][T18234] slab 1986560 [ 2420.390987][T18234] sock 0 [ 2420.390987][T18234] shmem 2789376 [ 2420.390987][T18234] file_mapped 0 [ 2420.390987][T18234] file_dirty 0 [ 2420.390987][T18234] file_writeback 0 [ 2420.390987][T18234] anon_thp 0 [ 2420.390987][T18234] inactive_anon 2838528 [ 2420.390987][T18234] active_anon 98304 [ 2420.390987][T18234] inactive_file 0 [ 2420.390987][T18234] active_file 0 [ 2420.390987][T18234] unevictable 0 [ 2420.390987][T18234] slab_reclaimable 413696 [ 2420.390987][T18234] slab_unreclaimable 1572864 [ 2420.390987][T18234] pgfault 137346 [ 2420.390987][T18234] pgmajfault 0 [ 2420.390987][T18234] workingset_refault 0 [ 2420.390987][T18234] workingset_activate 0 [ 2420.390987][T18234] workingset_nodereclaim 0 [ 2420.390987][T18234] pgrefill 0 [ 2420.390987][T18234] pgscan 0 [ 2420.390987][T18234] pgsteal 0 [ 2420.390987][T18234] pgactivate 0 [ 2420.486001][T18234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18232,uid=0 [ 2420.501726][T18234] Memory cgroup out of memory: Killed process 18232 (syz-executor.5) total-vm:72708kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2420.524931][ T1833] oom_reaper: reaped process 18232 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2420.562738][T18229] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2420.573543][T18229] CPU: 1 PID: 18229 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2420.581654][T18229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2420.591884][T18229] Call Trace: [ 2420.595256][T18229] dump_stack+0x191/0x1f0 [ 2420.599608][T18229] dump_header+0x1e7/0xd00 [ 2420.604144][T18229] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2420.610341][T18229] ? ___ratelimit+0x542/0x720 [ 2420.615050][T18229] ? task_will_free_mem+0x2c9/0x810 [ 2420.620277][T18229] oom_kill_process+0x210/0x560 [ 2420.625187][T18229] out_of_memory+0x1796/0x1c70 [ 2420.630025][T18229] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2420.635735][T18229] try_charge+0x2889/0x3d70 [ 2420.640350][T18229] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2420.646649][T18229] mem_cgroup_try_charge+0xa29/0xe40 [ 2420.651975][T18229] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2420.657820][T18229] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2420.663742][T18229] handle_mm_fault+0x522b/0x9f70 [ 2420.668729][T18229] do_user_addr_fault+0x905/0x1510 [ 2420.673921][T18229] __do_page_fault+0x1a2/0x410 [ 2420.678729][T18229] do_page_fault+0xbb/0x500 [ 2420.683291][T18229] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2420.688697][T18229] page_fault+0x4e/0x60 [ 2420.692882][T18229] RIP: 0033:0x403522 [ 2420.696835][T18229] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2420.716461][T18229] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2420.723145][T18229] RAX: 0000000000000000 RBX: 000000000024edf3 RCX: 0000000000413660 [ 2420.731314][T18229] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2420.739308][T18229] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000cce940 [ 2420.747300][T18229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2420.755291][T18229] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2420.764191][T18229] memory: usage 5048kB, limit 0kB, failcnt 3357 [ 2420.770526][T18229] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.777477][T18229] Memory cgroup stats for /syz5: [ 2420.777762][T18229] anon 0 [ 2420.777762][T18229] file 2924544 [ 2420.777762][T18229] kernel_stack 0 [ 2420.777762][T18229] slab 1986560 [ 2420.777762][T18229] sock 0 [ 2420.777762][T18229] shmem 2924544 [ 2420.777762][T18229] file_mapped 0 [ 2420.777762][T18229] file_dirty 0 [ 2420.777762][T18229] file_writeback 0 [ 2420.777762][T18229] anon_thp 0 [ 2420.777762][T18229] inactive_anon 2973696 [ 2420.777762][T18229] active_anon 98304 [ 2420.777762][T18229] inactive_file 0 [ 2420.777762][T18229] active_file 0 [ 2420.777762][T18229] unevictable 0 [ 2420.777762][T18229] slab_reclaimable 413696 [ 2420.777762][T18229] slab_unreclaimable 1572864 [ 2420.777762][T18229] pgfault 137346 [ 2420.777762][T18229] pgmajfault 0 [ 2420.777762][T18229] workingset_refault 0 [ 2420.777762][T18229] workingset_activate 0 [ 2420.777762][T18229] workingset_nodereclaim 0 [ 2420.777762][T18229] pgrefill 0 [ 2420.777762][T18229] pgscan 0 [ 2420.777762][T18229] pgsteal 0 [ 2420.777762][T18229] pgactivate 0 [ 2420.872390][T18229] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18229,uid=0 [ 2420.888235][T18229] Memory cgroup out of memory: Killed process 18229 (syz-executor.5) total-vm:72444kB, anon-rss:80kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2420.907125][ T1833] oom_reaper: reaped process 18229 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:02:07 executing program 4: 21:02:07 executing program 1: 21:02:07 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@acquire, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:02:07 executing program 0: 21:02:07 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:02:07 executing program 2: 21:02:07 executing program 1: 21:02:07 executing program 1: 21:02:07 executing program 1: 21:02:07 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@acquire, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:02:07 executing program 1: 21:02:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@release, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) [ 2422.564685][ T9367] device bridge_slave_1 left promiscuous mode [ 2422.571312][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2422.625047][ T9367] device bridge_slave_0 left promiscuous mode [ 2422.631757][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2423.539305][T18261] IPVS: ftp: loaded support on port[0] = 21 [ 2423.550318][ T9367] device hsr_slave_0 left promiscuous mode [ 2423.583338][ T9367] device hsr_slave_1 left promiscuous mode [ 2423.633014][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2423.646801][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2423.660371][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2423.698418][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2423.786846][ T9367] bond0 (unregistering): Released all slaves [ 2423.963524][T18261] chnl_net:caif_netlink_parms(): no params data found [ 2424.009156][T18261] bridge0: port 1(bridge_slave_0) entered blocking state [ 2424.016444][T18261] bridge0: port 1(bridge_slave_0) entered disabled state [ 2424.025306][T18261] device bridge_slave_0 entered promiscuous mode [ 2424.035090][T18261] bridge0: port 2(bridge_slave_1) entered blocking state [ 2424.042474][T18261] bridge0: port 2(bridge_slave_1) entered disabled state [ 2424.051331][T18261] device bridge_slave_1 entered promiscuous mode [ 2424.128600][T18261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2424.145153][T18261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2424.181355][T18261] team0: Port device team_slave_0 added [ 2424.192566][T18261] team0: Port device team_slave_1 added [ 2424.285733][T18261] device hsr_slave_0 entered promiscuous mode [ 2424.323715][T18261] device hsr_slave_1 entered promiscuous mode [ 2424.392432][T18261] debugfs: Directory 'hsr0' with parent '/' already present! [ 2424.422209][T18261] bridge0: port 2(bridge_slave_1) entered blocking state [ 2424.429414][T18261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2424.437303][T18261] bridge0: port 1(bridge_slave_0) entered blocking state [ 2424.444488][T18261] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2424.522020][T18261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2424.546088][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2424.557773][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2424.566821][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 2424.583456][T18261] 8021q: adding VLAN 0 to HW filter on device team0 [ 2424.596698][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2424.605998][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2424.613294][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2424.628280][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2424.637372][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2424.644765][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2424.674036][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2424.684992][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2424.705621][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2424.728223][T18261] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2424.740229][T18261] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2424.755385][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2424.765423][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2424.775465][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2424.803180][T18261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2424.937895][T18266] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2424.948421][T18266] CPU: 1 PID: 18266 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2424.956509][T18266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2424.966806][T18266] Call Trace: [ 2424.970129][T18266] dump_stack+0x191/0x1f0 [ 2424.974485][T18266] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2424.980403][T18266] dump_header+0x1e7/0xd00 [ 2424.984842][T18266] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2424.991012][T18266] ? ___ratelimit+0x542/0x720 [ 2424.995713][T18266] ? task_will_free_mem+0x14c/0x810 [ 2425.000967][T18266] oom_kill_process+0x210/0x560 [ 2425.005846][T18266] out_of_memory+0x1796/0x1c70 [ 2425.010661][T18266] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2425.016384][T18266] memory_max_write+0x90b/0xb60 [ 2425.021376][T18266] ? memory_max_show+0x1b0/0x1b0 [ 2425.026340][T18266] cgroup_file_write+0x41a/0x8e0 [ 2425.031355][T18266] ? cgroup_seqfile_stop+0x150/0x150 [ 2425.036657][T18266] kernfs_fop_write+0x55f/0x840 [ 2425.041541][T18266] ? kernfs_fop_read+0x9a0/0x9a0 [ 2425.046603][T18266] __vfs_write+0x1a9/0xcb0 [ 2425.051077][T18266] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2425.057161][T18266] ? __sb_start_write+0x10b/0x230 [ 2425.062222][T18266] vfs_write+0x481/0x920 [ 2425.066529][T18266] ksys_write+0x265/0x430 [ 2425.071009][T18266] __se_sys_write+0x92/0xb0 [ 2425.075538][T18266] __x64_sys_write+0x4a/0x70 [ 2425.080317][T18266] do_syscall_64+0xb6/0x160 [ 2425.084889][T18266] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2425.090793][T18266] RIP: 0033:0x459a59 [ 2425.094786][T18266] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2425.114457][T18266] RSP: 002b:00007f77cc691c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2425.122906][T18266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2425.131007][T18266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2425.139026][T18266] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2425.147029][T18266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77cc6926d4 [ 2425.155890][T18266] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2425.164203][T18266] memory: usage 5324kB, limit 0kB, failcnt 3366 [ 2425.170499][T18266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2425.177447][T18266] Memory cgroup stats for /syz5: [ 2425.177795][T18266] anon 98304 [ 2425.177795][T18266] file 2678784 [ 2425.177795][T18266] kernel_stack 196608 [ 2425.177795][T18266] slab 1986560 [ 2425.177795][T18266] sock 0 [ 2425.177795][T18266] shmem 2678784 [ 2425.177795][T18266] file_mapped 0 [ 2425.177795][T18266] file_dirty 0 [ 2425.177795][T18266] file_writeback 0 [ 2425.177795][T18266] anon_thp 0 [ 2425.177795][T18266] inactive_anon 2703360 [ 2425.177795][T18266] active_anon 98304 [ 2425.177795][T18266] inactive_file 0 [ 2425.177795][T18266] active_file 0 [ 2425.177795][T18266] unevictable 0 [ 2425.177795][T18266] slab_reclaimable 413696 [ 2425.177795][T18266] slab_unreclaimable 1572864 [ 2425.177795][T18266] pgfault 137940 [ 2425.177795][T18266] pgmajfault 0 [ 2425.177795][T18266] workingset_refault 0 [ 2425.177795][T18266] workingset_activate 0 [ 2425.177795][T18266] workingset_nodereclaim 0 [ 2425.177795][T18266] pgrefill 0 [ 2425.177795][T18266] pgscan 0 [ 2425.177795][T18266] pgsteal 0 [ 2425.177795][T18266] pgactivate 0 [ 2425.272832][T18266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18264,uid=0 [ 2425.288484][T18266] Memory cgroup out of memory: Killed process 18264 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2425.309244][ T1833] oom_reaper: reaped process 18264 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2425.342044][T18261] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2425.352820][T18261] CPU: 0 PID: 18261 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2425.360872][T18261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2425.370994][T18261] Call Trace: [ 2425.374349][T18261] dump_stack+0x191/0x1f0 [ 2425.378693][T18261] dump_header+0x1e7/0xd00 [ 2425.383124][T18261] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2425.389316][T18261] ? ___ratelimit+0x542/0x720 [ 2425.393998][T18261] ? task_will_free_mem+0x2c9/0x810 [ 2425.399205][T18261] oom_kill_process+0x210/0x560 [ 2425.404064][T18261] out_of_memory+0x1796/0x1c70 [ 2425.408838][T18261] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2425.414506][T18261] try_charge+0x2889/0x3d70 [ 2425.419045][T18261] mem_cgroup_try_charge+0xa29/0xe40 [ 2425.424519][T18261] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2425.430242][T18261] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2425.436141][T18261] handle_mm_fault+0x522b/0x9f70 [ 2425.441171][T18261] do_user_addr_fault+0x905/0x1510 [ 2425.446445][T18261] __do_page_fault+0x1a2/0x410 [ 2425.451462][T18261] do_page_fault+0xbb/0x500 [ 2425.456005][T18261] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2425.461407][T18261] page_fault+0x4e/0x60 [ 2425.465573][T18261] RIP: 0033:0x403522 [ 2425.469504][T18261] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2425.489119][T18261] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2425.495192][T18261] RAX: 0000000000000000 RBX: 00000000002500a7 RCX: 0000000000413660 [ 2425.503179][T18261] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2425.511151][T18261] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000c15940 [ 2425.519128][T18261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2425.527103][T18261] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2425.537537][T18261] memory: usage 4904kB, limit 0kB, failcnt 3381 [ 2425.543935][T18261] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2425.550871][T18261] Memory cgroup stats for /syz5: [ 2425.551143][T18261] anon 98304 [ 2425.551143][T18261] file 2678784 [ 2425.551143][T18261] kernel_stack 0 [ 2425.551143][T18261] slab 1986560 [ 2425.551143][T18261] sock 0 [ 2425.551143][T18261] shmem 2678784 [ 2425.551143][T18261] file_mapped 0 [ 2425.551143][T18261] file_dirty 0 [ 2425.551143][T18261] file_writeback 0 [ 2425.551143][T18261] anon_thp 0 [ 2425.551143][T18261] inactive_anon 2703360 [ 2425.551143][T18261] active_anon 98304 [ 2425.551143][T18261] inactive_file 0 [ 2425.551143][T18261] active_file 0 [ 2425.551143][T18261] unevictable 0 [ 2425.551143][T18261] slab_reclaimable 413696 [ 2425.551143][T18261] slab_unreclaimable 1572864 [ 2425.551143][T18261] pgfault 137940 [ 2425.551143][T18261] pgmajfault 0 [ 2425.551143][T18261] workingset_refault 0 [ 2425.551143][T18261] workingset_activate 0 [ 2425.551143][T18261] workingset_nodereclaim 0 [ 2425.551143][T18261] pgrefill 0 [ 2425.551143][T18261] pgscan 0 [ 2425.551143][T18261] pgsteal 0 21:02:11 executing program 4: 21:02:11 executing program 1: 21:02:11 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@release, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) [ 2425.551143][T18261] pgactivate 0 [ 2425.646395][T18261] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18261,uid=0 [ 2425.662179][T18261] Memory cgroup out of memory: Killed process 18261 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2425.698248][ T1833] oom_reaper: reaped process 18261 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2426.794340][ T9353] device bridge_slave_1 left promiscuous mode [ 2426.800891][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2426.845380][ T9353] device bridge_slave_0 left promiscuous mode [ 2426.852072][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2427.653542][ T9353] device hsr_slave_0 left promiscuous mode [ 2427.703003][ T9353] device hsr_slave_1 left promiscuous mode [ 2427.755502][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2427.769191][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2427.785984][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2427.839141][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2427.908442][ T9353] bond0 (unregistering): Released all slaves 21:02:14 executing program 0: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x0) r4 = getpgrp(0x0) r5 = getpgrp(0xffffffffffffffff) kcmp(r4, r5, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r3, 0x0, 0x0) 21:02:14 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2430.245699][T18277] IPVS: ftp: loaded support on port[0] = 21 [ 2430.360160][T18277] chnl_net:caif_netlink_parms(): no params data found [ 2430.406849][T18277] bridge0: port 1(bridge_slave_0) entered blocking state [ 2430.414119][T18277] bridge0: port 1(bridge_slave_0) entered disabled state [ 2430.423874][T18277] device bridge_slave_0 entered promiscuous mode [ 2430.433793][T18277] bridge0: port 2(bridge_slave_1) entered blocking state [ 2430.441178][T18277] bridge0: port 2(bridge_slave_1) entered disabled state [ 2430.451429][T18277] device bridge_slave_1 entered promiscuous mode [ 2430.480555][T18277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2430.494476][T18277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2430.524017][T18277] team0: Port device team_slave_0 added [ 2430.533901][T18277] team0: Port device team_slave_1 added 21:02:16 executing program 2: socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x2000107c) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="1c0000001e005f0214fffffffffffff8070000030000000000000000", 0x1c) 21:02:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000280)=[@release, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:02:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000000c0), &(0x7f0000000140)=0x8) [ 2430.596423][T18277] device hsr_slave_0 entered promiscuous mode [ 2430.645800][T18277] device hsr_slave_1 entered promiscuous mode 21:02:16 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000080)=0x800, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) [ 2430.713091][T18277] debugfs: Directory 'hsr0' with parent '/' already present! 21:02:16 executing program 3: msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000000)={{0x80}, 0x0, 0x0, 0x1, 0x386c359b}) [ 2430.805198][T18277] bridge0: port 2(bridge_slave_1) entered blocking state [ 2430.812537][T18277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2430.820365][T18277] bridge0: port 1(bridge_slave_0) entered blocking state [ 2430.827775][T18277] bridge0: port 1(bridge_slave_0) entered forwarding state 21:02:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400000033001901000000000000000002000000ff131355d6897caf3f211bd38d9b000001000800100004000b00"], 0x24}}, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x42000, 0x0) sendmsg$kcm(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="d14fcec0e1db9abbd948c8b40b228458966c336745617608942442df323f0914", 0x20}, {&(0x7f0000000240)="eed0c5d775a1cfe2ec49319a7b982695bc9da0ed4ee00a72d90600a6da817927c35eacfe3971b75373cca383e3dfde57f916677920524ada5284828e2bcda70b66e721a9991821e477ff52e36437dc27d25e4e62a3d0f0efcb18198a5ed986fe1bbb62acebccefd67295a7d2bd98fb511d88d46dde359d16affbbca95844634204d5f43b09885e25072f610adf61466604b954e098cf847b0a1aa291042789503d6d50cee3bf62a7a27248dd180c7bb08a97d2413ba76f5f3a2105a2bbe0fe4c39d5a13f5fb9edba8d1ef72fbde34f5ff813d5c26007f63546ef847b92964e", 0xdf}, {&(0x7f0000000340)="969d5c4b9be3859837b1a52f88998a1df862b5cd9ad89bc4f309c14f41a880f639567cb3fedb4162fce857d4e37f20b9adf65235f69c286e999b28efb087cfac71d82b5fe9a5675f759877e18a84e220af57b0b5683943bab76decfc9e184e78fe13797aacbd4230d8d12f84482c496b1d02b2716c05731ae8fc80912f417a2d324301dc3338b3207692ccd329943103e6b08ff6e2d026da1351e56275cd79ce491bcae82df4c75a3d59aba598ad572d9adc5e667de787cb44ebd5e077a449cd8234a1416241449420f2f37ed400858902f581e31e888d3b7307ca0be42fa1f8af573f3a00f475b2946726081ab5d5f5e52071d340264264256f1c", 0xfb}, {0x0}, {&(0x7f0000000500)="7940bd6be05f70863b9095ab6354270e8b38a304be997b35fb18259049a718c748252df6b51d3e9da0d81cacbe9bd81cbfdf74c8b8842b96c9138f46c82b56545a1c7216a86ddbc9c2d1a1ef13d6df79f13f50c94a37e217045a7e3dfe0941448fbc9c7de62b524a335b4c8ff00fbe7bff8f54266c4d926bf34246b3043135e7c8b5ad02872838540fa2de5a1f1b6c7103d5aa1a5a13a7dd300c7b767878cfda74c684993732cf5a", 0xa8}], 0x5}, 0x40000) ioctl$KDSKBLED(r2, 0x4b65, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x20000, 0x0) sendmsg$kcm(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000000440)="ba994a238953580e6b2d4637dcb06644d033ab7146fd7a6e7144ff8e49a4ae6bb2f7d2d4cf24375d3502194e85024c04383cb9ee89ee0b7e69867d423beb664676311047dffd68b39a2f45de7333b0e2490216b4cb43a197922a4e6dac27c746f28efdc9e92b6e40e68b8de5aa54c462db54dae3e68c749d59fa22d48246b31cdefd7ef2c586dd1a9670ae92ea0cf54a7462c8385687cb92a08dd9c457adf6af4f439b0c9b2dc4791b1b", 0xaa}, {&(0x7f0000000780)="6cf4e110a74ec2d1c9fd9a9c68ff497957d1bb36e9ad1d56ead846d63c13898fb6c40a000e1a0914798543b868ab2101869a50e5911218a98d1d4bd7cb45c02d235acca00ff24631723eceff9169d97b2fc093d90d160abf02afc1e7a984ee655a2a7b2da676e6d92bf6f0d54693d7a66c6fec35c5e76b71bbbb1efa31fa709afcb2aee0bc775130f4de7ea609514fef704c3eb514d7e4526b186ebfaea8c4b7d386736495e6e85f1db0a07f3689a566d7e0e33a113173d6cc8bec038c95d7fe331f9b", 0xc3}, {&(0x7f0000000880)="4f8b04f8e9eb6480668f26c411667e9084fd2bd40d19a7b4166b813bde506b4ed2a8e5577b48c03749c90225e63702910a852b285d7db9241f0d8939a24b61a64e1d0f98d6a7e934e77f700aabbcddac1b138a1f9d19f27b80bb5a799189dd2c7517106208ce3884c9be6fafc2d1e5dc28ffc23c389fe837c3f458e3e9da480678ab93604e8f5adf8d889e6edfe7612e94d4ce10d2b7fd558fca7683e774f4988181ac7bae4b5c538fd1588d43455aa6c8f7e058809471ca053b8103296e49d8", 0xc0}, {&(0x7f0000000940)="376a5d1c4c6c98c482f5acaba781162cbf748715408c21d742e724e303271e87ad1e3cf535b36e397e410caeb86f3cb82b1ccec66d6556cd1cb016e5827770503afc30021bde7bac9fd19304fb9073c3612dec05b20569db2afc4d1f6c197309a93e9496e9ef01d2c7b11060b22dd01198f1ab8d9fab7c79e46fe94eb65d4d27c2bb87cc27d047d5d02b30482b8f7a8b507e6134cede3c44d2e6ff96c093a8882779983bc6fdc76e76588f08cff2fcf42bf9787dcb6fd5b4ba2425991e32b0cb55dcc578ad8e70ea08322c7554a2a5700d7c6aed23a2f97c807f873623ff5dd268ad3ab747cfe69b32bad12112ee6b5af351eb5fe6e34596628e", 0xfa}, {&(0x7f0000000a40)="ba427c2311e84092cb8bd5050000006181ca5f450f36a2dd7a8ff390bf059ef2d9f355fbbe05f1efbbbce26b1bf53bc8c1e49a0d49b0abe88395929b32a80162629d14d1c6b95275fd51f4332c6f352d2b73b5db2e5b7f8d0a562b855200000000", 0x61}, {&(0x7f0000000200)="3d54a275b51ae0112404bf858c7769ec3c5ba0c288452c46f649114a80b21827343306825d5c1e801ac18c29d813c6481da32504667001", 0x37}, {&(0x7f0000000ac0)="b69472753be2e19b5e05005539648f1bbebe7d9541204c51327e034dc6c3dddb78d7537073b9afc69571fb9af126b6a3a35ed928d396e998ba17a98d5394d3c372b23e46b5659ed4a21304283c5c345137897d70829fb6380329602cbc97fd9729ffce62c28a7028a553f55934742e88637d7eb4c3fa1f0386246ebfab31c1f90d152aaed56a15306519fed377853333c7a70427b3bc5b", 0x97}, {&(0x7f0000000b80)="40c9df108dbc706fa47d94f11b50b6f29bdcfa058e4b8c72f3b23c722d67d995d5ef289b4d3a93ee6b96cd527a970b795e", 0x31}, {&(0x7f0000000bc0)="358b6d5844c6ca1e77ca767ab89d3fc4144b234733aab45f21f0c9da41c951dbff6685c9769c80df959a89d49f0d7204039232dd64d544c863fc1fd1a43803064d820b7af6a0614095e7043930fca359d1a98fc768bb29d7093b530446b45d26750aab896f441c01595a430e566b8440dc13f1cb2194af9fbdbadf90e7d5be9cbf633dfe02bda7ea347d11e6e5ea27d31cc7fabfb1f608be66b3ff719fb8bbc467f0931e2bc7da3f55dffe590d197ece9261392ed25a793ba7ad73712ca1ec2086649f7d23a718c28db829e1997d5baea933909910b1626b042a675563fa9a01227c28ca63f568f4d8fe964c54292e5a69498e0896059a7c05f8f3ae66beaaa9fdcf04f2347acd702ff527ff0a8129a61d0e7fc25303ccbb0d328758e5d4937ab3d775f18fc8737544bbfe628fecb1d5709201b77278ffe37ca96c4f8ef2837055f7c55e4c9a03703b18d74e2d23c50e5c79085dbcfed89f95375cba53110ec75d902e1b3fd2a76632aafedc4973fb536f87552c3b886c513460dda06b75eb9e01693dcadee7dccd43e2bf4600e927af3476f7b0743ea089859282113c1f4eb7efdb867754f2165410983202be657b99a0e0c7e78e9e818a06eb50f9f3ff40357236c01257a5f163d361c51dfe8036bfe4f916ddc3d80cb7972fcb2d09d6da8f00e0bd0e09925118a30753c7821f9298984c7bf62c267fd91c7d518ba6899e5de2cdc60cbd59ffba808c1d626e12f06ca20be42fa009e5e3a0940e26d282075cd9e4b583e907bf283cc764c722c5e4203723471a6e24b98ec6faae9a3f89f24021fc04f56aafeb2d4b563f413fb68ed1aae9e630f51aec7e0747923672344efb99c9d14c24861d4f6a0cb1155892d5221380d861c6f331c956fb8440a69a4efbb9f451cbc9bc6701ebbe347daede79ef303447a19f23b040c962b4637e04ef75323ff1ed51d57f357089cbb30edf781f617ea3ef327eca2090639c78b71c8cf1a34c6a372caba0dbe549faa765773f1d486302e2a70745ae1db3f2adf2bc1cf62222f7189b6bc24034a816b11731aaf756fa9f6e041251b7cba378f3803ee4fa882c6aa6be0765d5b91bd65fa5245731bf1cfb99673795a667f3fd49045a3277d0418807d6b9cb729bca76a8a32d30b0906a7ec6354b72c352a41cc8c2bdc6079d60eeab10d718928d5c4703c46ee35c89af059bfa052cf0253f05a500e95f8ba0afdc1aabc38a1c732f469db89bda6c09198b254ff1422a82f26496e9eb0d89fa8872672939697585555e132d5870bf8dbbacc344c9a0e4aa580dc36f314ecfe6f593943ca393ec58a1b0e18643134cee3a9cadec2975146ccd441fc41ca6d6b0909ae2c1dae4fcca8f40e5ebb370fc78f878a5bf98fcd43cc2e9651c50164186862de0c983d48891ddf9f3971a6c506d19d36b563bf447d2b7b952d166e999d2dd72f4611b66614ffea63758fcd785da5014f9453f916bc10914ca5ee559c967802e523f589a69082d11fbc93b1a1670e61f4cdfe27062a167f8807e7ebc30904d788859866316caa66c9ee855565f5318571ad190b0350fdfe7ed8c62cbc62950bbc3f4f9bfac7c42a273b8f055029785df7d2490a62ab18155181fbff8b451bf9d752d0f197ff1e6ba875ccd0c45ac41a3e08ce3c82f7033ef9e9d1f9891bb92b017722ff6eb3ae9994c79fe03f9b9cd2689ae29219b34ebd72216d53fad15c087c1340979e0201ee29cb29a3fb95788f160d6f3a33bf84fcfe6803aae2af1c9c442622699e7927140974496404676ce27cd037ac39deb464078f8868f9f905e072441d57065d19e6ac8314a854b1875cca4732b3bf7c5eb765d54e5ed7ad1448740a4e51b76b5bbb179429d02a22d6962d5598507b81cfadb03b8e6313c3967ffbab8a223a50bb71910b22975132b30bc7d9aaa3e2fb94399ecdccd4fdf8bbdbf152137666950e63e8d11e3938be324ea22fa8aa027a07a8ca6ceea6726431f8cb536f00342f42729f946506f881ed086d3c09fd26c230eae7c4522d4a9a59aedb3b8a576558bb836b30c817b2140c12daa1c9e201c2a3f8f9a36d98aa3a995e8d24c384594ca7a898fbef14248c6a1e6d7b27734fbd285b4cb88bf233942c9f01b9a3f6929915762fc3ef0f93be59d8d080b020a443fa034b0c99366273c0962647197661c3e9c28c7bb0bd37ed92d0cf34eb6eadd3215bd2ee5d82036dbb2588e7f5828068605d16210c4e165734aea46d8a0ba57399e20cdca58df89285b4a2b592d0e989616ed721d24379e560cd356f5ade9f65cc50aea769cc247f19d241e98010c8d2d5f7bf2e8b452292fa0b70555b2a3277365b09c726badfb0b11772a7b95f3a854b17656e1e801d70c636c6c98a752a4aaeda8a8770381ffd69758df5924b59d128fac97d29c8128c2fcb5be4369db853473a5c315d747a472fb8522a4dc4b9d5fccb2478a8cdb212888130c62f363f6152093a84eb6a59308641613e6ccf625e18c0d10999405d07be5a97dff626fda5c80f5ff1cd681b5cd95b5ff3801ed442dd9edaeaecc8c1ff46392118d92329a0816bf3e9dfbb8e83e61ee40fdc7970bfb15b26fc8249177becd132e812394205556ec519dbfeed22f378c4c6c71884dc8793665630b9f555850284ea61dcbf9dfd68ee5f8adc4c7fc5d30142b6612bb94c68d3b35fce7dbbcbd42984ad4f8d179a4bdcfd7d52e236eb6e05beb702958e224dff23a750dda656de7d1af824e10a32fb42e3c13243a3f0c1d250ebc4c5e5cc3fd5ad1ec17ac2f9214f38998536fe1ab7c8964217b0de68112d6f6aad32b6b7300b7a7a9632bc95c1e7fac4403eb17eb738132f2b21f41b53e49fc6535581e3f1ad9f9bd3fc3638e37d7b3b9381933900952336e3dab6b6999612275b7fb929334018098f8c177fb40d29e581d1883bd732487387036b5dc35df4ad226fc1591a57d30df447f8a2538a1b731c26990b0e13a2feb5ed440aee8ad6eeb4c2577b8532a4196fad470bc40974f77b5c8eefc29fff8ca32dc5ebbb499e50c390a96089e4af1cb2b9df409507fcb164445d152f572135532c28e144bc2f072da7fd74b07cd94b93ba26e58fdb8fba5c862f703f2aa4b19fe3535b09940ffbd1be42691a2d25374b27a47126213d2f8b2a82367ae74f79434084a54b1acf4962681ce5c9e643db64babad9d86688999d146911c0f732254a46e3c41879a159fed579c8d42556934cabf82ad22d6f14f0adf45c7e792dd7abd155abc6e90fb69564aa9e027dbefb596ffa82027ddcbfdfbec6e37574ad9c83d6bbdfc1de4aeeaf67de53605feb0635998bfc8e998d2adc93c1da83af433d5734ce3a1391f6dae57a4f69ec17ace35bcd9baea2be80fddc5a9a66cb76f01c34cc86925bc79993cbce3a2dbaad7cb84e9273ff1cc412c17a7422055463b45a9b46affe3494d4662213f5a83c2be97a5cdf18fa143cde5849330d5c39ca48c838b6bdafaa56a2a84f390db2d6856b5ea6e57865efe3f5dcab7fabbb5769a80173bafd778278e79e5b4476fb0a2e370de6ff1c68decfb80ed679f258c2c753a6cdab9628ef872d8b3f2b46b700f49e8302f0adc2412361c63af908751bc7e698d6f0acba0d330923dad67a34221b97ef427eda86faff8294fd838f6266a8bfd6ac37c81baf71e879e29675f6eeffef33cf306c8dc7cc929b1d50d6859b738f162829b4efd12e6fe0705e87c378234b27399d7db1a79edd8a5c88a3400f1f4e90be02742534c4e5ec7d8573dda6e3807f985c3c4a9f75bd2b7553fa115ff32103bbb9f0475d116145214bcd3c6d2771b89293f903785017f08ccb2f03cbdf2aaf5790e9f784fb1b832a90ae828eede3b8757fb281b92f4e1e04ce18d052d6020e8c6cd123af8e44c97d54d0259ff6866abb530b828f7f2a4bd2a85996423b639a3a1fe05124fdd6d5b6c3fea2d59c02e760f48125f46f418a015e9b85e1b5a63e76665ba756411f43748d621292410f31b08b61d2db3a52945e6d1ce51b6194db3fd7242591ba48e4fd1a794948aa8424815711a082281b859e4ba836fe2125398ab30474f7691681609729baaae216cbc22054970d4033609e74aaf63c960af6f88f3934aab75562ff0716b5cdbe0aa7f0b88476a30174c59b4478f94254700446443c0e18ea645c8343b76a614b0956ad47a68ed0da3c4de8f32650ebb064c8fd60ce1c956f2afd6adc350b1b68b2766cf34f9cb615e8f7edb5077a098efa28750c121e4942c319dc4eebc38ddf9e50a0f06bfde7c24fcf3d9f6a2499545111b16b41402763d55c6fd85085c23ba5b0694319f49df3461018b420287d1e644bae1e943b7ca71780b31f11721b4d044d23eecc3b9b5c2dcac32038b98c4a4272fcae02e44bb2c8add8c5582713527f7bda4c3ff2f559c92f5eff633c10ac5151c0177ff127afb34aa0d502b92b9ca4282a288545a8692f518a791c3582917afdbc6eda51ca16741e4718a8dd11d4854d65d31634342d4c42f67e697d6e8d84b6dfc8c423f89b7b575c014b67e921883f44b2d1f3caab7571ad69d942edf0613180523777ad40cabc9c60b6ae8426d79e566b2265ab62f977761e1c342a6a097078d1187461abf2668d5182ae5d89fe9274b146b194066e386dd6504bc6aed34a1aa137b90f5907711b0adbc75c0b1cf3b5ba6ec9903f5462278edc1c64ecdafd51534a9eefb98660b0b746af1650d6e9cb60904d5abab52c5ecbff64582d5b90ba05027bc9d015ab1f9355d8a012b50dd608209253760eab46326baa5276eca99bbaad54e0cc3f7fe35d9248d82393b246513d74607929c4994c6af46ec1cb1a9e75dfeb96b7aca3eeec9bbe8681d32b792e31b58c1cbac27b53fdc44ea6afc51499f8b7ee8d02395d7fc7b227e2b2160df169465c041109a2f43839890e5b12f24937c95ce13ce608d724842504bc2351e4e944b7e0a159214766f3448f1dd02d9fafcd2cf0d5e88e9cd3e9e22501fa390d57cb75d6618dbaf64ad4f2dd9e44e6a0bf5f9bf852f18c1540c186c0058091b12018833ba6e064315bc777c0d40a5473c6f438cb3ccf3e5c99e785275337e090eff0a4d8a16425c831403e00895be5dd7ee9901dc4916b3a8f7d33e68e0c8115f2fa3e19af534a79c7ff2d012476691748480638c26e73a6b82dd6083755eca5bf3b5836ec483413861f674c6f41c0da8cba1b8809dce3babe7641731eff095ab16b37b4726fd417962808c904cfd98c027d7854ca9397c37b1116be227a01548cfe01b7ac6138c0bbd85e7934823d8de290f61f4eb1eeb5ad63c62d26854b778ed0228c42c76f251ca725aff278823c46b36b3bfee861ca2478c7d9cc83a333c3d3ea6943cc56e81a327776dbe1c30d314066f13dbd9ef65e23f68b1cd307b8a48a0b116a005b65683eb1f7f195d2d938dd595de843512adfeffe5f5f2a7586e972572242b2dd5a80b4418ea7dc09091541aca74f3ec5b8669eda3ca2fe0d3c9f12effe563277cb86562c173098adc8def253458aba5e2641140a49f4ea20c7e0e8876a9ae9fd4fb31d0aa0f588a927449ee4eea7ad0f7ac29c703e262aa26127d764d0a45898d31f06939d03d8f40bd67b4b5d6f920339e0463abdd6dac7fa1e65f376f010c5f37dcd880357ce34aea97dba31279fbecb0993fbf23b8ad36b02531a1fe3e7fe49aa0c259147c50b1b532587df3021a40ad39338f8db7b96c3e1c2c015fe6a3c6f8e632f679ee12dabebb250fca2a14c1e9a3225298ce9d33c538d44780ae0b1d72fe73251ae0f2c3f7", 0x1000}], 0x9}, 0x40000) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000680)) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x2, 0x77, 0x200, 0x20, 0x7fffffff}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000180)=r4, 0x4) [ 2430.947854][T18329] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2431.005059][T18277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2431.016806][T18329] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2431.030617][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2431.043141][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state 21:02:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}) [ 2431.055142][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 2431.085711][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2431.127798][T18277] 8021q: adding VLAN 0 to HW filter on device team0 [ 2431.153250][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2431.163550][ T2419] bridge0: port 1(bridge_slave_0) entered blocking state [ 2431.170791][ T2419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2431.240890][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2431.250234][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2431.257588][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2431.269124][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2431.279071][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2431.288704][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2431.299312][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2431.317133][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2431.333223][T18277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2431.365638][T18277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2431.498518][T18406] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2431.509426][T18406] CPU: 0 PID: 18406 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2431.517361][T18406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2431.528334][T18406] Call Trace: [ 2431.531676][T18406] dump_stack+0x191/0x1f0 [ 2431.536060][T18406] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2431.542066][T18406] dump_header+0x1e7/0xd00 [ 2431.546519][T18406] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2431.552717][T18406] ? ___ratelimit+0x542/0x720 [ 2431.557416][T18406] ? task_will_free_mem+0x14c/0x810 [ 2431.562640][T18406] oom_kill_process+0x210/0x560 [ 2431.567545][T18406] out_of_memory+0x1796/0x1c70 [ 2431.572408][T18406] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2431.578105][T18406] memory_max_write+0x90b/0xb60 [ 2431.583079][T18406] ? memory_max_show+0x1b0/0x1b0 [ 2431.588040][T18406] cgroup_file_write+0x41a/0x8e0 [ 2431.593006][T18406] ? cgroup_seqfile_stop+0x150/0x150 [ 2431.598301][T18406] kernfs_fop_write+0x55f/0x840 [ 2431.607575][T18406] ? kernfs_fop_read+0x9a0/0x9a0 [ 2431.612932][T18406] __vfs_write+0x1a9/0xcb0 [ 2431.617407][T18406] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2431.624455][T18406] ? __sb_start_write+0x10b/0x230 [ 2431.629507][T18406] vfs_write+0x481/0x920 [ 2431.633790][T18406] ksys_write+0x265/0x430 [ 2431.638163][T18406] __se_sys_write+0x92/0xb0 [ 2431.642923][T18406] __x64_sys_write+0x4a/0x70 [ 2431.647533][T18406] do_syscall_64+0xb6/0x160 [ 2431.652057][T18406] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2431.658042][T18406] RIP: 0033:0x459a59 [ 2431.661960][T18406] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2431.682166][T18406] RSP: 002b:00007f0d73804c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2431.690712][T18406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2431.698890][T18406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2431.706934][T18406] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2431.714950][T18406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d738056d4 [ 2431.722940][T18406] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2431.731163][T18406] memory: usage 5296kB, limit 0kB, failcnt 3390 [ 2431.737604][T18406] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2431.744541][T18406] Memory cgroup stats for /syz5: [ 2431.744811][T18406] anon 98304 [ 2431.744811][T18406] file 2920448 [ 2431.744811][T18406] kernel_stack 196608 [ 2431.744811][T18406] slab 1986560 [ 2431.744811][T18406] sock 0 [ 2431.744811][T18406] shmem 2920448 [ 2431.744811][T18406] file_mapped 0 [ 2431.744811][T18406] file_dirty 0 [ 2431.744811][T18406] file_writeback 0 [ 2431.744811][T18406] anon_thp 0 [ 2431.744811][T18406] inactive_anon 2838528 [ 2431.744811][T18406] active_anon 98304 [ 2431.744811][T18406] inactive_file 0 [ 2431.744811][T18406] active_file 0 [ 2431.744811][T18406] unevictable 0 [ 2431.744811][T18406] slab_reclaimable 413696 [ 2431.744811][T18406] slab_unreclaimable 1572864 [ 2431.744811][T18406] pgfault 138501 [ 2431.744811][T18406] pgmajfault 0 [ 2431.744811][T18406] workingset_refault 0 [ 2431.744811][T18406] workingset_activate 0 [ 2431.744811][T18406] workingset_nodereclaim 0 [ 2431.744811][T18406] pgrefill 0 [ 2431.744811][T18406] pgscan 0 [ 2431.744811][T18406] pgsteal 0 [ 2431.744811][T18406] pgactivate 0 [ 2431.839995][T18406] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18404,uid=0 [ 2431.856553][T18406] Memory cgroup out of memory: Killed process 18404 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2431.881298][ T1833] oom_reaper: reaped process 18404 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2431.916803][T18277] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2431.927014][T18277] CPU: 0 PID: 18277 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2431.934932][T18277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2431.945009][T18277] Call Trace: [ 2431.948336][T18277] dump_stack+0x191/0x1f0 [ 2431.952690][T18277] dump_header+0x1e7/0xd00 [ 2431.957120][T18277] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2431.963343][T18277] ? ___ratelimit+0x542/0x720 [ 2431.968075][T18277] ? task_will_free_mem+0x2c9/0x810 [ 2431.973320][T18277] oom_kill_process+0x210/0x560 [ 2431.978195][T18277] out_of_memory+0x1796/0x1c70 [ 2431.983092][T18277] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2431.988742][T18277] try_charge+0x2889/0x3d70 [ 2431.993280][T18277] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2431.999824][T18277] mem_cgroup_try_charge+0xa29/0xe40 [ 2432.005126][T18277] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2432.010857][T18277] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2432.016760][T18277] handle_mm_fault+0x522b/0x9f70 [ 2432.021726][T18277] do_user_addr_fault+0x905/0x1510 [ 2432.026868][T18277] __do_page_fault+0x1a2/0x410 [ 2432.031816][T18277] do_page_fault+0xbb/0x500 [ 2432.036355][T18277] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2432.041971][T18277] page_fault+0x4e/0x60 [ 2432.046157][T18277] RIP: 0033:0x403522 [ 2432.050087][T18277] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2432.070592][T18277] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2432.076675][T18277] RAX: 0000000000000000 RBX: 0000000000251a48 RCX: 0000000000413660 [ 2432.084673][T18277] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2432.092651][T18277] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002261940 [ 2432.100642][T18277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2432.108648][T18277] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 21:02:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3c, 0x0, &(0x7f0000000280)=[@free_buffer, @release, @decrefs, @dead_binder_done, @acquire_done], 0x0, 0x0, 0x0}) 21:02:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xffa7, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141403}}, 0x1c) 21:02:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000280)=[@acquire, @request_death={0x400c630f}, @release, @decrefs, @dead_binder_done], 0x0, 0x0, 0x0}) [ 2432.116897][T18277] memory: usage 4888kB, limit 0kB, failcnt 3399 [ 2432.123296][T18277] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2432.130243][T18277] Memory cgroup stats for /syz5: [ 2432.130566][T18277] anon 98304 [ 2432.130566][T18277] file 2920448 [ 2432.130566][T18277] kernel_stack 0 [ 2432.130566][T18277] slab 1986560 [ 2432.130566][T18277] sock 0 [ 2432.130566][T18277] shmem 2920448 [ 2432.130566][T18277] file_mapped 0 [ 2432.130566][T18277] file_dirty 0 [ 2432.130566][T18277] file_writeback 0 [ 2432.130566][T18277] anon_thp 0 [ 2432.130566][T18277] inactive_anon 2838528 [ 2432.130566][T18277] active_anon 98304 [ 2432.130566][T18277] inactive_file 0 [ 2432.130566][T18277] active_file 0 [ 2432.130566][T18277] unevictable 0 [ 2432.130566][T18277] slab_reclaimable 413696 [ 2432.130566][T18277] slab_unreclaimable 1572864 [ 2432.130566][T18277] pgfault 138501 [ 2432.130566][T18277] pgmajfault 0 [ 2432.130566][T18277] workingset_refault 0 [ 2432.130566][T18277] workingset_activate 0 [ 2432.130566][T18277] workingset_nodereclaim 0 [ 2432.130566][T18277] pgrefill 0 [ 2432.130566][T18277] pgscan 0 [ 2432.130566][T18277] pgsteal 0 [ 2432.130566][T18277] pgactivate 0 [ 2432.225359][T18277] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18277,uid=0 [ 2432.241159][T18277] Memory cgroup out of memory: Killed process 18277 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2433.543931][ T9353] device bridge_slave_1 left promiscuous mode [ 2433.550559][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2433.604532][ T9353] device bridge_slave_0 left promiscuous mode [ 2433.611255][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2434.394059][ T9353] device hsr_slave_0 left promiscuous mode [ 2434.432933][ T9353] device hsr_slave_1 left promiscuous mode [ 2434.484948][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2434.500632][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2434.515429][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2434.569362][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2434.657260][ T9353] bond0 (unregistering): Released all slaves 21:02:21 executing program 0: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) accept(r0, 0x0, 0x0) 21:02:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2437.499616][T18522] IPVS: ftp: loaded support on port[0] = 21 [ 2437.609054][T18522] chnl_net:caif_netlink_parms(): no params data found [ 2437.656861][T18522] bridge0: port 1(bridge_slave_0) entered blocking state [ 2437.664288][T18522] bridge0: port 1(bridge_slave_0) entered disabled state [ 2437.673809][T18522] device bridge_slave_0 entered promiscuous mode [ 2437.683542][T18522] bridge0: port 2(bridge_slave_1) entered blocking state [ 2437.690797][T18522] bridge0: port 2(bridge_slave_1) entered disabled state [ 2437.699974][T18522] device bridge_slave_1 entered promiscuous mode [ 2437.729849][T18522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2437.743373][T18522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2437.770459][T18522] team0: Port device team_slave_0 added [ 2437.779235][T18522] team0: Port device team_slave_1 added [ 2437.866506][T18522] device hsr_slave_0 entered promiscuous mode [ 2437.913905][T18522] device hsr_slave_1 entered promiscuous mode [ 2437.953044][T18522] debugfs: Directory 'hsr0' with parent '/' already present! [ 2437.978304][T18522] bridge0: port 2(bridge_slave_1) entered blocking state [ 2437.985944][T18522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2437.993578][T18522] bridge0: port 1(bridge_slave_0) entered blocking state [ 2438.000833][T18522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2438.068151][T18522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2438.086735][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2438.096757][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 2438.105791][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 2438.117545][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2438.138032][T18522] 8021q: adding VLAN 0 to HW filter on device team0 [ 2438.153076][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2438.162074][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2438.169314][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2438.185068][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2438.194712][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 2438.201906][ T5226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2438.238403][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2438.248881][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2438.259669][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2438.276025][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2438.293341][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2438.306328][T18522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2438.340385][T18522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2438.501588][T18527] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2438.512879][T18527] CPU: 0 PID: 18527 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2438.521033][T18527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2438.531110][T18527] Call Trace: [ 2438.534456][T18527] dump_stack+0x191/0x1f0 [ 2438.538824][T18527] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2438.544744][T18527] dump_header+0x1e7/0xd00 [ 2438.549205][T18527] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2438.555400][T18527] ? ___ratelimit+0x542/0x720 [ 2438.560306][T18527] ? task_will_free_mem+0x14c/0x810 [ 2438.565569][T18527] oom_kill_process+0x210/0x560 [ 2438.570491][T18527] out_of_memory+0x1796/0x1c70 [ 2438.575325][T18527] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2438.581039][T18527] memory_max_write+0x90b/0xb60 [ 2438.585925][T18527] ? memory_max_show+0x1b0/0x1b0 [ 2438.590910][T18527] cgroup_file_write+0x41a/0x8e0 [ 2438.595894][T18527] ? cgroup_seqfile_stop+0x150/0x150 [ 2438.601208][T18527] kernfs_fop_write+0x55f/0x840 [ 2438.606392][T18527] ? kernfs_fop_read+0x9a0/0x9a0 [ 2438.611370][T18527] __vfs_write+0x1a9/0xcb0 [ 2438.615877][T18527] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2438.621988][T18527] ? __sb_start_write+0x10b/0x230 [ 2438.627066][T18527] vfs_write+0x481/0x920 [ 2438.631404][T18527] ksys_write+0x265/0x430 [ 2438.635777][T18527] __se_sys_write+0x92/0xb0 [ 2438.640299][T18527] __x64_sys_write+0x4a/0x70 [ 2438.644935][T18527] do_syscall_64+0xb6/0x160 [ 2438.649577][T18527] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2438.655513][T18527] RIP: 0033:0x459a59 [ 2438.659444][T18527] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2438.679065][T18527] RSP: 002b:00007eff28f26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2438.687610][T18527] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2438.695619][T18527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2438.703720][T18527] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2438.711735][T18527] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff28f276d4 [ 2438.719764][T18527] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2438.731650][T18527] memory: usage 5756kB, limit 0kB, failcnt 3408 [ 2438.738079][T18527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2438.745048][T18527] Memory cgroup stats for /syz5: [ 2438.745374][T18527] anon 98304 [ 2438.745374][T18527] file 3227648 [ 2438.745374][T18527] kernel_stack 196608 [ 2438.745374][T18527] slab 1986560 [ 2438.745374][T18527] sock 0 [ 2438.745374][T18527] shmem 3227648 [ 2438.745374][T18527] file_mapped 0 [ 2438.745374][T18527] file_dirty 0 [ 2438.745374][T18527] file_writeback 0 [ 2438.745374][T18527] anon_thp 0 [ 2438.745374][T18527] inactive_anon 3108864 [ 2438.745374][T18527] active_anon 98304 [ 2438.745374][T18527] inactive_file 0 [ 2438.745374][T18527] active_file 0 [ 2438.745374][T18527] unevictable 0 [ 2438.745374][T18527] slab_reclaimable 413696 [ 2438.745374][T18527] slab_unreclaimable 1572864 [ 2438.745374][T18527] pgfault 139062 [ 2438.745374][T18527] pgmajfault 0 [ 2438.745374][T18527] workingset_refault 0 [ 2438.745374][T18527] workingset_activate 0 [ 2438.745374][T18527] workingset_nodereclaim 0 [ 2438.745374][T18527] pgrefill 0 [ 2438.745374][T18527] pgscan 0 [ 2438.745374][T18527] pgsteal 0 [ 2438.745374][T18527] pgactivate 0 [ 2438.840555][T18527] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18525,uid=0 [ 2438.856364][T18527] Memory cgroup out of memory: Killed process 18525 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2438.878570][ T1833] oom_reaper: reaped process 18525 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2438.920404][T18522] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2438.930907][T18522] CPU: 0 PID: 18522 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2438.938911][T18522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2438.948991][T18522] Call Trace: [ 2438.952536][T18522] dump_stack+0x191/0x1f0 [ 2438.956922][T18522] dump_header+0x1e7/0xd00 [ 2438.961416][T18522] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2438.967637][T18522] ? ___ratelimit+0x542/0x720 [ 2438.972326][T18522] ? task_will_free_mem+0x2c9/0x810 [ 2438.977551][T18522] oom_kill_process+0x210/0x560 [ 2438.982941][T18522] out_of_memory+0x1796/0x1c70 [ 2438.987779][T18522] try_charge+0x2889/0x3d70 [ 2438.992340][T18522] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2438.998558][T18522] mem_cgroup_try_charge+0xa29/0xe40 [ 2439.003884][T18522] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2439.009660][T18522] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2439.015696][T18522] handle_mm_fault+0x522b/0x9f70 [ 2439.020808][T18522] do_user_addr_fault+0x905/0x1510 [ 2439.025950][T18522] __do_page_fault+0x1a2/0x410 [ 2439.030771][T18522] do_page_fault+0xbb/0x500 [ 2439.035313][T18522] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2439.040735][T18522] page_fault+0x4e/0x60 [ 2439.044909][T18522] RIP: 0033:0x403522 [ 2439.049116][T18522] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2439.068933][T18522] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2439.075083][T18522] RAX: 0000000000000000 RBX: 000000000025359b RCX: 0000000000413660 [ 2439.083324][T18522] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2439.091298][T18522] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000022d7940 [ 2439.099290][T18522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2439.107305][T18522] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2439.115495][T18522] memory: usage 5336kB, limit 0kB, failcnt 3417 [ 2439.121796][T18522] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2439.128953][T18522] Memory cgroup stats for /syz5: [ 2439.129253][T18522] anon 98304 [ 2439.129253][T18522] file 3227648 [ 2439.129253][T18522] kernel_stack 0 [ 2439.129253][T18522] slab 1986560 [ 2439.129253][T18522] sock 0 [ 2439.129253][T18522] shmem 3227648 [ 2439.129253][T18522] file_mapped 0 [ 2439.129253][T18522] file_dirty 0 [ 2439.129253][T18522] file_writeback 0 [ 2439.129253][T18522] anon_thp 0 [ 2439.129253][T18522] inactive_anon 3244032 [ 2439.129253][T18522] active_anon 98304 [ 2439.129253][T18522] inactive_file 0 [ 2439.129253][T18522] active_file 0 [ 2439.129253][T18522] unevictable 0 [ 2439.129253][T18522] slab_reclaimable 413696 [ 2439.129253][T18522] slab_unreclaimable 1572864 [ 2439.129253][T18522] pgfault 139062 [ 2439.129253][T18522] pgmajfault 0 [ 2439.129253][T18522] workingset_refault 0 [ 2439.129253][T18522] workingset_activate 0 [ 2439.129253][T18522] workingset_nodereclaim 0 [ 2439.129253][T18522] pgrefill 0 [ 2439.129253][T18522] pgscan 0 [ 2439.129253][T18522] pgsteal 0 [ 2439.129253][T18522] pgactivate 0 [ 2439.225136][T18522] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18522,uid=0 [ 2439.240726][T18522] Memory cgroup out of memory: Killed process 18522 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2439.259707][ T1833] oom_reaper: reaped process 18522 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:02:26 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x24, 0x0, &(0x7f0000000140)=[@acquire_done={0x40106309, 0x2}, @request_death], 0x0, 0x0, 0x0}) 21:02:26 executing program 1: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='loginuid\x00') ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000002180)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getpgrp(r1) sched_setattr(0x0, &(0x7f0000000040)={0x30}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004ac0)=[{&(0x7f00000003c0)=""/157, 0x9d}, {&(0x7f00000004c0)=""/222, 0xde}, {&(0x7f00000005c0)=""/186, 0xba}, {0x0}], 0x4}, 0x80000000}, {{&(0x7f0000000840)=@nfc, 0x80, &(0x7f0000001b00)=[{&(0x7f00000008c0)=""/226, 0xe2}, {&(0x7f00000009c0)=""/117, 0x75}, {&(0x7f0000000180)=""/14, 0xe}, {&(0x7f0000000240)=""/54, 0x36}, {&(0x7f0000000a40)=""/4096, 0x1000}], 0x5, &(0x7f0000001b80)=""/202, 0xca}, 0x2}, {{&(0x7f0000003600)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000047c0)=[{&(0x7f0000003780)=""/6, 0x6}, {&(0x7f00000037c0)=""/4096, 0x1000}], 0x2, &(0x7f0000004800)=""/132, 0x84}}], 0x3, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) open(&(0x7f0000000140)='./bus\x00', 0x145042, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) getgroups(0x5, &(0x7f0000000140)=[0x0, r4, 0x0, 0x0, 0x0]) getgroups(0x2, &(0x7f00000002c0)=[0xee00, r4]) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(r1, &(0x7f0000000300)={0x30, 0x7, 0x1, 0x6, 0x7, 0xf5a6, 0x3, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(r5, &(0x7f0000000680)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000340)=0x80, 0x80800) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') preadv(r7, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) setsockopt$inet_tcp_int(r7, 0x6, 0x2, &(0x7f0000000000)=0xfffffffb, 0x4) r8 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r7, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x408800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r8, 0x3bd4836842b44fa3, 0x0, 0x25dfdbfe, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x1400000}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x1) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r6, &(0x7f0000001cc0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001c80)={&(0x7f0000000740)={0x28, r8, 0x200, 0x70bd27, 0x25dfdbfb, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x24040054}, 0x1) 21:02:26 executing program 4: bind$alg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) r0 = socket$inet(0x2, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) fsetxattr(r0, 0x0, &(0x7f0000000180)='nodev@vboxnet1-vboxnet0&{-.-\x00', 0x1d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x100, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x4000, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r2, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffb000/0x5000)=nil, 0x1000000, 0x2, 0xbad3fc0971f6927f, &(0x7f0000ffc000/0x4000)=nil}) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, &(0x7f0000000100)={r3}) ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000000)=""/34, 0x22) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000580)=ANY=[@ANYBLOB]) 21:02:26 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000300)="240000001e0025eaa87865f51e86041b0004000200bff20182a9000c080008000b000000", 0x78) 21:02:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:02:26 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) add_key$keyring(&(0x7f00000002c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) keyctl$update(0x2, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$reject(0x13, 0x0, 0x0, 0x7fffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890c, &(0x7f0000000040)={0x0, {0x2, 0x0, @dev={0xac, 0xb, 0xa}}, {0x8, 0x0, @multicast2}, {}, 0x44}) syz_emit_ethernet(0x0, &(0x7f0000000500)=ANY=[], 0x0) 21:02:26 executing program 3: socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x4, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam\x00\x00\x10\x00', 0x2}) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000000000000000040000000000000000000000000000001a00000000000008000000000000000000000000000000a7d55bebf226c10000000000000000000000000000000000000000000000000000000000000000009100"/112], 0x64) getgid() ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x200000000000, 0x2, 0x0, 0x400000200, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc], 0x0, 0x44110}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000780)={"eaa545e7421d85382ba46bd65966a55a8a83886fd638fa602d6b7da50f67b2f7b19acfe93c195f18e5175624f1a0f90796139e737003000000e37481bf083f14d999650edb9097a2424eb05758d0290ff56fb045e448bf92657a2c3312d7778b32571bd14fb8caad0dc70d4e243038e3f69eeaf8dc766d250c4bfa8afc182d75896e0d7e694cbce34d82d8c930e299ae5f52e3647fad40732f0bb0be973e07b75ec8b1c8753e40609f918c0b892a7ec015541ad2b39be8d258973e3b73d3617c8aec4a7987b165ab65ade11ed94100e9de9d81db8612a033f60b236f48e0f3004c996d64afcca027289ef7c38efa2a8bc259eda9e45161b1fbb1dc0dda4a1c3166c2a782f5977ee8bd9d551e509f3c72687a8944ee55ad69c3c2fed0c2116d56ca160697c6369feda6e5865cc0b1d4bfe6d2681ca34903d6c57f399fb2c85a8e25fb3dc4c13bac6a7812e864f919a4358ae8ead402d6c81b955f0a4189b654d66186c36ac9ae5ca312d772942cfcfbdcf01ee1ae94f43ca82e6893aed89d05f386fb65827e27613f8b80ecfaf7d54cbb993d092428cdd31b05578bf47c78c9af37380bc512cc46d8c1bcc81f8993009b203a35e56e2eb4434a6db1229ed3a6e0476f9a3802000000000000005549716044f3554bb0e200aecfeefc0e83ce237b5cc3f3b27045faaeb2b6f7e190143240f6baa10f3d41bff09cb3d39627e1594309d60c23dd98a696d038d74317d7268c98a80000000167870598d34a09d385ec186ef848af49d312f9bc1448616092181f0f039c30da45266aeff06248d994a228db7ecd834189357a12fcb112ebebecf3ad2b960fbef92b827e51cfd9f5bf443ba730529f1ecee07984168142de2bd3d17ca50d3de1c1aeae8c15e0f44742d34f8dfcd2bbc8dc039da3aa25d6fb402f8abe3b3ad9f18ec78a8f788f0a499461f451873551b813b864c5eaf16ea9abdc87aec43d1d2e9e9691ab69d5e77fe124cc581d0183582790bab792be6e985da3f975e523a7b49175e29268d39e2d12a142dda1b59e9347805b10612b19348cbab9647b517a210d70ecf31696731c20bb6b757b661ccd166b52971027122e4736e44d35454df573354f2f96644e41c80692b2688bae0bffb8a2ef53d2b91bf2ecbc60e1cec442e5bf372c3b289ed320947bb3bc368278f48a8c797e604e647f97440000000000000008e83464dc4acabef1b949623aad99e811f3159dee90f1e6dbe1974876f10971694bf3c33e8260824bfbb35d63e51d5364c151f46c8fccf832d02120bf026b3729b44c9706ba102fc40277f51d9737bc6c1c945bf99d6fb89b4b773213758ae352d6158fc2ca928c6859f4c970cf2491004c6a1707002dbfab19b9d31adcca5ab570a393ae894a2f4e0110a7513a1982bfa900"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="e2b488276247782ff9483ed1393c0000002400070500fb00e20c00040000000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001"], 0x3}}, 0x0) [ 2440.883867][ T9367] device bridge_slave_1 left promiscuous mode [ 2440.890530][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2440.908361][T18738] kvm: pic: non byte read 21:02:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x1, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r2, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0) [ 2440.934719][ T9367] device bridge_slave_0 left promiscuous mode [ 2440.943651][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state 21:02:27 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000001880)="2600000013003ff1eb14c1f8030322ff001000e313000081093903680000000006000300124b", 0x26) [ 2442.073598][ T9367] device hsr_slave_0 left promiscuous mode [ 2442.132543][ T9367] device hsr_slave_1 left promiscuous mode [ 2442.194665][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2442.208059][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2442.221347][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2442.268402][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2442.358881][ T9367] bond0 (unregistering): Released all slaves 21:02:28 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x11, 0x4, 0x4, 0x3}, 0x3c) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000015c0)={r0, &(0x7f0000001240), 0x0}, 0x70) 21:02:28 executing program 3: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000001400)='*', 0x1}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x0, 0x4}, 0xc) 21:02:28 executing program 1: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000001880)="2600000013003ff1eb14c1f8030322ff001000e313000000093903680000000006000500124b", 0x26) [ 2442.618361][T18763] netlink: 'syz-executor.1': attribute type 5 has an invalid length. 21:02:28 executing program 1: r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$kcm(0x11, 0x10000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f0000001a00)=r1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) r3 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="000088caff"], 0xb107) [ 2442.815610][T18767] device nr0 entered promiscuous mode [ 2442.957466][T18768] IPVS: ftp: loaded support on port[0] = 21 [ 2443.177724][T18768] chnl_net:caif_netlink_parms(): no params data found [ 2443.237351][T18768] bridge0: port 1(bridge_slave_0) entered blocking state [ 2443.244701][T18768] bridge0: port 1(bridge_slave_0) entered disabled state [ 2443.254541][T18768] device bridge_slave_0 entered promiscuous mode [ 2443.264305][T18768] bridge0: port 2(bridge_slave_1) entered blocking state [ 2443.271931][T18768] bridge0: port 2(bridge_slave_1) entered disabled state [ 2443.281243][T18768] device bridge_slave_1 entered promiscuous mode [ 2443.330817][T18768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2443.346150][T18768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2443.372019][T18768] team0: Port device team_slave_0 added [ 2443.381259][T18768] team0: Port device team_slave_1 added [ 2443.447490][T18768] device hsr_slave_0 entered promiscuous mode [ 2443.493398][T18768] device hsr_slave_1 entered promiscuous mode [ 2443.532611][T18768] debugfs: Directory 'hsr0' with parent '/' already present! [ 2443.606313][T18768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2443.621201][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2443.630754][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2443.644413][T18768] 8021q: adding VLAN 0 to HW filter on device team0 [ 2443.656268][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2443.666106][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2443.675358][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2443.682599][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2443.691787][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2443.705352][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2443.715108][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2443.724311][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2443.731525][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2443.745090][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2443.762534][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2443.773245][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2443.783503][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2443.794302][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2443.812670][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2443.825349][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2443.835517][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2443.845147][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2443.861241][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2443.871458][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2443.886547][T18768] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2443.915338][T18768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2444.055316][T18874] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2444.066199][T18874] CPU: 1 PID: 18874 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2444.074303][T18874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2444.084828][T18874] Call Trace: [ 2444.088178][T18874] dump_stack+0x191/0x1f0 [ 2444.092567][T18874] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2444.098503][T18874] dump_header+0x1e7/0xd00 [ 2444.102974][T18874] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2444.109183][T18874] ? ___ratelimit+0x542/0x720 [ 2444.113902][T18874] ? task_will_free_mem+0x14c/0x810 [ 2444.119159][T18874] oom_kill_process+0x210/0x560 [ 2444.124062][T18874] out_of_memory+0x1796/0x1c70 [ 2444.128920][T18874] memory_max_write+0x90b/0xb60 [ 2444.133855][T18874] ? memory_max_show+0x1b0/0x1b0 [ 2444.139031][T18874] cgroup_file_write+0x41a/0x8e0 [ 2444.144207][T18874] ? cgroup_seqfile_stop+0x150/0x150 [ 2444.150419][T18874] kernfs_fop_write+0x55f/0x840 [ 2444.155781][T18874] ? kernfs_fop_read+0x9a0/0x9a0 [ 2444.161258][T18874] __vfs_write+0x1a9/0xcb0 [ 2444.165718][T18874] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2444.171829][T18874] ? __sb_start_write+0x10b/0x230 [ 2444.177073][T18874] vfs_write+0x481/0x920 [ 2444.181539][T18874] ksys_write+0x265/0x430 [ 2444.185902][T18874] __se_sys_write+0x92/0xb0 [ 2444.190434][T18874] __x64_sys_write+0x4a/0x70 [ 2444.198202][T18874] do_syscall_64+0xb6/0x160 [ 2444.203088][T18874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2444.209107][T18874] RIP: 0033:0x459a59 [ 2444.213060][T18874] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2444.232897][T18874] RSP: 002b:00007f22475c5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2444.241362][T18874] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2444.249539][T18874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2444.257832][T18874] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2444.266100][T18874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f22475c66d4 [ 2444.274204][T18874] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2444.282402][T18874] memory: usage 5780kB, limit 0kB, failcnt 3426 [ 2444.288695][T18874] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2444.295738][T18874] Memory cgroup stats for /syz5: [ 2444.296056][T18874] anon 98304 [ 2444.296056][T18874] file 3174400 [ 2444.296056][T18874] kernel_stack 196608 [ 2444.296056][T18874] slab 1986560 [ 2444.296056][T18874] sock 0 [ 2444.296056][T18874] shmem 3174400 [ 2444.296056][T18874] file_mapped 0 [ 2444.296056][T18874] file_dirty 0 [ 2444.296056][T18874] file_writeback 0 [ 2444.296056][T18874] anon_thp 0 [ 2444.296056][T18874] inactive_anon 3108864 [ 2444.296056][T18874] active_anon 98304 [ 2444.296056][T18874] inactive_file 0 [ 2444.296056][T18874] active_file 0 [ 2444.296056][T18874] unevictable 0 [ 2444.296056][T18874] slab_reclaimable 413696 [ 2444.296056][T18874] slab_unreclaimable 1572864 [ 2444.296056][T18874] pgfault 139656 [ 2444.296056][T18874] pgmajfault 0 [ 2444.296056][T18874] workingset_refault 0 [ 2444.296056][T18874] workingset_activate 0 [ 2444.296056][T18874] workingset_nodereclaim 0 [ 2444.296056][T18874] pgrefill 0 [ 2444.296056][T18874] pgscan 0 [ 2444.296056][T18874] pgsteal 0 [ 2444.296056][T18874] pgactivate 0 [ 2444.391119][T18874] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18872,uid=0 [ 2444.408924][T18874] Memory cgroup out of memory: Killed process 18872 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2444.430917][ T1833] oom_reaper: reaped process 18872 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2444.467249][T18768] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2444.478245][T18768] CPU: 1 PID: 18768 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2444.486172][T18768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2444.496235][T18768] Call Trace: [ 2444.499545][T18768] dump_stack+0x191/0x1f0 [ 2444.503924][T18768] dump_header+0x1e7/0xd00 [ 2444.508394][T18768] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2444.514571][T18768] ? ___ratelimit+0x542/0x720 [ 2444.519253][T18768] ? task_will_free_mem+0x2c9/0x810 [ 2444.524469][T18768] oom_kill_process+0x210/0x560 [ 2444.529334][T18768] out_of_memory+0x1796/0x1c70 [ 2444.534107][T18768] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2444.539785][T18768] try_charge+0x2889/0x3d70 [ 2444.544319][T18768] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2444.550632][T18768] mem_cgroup_try_charge+0xa29/0xe40 [ 2444.555944][T18768] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2444.561679][T18768] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2444.567686][T18768] handle_mm_fault+0x522b/0x9f70 [ 2444.572704][T18768] do_user_addr_fault+0x905/0x1510 [ 2444.577889][T18768] __do_page_fault+0x1a2/0x410 [ 2444.582697][T18768] do_page_fault+0xbb/0x500 [ 2444.587254][T18768] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2444.592639][T18768] page_fault+0x4e/0x60 [ 2444.596846][T18768] RIP: 0033:0x403522 [ 2444.600760][T18768] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2444.620386][T18768] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2444.626482][T18768] RAX: 0000000000000000 RBX: 0000000000254b57 RCX: 0000000000413660 [ 2444.634663][T18768] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2444.642677][T18768] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001716940 [ 2444.650700][T18768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2444.659313][T18768] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2444.671296][T18768] memory: usage 5360kB, limit 0kB, failcnt 3435 [ 2444.677686][T18768] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2444.684697][T18768] Memory cgroup stats for /syz5: [ 2444.685022][T18768] anon 98304 [ 2444.685022][T18768] file 3174400 [ 2444.685022][T18768] kernel_stack 0 [ 2444.685022][T18768] slab 1986560 [ 2444.685022][T18768] sock 0 [ 2444.685022][T18768] shmem 3174400 [ 2444.685022][T18768] file_mapped 0 [ 2444.685022][T18768] file_dirty 0 [ 2444.685022][T18768] file_writeback 0 [ 2444.685022][T18768] anon_thp 0 [ 2444.685022][T18768] inactive_anon 3108864 [ 2444.685022][T18768] active_anon 98304 [ 2444.685022][T18768] inactive_file 0 [ 2444.685022][T18768] active_file 0 [ 2444.685022][T18768] unevictable 0 [ 2444.685022][T18768] slab_reclaimable 413696 [ 2444.685022][T18768] slab_unreclaimable 1572864 [ 2444.685022][T18768] pgfault 139656 [ 2444.685022][T18768] pgmajfault 0 [ 2444.685022][T18768] workingset_refault 0 [ 2444.685022][T18768] workingset_activate 0 [ 2444.685022][T18768] workingset_nodereclaim 0 [ 2444.685022][T18768] pgrefill 0 [ 2444.685022][T18768] pgscan 0 [ 2444.685022][T18768] pgsteal 0 [ 2444.685022][T18768] pgactivate 0 [ 2444.779901][T18768] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18768,uid=0 [ 2444.795507][T18768] Memory cgroup out of memory: Killed process 18768 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2445.794698][ T9367] device bridge_slave_1 left promiscuous mode [ 2445.801262][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 2445.864421][ T9367] device bridge_slave_0 left promiscuous mode [ 2445.870910][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 2446.653566][ T9367] device hsr_slave_0 left promiscuous mode [ 2446.702910][ T9367] device hsr_slave_1 left promiscuous mode [ 2446.755040][ T9367] team0 (unregistering): Port device team_slave_1 removed [ 2446.768618][ T9367] team0 (unregistering): Port device team_slave_0 removed [ 2446.781919][ T9367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2446.818950][ T9367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2446.897333][ T9367] bond0 (unregistering): Released all slaves 21:02:35 executing program 2: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) clock_gettime(0x0, &(0x7f0000000100)={0x0}) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={r2}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0x7ffffffffffff010}, {0x6}]}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r3, 0x0, 0x10001, 0x0) 21:02:35 executing program 3: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000001400)='*', 0x1}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x0, 0x4}, 0xc) 21:02:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x7fb, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 21:02:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:02:35 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000500)) 21:02:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") socketpair(0x1d, 0x3, 0x1, &(0x7f0000000140)) 21:02:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mknod$loop(0x0, 0x2000, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0xa}, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4, 0x0, 0x0, 0x10000000002) 21:02:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000000)) 21:02:36 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x4, 0x0, &(0x7f0000000000)=0x10) 21:02:36 executing program 3: 21:02:36 executing program 1: 21:02:36 executing program 3: [ 2451.515297][T19006] IPVS: ftp: loaded support on port[0] = 21 [ 2451.600748][T19006] chnl_net:caif_netlink_parms(): no params data found [ 2451.639026][T19006] bridge0: port 1(bridge_slave_0) entered blocking state [ 2451.646208][T19006] bridge0: port 1(bridge_slave_0) entered disabled state [ 2451.655336][T19006] device bridge_slave_0 entered promiscuous mode [ 2451.665096][T19006] bridge0: port 2(bridge_slave_1) entered blocking state [ 2451.672187][T19006] bridge0: port 2(bridge_slave_1) entered disabled state [ 2451.681179][T19006] device bridge_slave_1 entered promiscuous mode [ 2451.707198][T19006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2451.720161][T19006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2451.745818][T19006] team0: Port device team_slave_0 added [ 2451.755911][T19006] team0: Port device team_slave_1 added [ 2451.816499][T19006] device hsr_slave_0 entered promiscuous mode [ 2451.883433][T19006] device hsr_slave_1 entered promiscuous mode [ 2451.922505][T19006] debugfs: Directory 'hsr0' with parent '/' already present! [ 2451.946246][T19006] bridge0: port 2(bridge_slave_1) entered blocking state [ 2451.953688][T19006] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2451.963686][T19006] bridge0: port 1(bridge_slave_0) entered blocking state [ 2451.970952][T19006] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2452.026888][T19006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2452.044238][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2452.055540][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2452.064117][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2452.075370][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2452.091312][T19006] 8021q: adding VLAN 0 to HW filter on device team0 [ 2452.106142][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2452.115097][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2452.122376][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2452.145247][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2452.155016][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2452.162187][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2452.185217][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2452.195613][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2452.208439][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2452.223234][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2452.238685][T19006] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2452.252800][T19006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2452.262041][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2452.295544][T19006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2452.435815][T19013] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2452.446248][T19013] CPU: 1 PID: 19013 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2452.454186][T19013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2452.464526][T19013] Call Trace: [ 2452.467901][T19013] dump_stack+0x191/0x1f0 [ 2452.472290][T19013] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2452.481869][T19013] dump_header+0x1e7/0xd00 [ 2452.486325][T19013] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2452.492796][T19013] ? ___ratelimit+0x542/0x720 [ 2452.497498][T19013] ? task_will_free_mem+0x14c/0x810 [ 2452.502887][T19013] oom_kill_process+0x210/0x560 [ 2452.507790][T19013] out_of_memory+0x1796/0x1c70 [ 2452.512604][T19013] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2452.518303][T19013] memory_max_write+0x90b/0xb60 [ 2452.523305][T19013] ? memory_max_show+0x1b0/0x1b0 [ 2452.528279][T19013] cgroup_file_write+0x41a/0x8e0 [ 2452.533264][T19013] ? cgroup_seqfile_stop+0x150/0x150 [ 2452.538569][T19013] kernfs_fop_write+0x55f/0x840 [ 2452.543481][T19013] ? kernfs_fop_read+0x9a0/0x9a0 [ 2452.548455][T19013] __vfs_write+0x1a9/0xcb0 [ 2452.552910][T19013] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2452.559015][T19013] ? __sb_start_write+0x10b/0x230 [ 2452.564069][T19013] vfs_write+0x481/0x920 [ 2452.568400][T19013] ksys_write+0x265/0x430 [ 2452.572783][T19013] __se_sys_write+0x92/0xb0 [ 2452.577399][T19013] __x64_sys_write+0x4a/0x70 [ 2452.582031][T19013] do_syscall_64+0xb6/0x160 [ 2452.586599][T19013] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2452.592532][T19013] RIP: 0033:0x459a59 [ 2452.596445][T19013] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2452.621122][T19013] RSP: 002b:00007f338604ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2452.629581][T19013] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2452.637605][T19013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2452.645706][T19013] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2452.653714][T19013] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f338604f6d4 [ 2452.661736][T19013] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2452.671174][T19013] memory: usage 5680kB, limit 0kB, failcnt 3444 [ 2452.678259][T19013] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2452.685331][T19013] Memory cgroup stats for /syz5: [ 2452.685748][T19013] anon 98304 [ 2452.685748][T19013] file 3162112 [ 2452.685748][T19013] kernel_stack 196608 [ 2452.685748][T19013] slab 1986560 [ 2452.685748][T19013] sock 0 [ 2452.685748][T19013] shmem 3162112 [ 2452.685748][T19013] file_mapped 0 [ 2452.685748][T19013] file_dirty 0 [ 2452.685748][T19013] file_writeback 0 [ 2452.685748][T19013] anon_thp 0 [ 2452.685748][T19013] inactive_anon 3108864 [ 2452.685748][T19013] active_anon 98304 [ 2452.685748][T19013] inactive_file 0 [ 2452.685748][T19013] active_file 0 [ 2452.685748][T19013] unevictable 0 [ 2452.685748][T19013] slab_reclaimable 413696 [ 2452.685748][T19013] slab_unreclaimable 1572864 [ 2452.685748][T19013] pgfault 140217 [ 2452.685748][T19013] pgmajfault 0 [ 2452.685748][T19013] workingset_refault 0 [ 2452.685748][T19013] workingset_activate 0 [ 2452.685748][T19013] workingset_nodereclaim 0 [ 2452.685748][T19013] pgrefill 0 [ 2452.685748][T19013] pgscan 0 [ 2452.685748][T19013] pgsteal 0 [ 2452.685748][T19013] pgactivate 0 [ 2452.784099][T19013] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19011,uid=0 [ 2452.799843][T19013] Memory cgroup out of memory: Killed process 19011 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2452.851689][T19006] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2452.863164][T19006] CPU: 1 PID: 19006 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2452.871120][T19006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2452.881184][T19006] Call Trace: [ 2452.884506][T19006] dump_stack+0x191/0x1f0 [ 2452.888856][T19006] dump_header+0x1e7/0xd00 [ 2452.893390][T19006] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2452.899738][T19006] ? ___ratelimit+0x542/0x720 [ 2452.904420][T19006] ? task_will_free_mem+0x2c9/0x810 [ 2452.909639][T19006] oom_kill_process+0x210/0x560 [ 2452.914524][T19006] out_of_memory+0x1796/0x1c70 [ 2452.919302][T19006] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2452.924962][T19006] try_charge+0x2889/0x3d70 [ 2452.929482][T19006] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2452.935863][T19006] mem_cgroup_try_charge+0xa29/0xe40 [ 2452.941163][T19006] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2452.946891][T19006] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2452.952879][T19006] handle_mm_fault+0x522b/0x9f70 [ 2452.957846][T19006] do_user_addr_fault+0x905/0x1510 [ 2452.962981][T19006] __do_page_fault+0x1a2/0x410 [ 2452.967750][T19006] do_page_fault+0xbb/0x500 [ 2452.972295][T19006] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2452.977680][T19006] page_fault+0x4e/0x60 [ 2452.982021][T19006] RIP: 0033:0x403522 [ 2452.986626][T19006] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2453.006254][T19006] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2453.012339][T19006] RAX: 0000000000000000 RBX: 0000000000256c11 RCX: 0000000000413660 [ 2453.020313][T19006] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2453.028315][T19006] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000244e940 [ 2453.036296][T19006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2453.044269][T19006] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2453.052454][T19006] memory: usage 5272kB, limit 0kB, failcnt 3453 [ 2453.058935][T19006] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2453.065941][T19006] Memory cgroup stats for /syz5: [ 2453.066267][T19006] anon 0 [ 2453.066267][T19006] file 3162112 [ 2453.066267][T19006] kernel_stack 0 [ 2453.066267][T19006] slab 1986560 [ 2453.066267][T19006] sock 0 [ 2453.066267][T19006] shmem 3162112 [ 2453.066267][T19006] file_mapped 0 [ 2453.066267][T19006] file_dirty 0 [ 2453.066267][T19006] file_writeback 0 [ 2453.066267][T19006] anon_thp 0 [ 2453.066267][T19006] inactive_anon 3108864 [ 2453.066267][T19006] active_anon 98304 [ 2453.066267][T19006] inactive_file 0 [ 2453.066267][T19006] active_file 0 [ 2453.066267][T19006] unevictable 0 [ 2453.066267][T19006] slab_reclaimable 413696 [ 2453.066267][T19006] slab_unreclaimable 1572864 [ 2453.066267][T19006] pgfault 140217 [ 2453.066267][T19006] pgmajfault 0 [ 2453.066267][T19006] workingset_refault 0 [ 2453.066267][T19006] workingset_activate 0 [ 2453.066267][T19006] workingset_nodereclaim 0 [ 2453.066267][T19006] pgrefill 0 [ 2453.066267][T19006] pgscan 0 [ 2453.066267][T19006] pgsteal 0 [ 2453.066267][T19006] pgactivate 0 [ 2453.160445][T19006] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19006,uid=0 [ 2453.176107][T19006] Memory cgroup out of memory: Killed process 19006 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2453.195229][ T1833] oom_reaper: reaped process 19006 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2454.203733][T12780] device bridge_slave_1 left promiscuous mode [ 2454.210383][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2454.255150][T12780] device bridge_slave_0 left promiscuous mode [ 2454.261855][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2455.093676][T12780] device hsr_slave_0 left promiscuous mode [ 2455.142660][T12780] device hsr_slave_1 left promiscuous mode [ 2455.196215][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2455.210537][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2455.226464][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2455.280069][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2455.350955][T12780] bond0 (unregistering): Released all slaves 21:02:42 executing program 2: 21:02:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r3, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:02:42 executing program 3: 21:02:42 executing program 1: [ 2458.671443][T19024] IPVS: ftp: loaded support on port[0] = 21 [ 2458.766440][T19024] chnl_net:caif_netlink_parms(): no params data found [ 2458.807220][T19024] bridge0: port 1(bridge_slave_0) entered blocking state [ 2458.814444][T19024] bridge0: port 1(bridge_slave_0) entered disabled state [ 2458.823786][T19024] device bridge_slave_0 entered promiscuous mode [ 2458.833542][T19024] bridge0: port 2(bridge_slave_1) entered blocking state [ 2458.840705][T19024] bridge0: port 2(bridge_slave_1) entered disabled state [ 2458.850070][T19024] device bridge_slave_1 entered promiscuous mode [ 2458.877254][T19024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2458.890645][T19024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:02:45 executing program 4: 21:02:45 executing program 3: 21:02:45 executing program 1: 21:02:45 executing program 0: [ 2458.918568][T19024] team0: Port device team_slave_0 added [ 2458.927634][T19024] team0: Port device team_slave_1 added [ 2459.018176][T19024] device hsr_slave_0 entered promiscuous mode 21:02:45 executing program 3: 21:02:45 executing program 1: [ 2459.064780][T19024] device hsr_slave_1 entered promiscuous mode [ 2459.102501][T19024] debugfs: Directory 'hsr0' with parent '/' already present! 21:02:45 executing program 1: 21:02:45 executing program 3: [ 2459.191707][T19024] bridge0: port 2(bridge_slave_1) entered blocking state [ 2459.199117][T19024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2459.207099][T19024] bridge0: port 1(bridge_slave_0) entered blocking state [ 2459.214448][T19024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2459.354346][T19024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2459.383457][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2459.396153][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2459.405144][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2459.415906][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2459.434467][T19024] 8021q: adding VLAN 0 to HW filter on device team0 [ 2459.456122][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2459.465505][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2459.472842][ T5226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2459.482455][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2459.491258][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 2459.498486][ T5226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2459.528065][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2459.543103][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2459.564524][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2459.575570][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2459.593706][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2459.611861][T19024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2459.644011][T19024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2459.778126][T19043] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2459.790138][T19043] CPU: 1 PID: 19043 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2459.798108][T19043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2459.808275][T19043] Call Trace: [ 2459.811711][T19043] dump_stack+0x191/0x1f0 [ 2459.816156][T19043] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2459.822069][T19043] dump_header+0x1e7/0xd00 [ 2459.826529][T19043] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2459.832754][T19043] ? ___ratelimit+0x542/0x720 [ 2459.837476][T19043] ? task_will_free_mem+0x14c/0x810 [ 2459.842841][T19043] oom_kill_process+0x210/0x560 [ 2459.847860][T19043] out_of_memory+0x1796/0x1c70 [ 2459.852673][T19043] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2459.858369][T19043] memory_max_write+0x90b/0xb60 [ 2459.863257][T19043] ? memory_max_show+0x1b0/0x1b0 [ 2459.868239][T19043] cgroup_file_write+0x41a/0x8e0 [ 2459.873213][T19043] ? cgroup_seqfile_stop+0x150/0x150 [ 2459.879128][T19043] kernfs_fop_write+0x55f/0x840 [ 2459.884042][T19043] ? kernfs_fop_read+0x9a0/0x9a0 [ 2459.889017][T19043] __vfs_write+0x1a9/0xcb0 [ 2459.893467][T19043] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2459.899550][T19043] ? __sb_start_write+0x10b/0x230 [ 2459.904617][T19043] vfs_write+0x481/0x920 [ 2459.908884][T19043] ksys_write+0x265/0x430 [ 2459.913234][T19043] __se_sys_write+0x92/0xb0 [ 2459.917755][T19043] __x64_sys_write+0x4a/0x70 [ 2459.922368][T19043] do_syscall_64+0xb6/0x160 [ 2459.926897][T19043] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2459.932809][T19043] RIP: 0033:0x459a59 [ 2459.936743][T19043] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2459.956455][T19043] RSP: 002b:00007f7604b93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2459.964929][T19043] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2459.972929][T19043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2459.980917][T19043] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2459.988912][T19043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7604b946d4 [ 2459.996901][T19043] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2460.005120][T19043] memory: usage 4968kB, limit 0kB, failcnt 3462 [ 2460.011523][T19043] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2460.018580][T19043] Memory cgroup stats for /syz5: [ 2460.018934][T19043] anon 98304 [ 2460.018934][T19043] file 2355200 [ 2460.018934][T19043] kernel_stack 196608 [ 2460.018934][T19043] slab 1986560 [ 2460.018934][T19043] sock 0 [ 2460.018934][T19043] shmem 2355200 [ 2460.018934][T19043] file_mapped 0 [ 2460.018934][T19043] file_dirty 0 [ 2460.018934][T19043] file_writeback 0 [ 2460.018934][T19043] anon_thp 0 [ 2460.018934][T19043] inactive_anon 2433024 [ 2460.018934][T19043] active_anon 233472 [ 2460.018934][T19043] inactive_file 0 [ 2460.018934][T19043] active_file 0 [ 2460.018934][T19043] unevictable 0 [ 2460.018934][T19043] slab_reclaimable 413696 [ 2460.018934][T19043] slab_unreclaimable 1572864 [ 2460.018934][T19043] pgfault 140811 [ 2460.018934][T19043] pgmajfault 0 [ 2460.018934][T19043] workingset_refault 0 [ 2460.018934][T19043] workingset_activate 0 [ 2460.018934][T19043] workingset_nodereclaim 0 [ 2460.018934][T19043] pgrefill 0 [ 2460.018934][T19043] pgscan 0 [ 2460.018934][T19043] pgsteal 0 [ 2460.018934][T19043] pgactivate 0 [ 2460.115364][T19043] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19041,uid=0 [ 2460.131118][T19043] Memory cgroup out of memory: Killed process 19041 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2460.151340][ T1833] oom_reaper: reaped process 19041 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2460.187782][T19024] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2460.198379][T19024] CPU: 0 PID: 19024 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2460.206400][T19024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2460.216467][T19024] Call Trace: [ 2460.219781][T19024] dump_stack+0x191/0x1f0 [ 2460.224171][T19024] dump_header+0x1e7/0xd00 [ 2460.228632][T19024] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2460.234807][T19024] ? ___ratelimit+0x542/0x720 [ 2460.239514][T19024] ? task_will_free_mem+0x2c9/0x810 [ 2460.244752][T19024] oom_kill_process+0x210/0x560 [ 2460.249616][T19024] out_of_memory+0x1796/0x1c70 [ 2460.254408][T19024] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2460.260073][T19024] try_charge+0x2889/0x3d70 [ 2460.264624][T19024] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2460.270815][T19024] mem_cgroup_try_charge+0xa29/0xe40 [ 2460.276137][T19024] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2460.281954][T19024] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2460.287864][T19024] handle_mm_fault+0x522b/0x9f70 [ 2460.292841][T19024] do_user_addr_fault+0x905/0x1510 [ 2460.297974][T19024] __do_page_fault+0x1a2/0x410 [ 2460.302780][T19024] do_page_fault+0xbb/0x500 [ 2460.307320][T19024] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2460.312711][T19024] page_fault+0x4e/0x60 [ 2460.316869][T19024] RIP: 0033:0x403522 [ 2460.320773][T19024] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2460.340665][T19024] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2460.349910][T19024] RAX: 0000000000000000 RBX: 00000000002588c0 RCX: 0000000000413660 [ 2460.357906][T19024] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2460.366410][T19024] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000013ce940 [ 2460.374388][T19024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2460.382395][T19024] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2460.390558][T19024] memory: usage 4548kB, limit 0kB, failcnt 3477 [ 2460.396931][T19024] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2460.403913][T19024] Memory cgroup stats for /syz5: [ 2460.404237][T19024] anon 0 [ 2460.404237][T19024] file 2355200 [ 2460.404237][T19024] kernel_stack 0 [ 2460.404237][T19024] slab 1986560 [ 2460.404237][T19024] sock 0 [ 2460.404237][T19024] shmem 2355200 [ 2460.404237][T19024] file_mapped 0 [ 2460.404237][T19024] file_dirty 0 [ 2460.404237][T19024] file_writeback 0 [ 2460.404237][T19024] anon_thp 0 [ 2460.404237][T19024] inactive_anon 2433024 [ 2460.404237][T19024] active_anon 98304 [ 2460.404237][T19024] inactive_file 0 [ 2460.404237][T19024] active_file 0 [ 2460.404237][T19024] unevictable 0 [ 2460.404237][T19024] slab_reclaimable 413696 [ 2460.404237][T19024] slab_unreclaimable 1572864 [ 2460.404237][T19024] pgfault 140811 [ 2460.404237][T19024] pgmajfault 0 [ 2460.404237][T19024] workingset_refault 0 [ 2460.404237][T19024] workingset_activate 0 [ 2460.404237][T19024] workingset_nodereclaim 0 [ 2460.404237][T19024] pgrefill 0 [ 2460.404237][T19024] pgscan 0 [ 2460.404237][T19024] pgsteal 0 [ 2460.404237][T19024] pgactivate 0 [ 2460.498693][T19024] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19024,uid=0 [ 2460.515746][T19024] Memory cgroup out of memory: Killed process 19024 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2460.535064][ T1833] oom_reaper: reaped process 19024 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 21:02:47 executing program 2: 21:02:47 executing program 1: 21:02:47 executing program 3: 21:02:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2461.803782][ T9353] device bridge_slave_1 left promiscuous mode [ 2461.810536][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2461.864329][ T9353] device bridge_slave_0 left promiscuous mode [ 2461.870786][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2462.573479][ T9353] device hsr_slave_0 left promiscuous mode [ 2462.612887][ T9353] device hsr_slave_1 left promiscuous mode [ 2462.673945][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2462.688176][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2462.700410][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2462.729335][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2462.838293][ T9353] bond0 (unregistering): Released all slaves [ 2463.018108][T19051] IPVS: ftp: loaded support on port[0] = 21 21:02:49 executing program 4: 21:02:49 executing program 1: 21:02:49 executing program 3: [ 2463.146218][T19051] chnl_net:caif_netlink_parms(): no params data found [ 2463.308638][T19051] bridge0: port 1(bridge_slave_0) entered blocking state [ 2463.316241][T19051] bridge0: port 1(bridge_slave_0) entered disabled state [ 2463.326318][T19051] device bridge_slave_0 entered promiscuous mode [ 2463.363748][T19051] bridge0: port 2(bridge_slave_1) entered blocking state [ 2463.371001][T19051] bridge0: port 2(bridge_slave_1) entered disabled state [ 2463.381546][T19051] device bridge_slave_1 entered promiscuous mode [ 2463.427419][T19051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2463.443744][T19051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2463.486386][T19051] team0: Port device team_slave_0 added [ 2463.498231][T19051] team0: Port device team_slave_1 added [ 2463.568878][T19051] device hsr_slave_0 entered promiscuous mode [ 2463.613539][T19051] device hsr_slave_1 entered promiscuous mode [ 2463.672622][T19051] debugfs: Directory 'hsr0' with parent '/' already present! [ 2463.698686][T19051] bridge0: port 2(bridge_slave_1) entered blocking state [ 2463.705908][T19051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2463.713937][T19051] bridge0: port 1(bridge_slave_0) entered blocking state [ 2463.721257][T19051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2463.791256][T19051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2463.811476][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2463.822398][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 2463.831782][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 2463.851106][T19051] 8021q: adding VLAN 0 to HW filter on device team0 [ 2463.866128][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2463.875497][T10886] bridge0: port 1(bridge_slave_0) entered blocking state [ 2463.882751][T10886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2463.904147][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2463.914298][T10886] bridge0: port 2(bridge_slave_1) entered blocking state [ 2463.921452][T10886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2463.945387][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2463.956674][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2463.972018][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2463.996831][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2464.006477][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2464.020675][T19051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2464.051242][T19051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2464.199513][T19062] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2464.211158][T19062] CPU: 1 PID: 19062 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2464.219108][T19062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2464.229196][T19062] Call Trace: [ 2464.232551][T19062] dump_stack+0x191/0x1f0 [ 2464.236940][T19062] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2464.242907][T19062] dump_header+0x1e7/0xd00 [ 2464.247417][T19062] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2464.253655][T19062] ? ___ratelimit+0x542/0x720 [ 2464.258361][T19062] ? task_will_free_mem+0x14c/0x810 [ 2464.263632][T19062] oom_kill_process+0x210/0x560 [ 2464.268708][T19062] out_of_memory+0x1796/0x1c70 [ 2464.273738][T19062] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2464.279454][T19062] memory_max_write+0x90b/0xb60 [ 2464.284368][T19062] ? memory_max_show+0x1b0/0x1b0 [ 2464.289340][T19062] cgroup_file_write+0x41a/0x8e0 [ 2464.294350][T19062] ? cgroup_seqfile_stop+0x150/0x150 [ 2464.299661][T19062] kernfs_fop_write+0x55f/0x840 [ 2464.304550][T19062] ? kernfs_fop_read+0x9a0/0x9a0 [ 2464.309498][T19062] __vfs_write+0x1a9/0xcb0 [ 2464.313957][T19062] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2464.320042][T19062] ? __sb_start_write+0x10b/0x230 [ 2464.325083][T19062] vfs_write+0x481/0x920 [ 2464.329349][T19062] ksys_write+0x265/0x430 [ 2464.333721][T19062] __se_sys_write+0x92/0xb0 [ 2464.338241][T19062] __x64_sys_write+0x4a/0x70 [ 2464.343923][T19062] do_syscall_64+0xb6/0x160 [ 2464.348498][T19062] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2464.358412][T19062] RIP: 0033:0x459a59 [ 2464.362963][T19062] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2464.383338][T19062] RSP: 002b:00007f09bb02fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2464.393135][T19062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2464.401129][T19062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2464.409121][T19062] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2464.417120][T19062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09bb0306d4 [ 2464.425118][T19062] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2464.433518][T19062] memory: usage 5952kB, limit 0kB, failcnt 3486 [ 2464.439836][T19062] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.446978][T19062] Memory cgroup stats for /syz5: [ 2464.447296][T19062] anon 0 [ 2464.447296][T19062] file 3481600 [ 2464.447296][T19062] kernel_stack 196608 [ 2464.447296][T19062] slab 1986560 [ 2464.447296][T19062] sock 0 [ 2464.447296][T19062] shmem 3481600 [ 2464.447296][T19062] file_mapped 0 [ 2464.447296][T19062] file_dirty 0 [ 2464.447296][T19062] file_writeback 0 [ 2464.447296][T19062] anon_thp 0 [ 2464.447296][T19062] inactive_anon 3379200 [ 2464.447296][T19062] active_anon 98304 [ 2464.447296][T19062] inactive_file 0 [ 2464.447296][T19062] active_file 0 [ 2464.447296][T19062] unevictable 0 [ 2464.447296][T19062] slab_reclaimable 413696 [ 2464.447296][T19062] slab_unreclaimable 1572864 [ 2464.447296][T19062] pgfault 141372 [ 2464.447296][T19062] pgmajfault 0 [ 2464.447296][T19062] workingset_refault 0 [ 2464.447296][T19062] workingset_activate 0 [ 2464.447296][T19062] workingset_nodereclaim 0 [ 2464.447296][T19062] pgrefill 0 [ 2464.447296][T19062] pgscan 0 [ 2464.447296][T19062] pgsteal 0 [ 2464.447296][T19062] pgactivate 0 [ 2464.542475][T19062] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19060,uid=0 [ 2464.558257][T19062] Memory cgroup out of memory: Killed process 19060 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2464.583186][ T1833] oom_reaper: reaped process 19060 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2464.619301][T19051] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2464.629585][T19051] CPU: 0 PID: 19051 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2464.637495][T19051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2464.647687][T19051] Call Trace: [ 2464.651012][T19051] dump_stack+0x191/0x1f0 [ 2464.655466][T19051] dump_header+0x1e7/0xd00 [ 2464.659984][T19051] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2464.666208][T19051] ? ___ratelimit+0x542/0x720 [ 2464.671007][T19051] ? task_will_free_mem+0x2c9/0x810 [ 2464.676235][T19051] oom_kill_process+0x210/0x560 [ 2464.681121][T19051] out_of_memory+0x1796/0x1c70 [ 2464.685899][T19051] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2464.691549][T19051] try_charge+0x2889/0x3d70 [ 2464.696066][T19051] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2464.702697][T19051] mem_cgroup_try_charge+0xa29/0xe40 [ 2464.708001][T19051] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2464.713759][T19051] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2464.719693][T19051] handle_mm_fault+0x522b/0x9f70 [ 2464.724689][T19051] do_user_addr_fault+0x905/0x1510 [ 2464.729921][T19051] __do_page_fault+0x1a2/0x410 [ 2464.734805][T19051] do_page_fault+0xbb/0x500 [ 2464.739345][T19051] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2464.744727][T19051] page_fault+0x4e/0x60 [ 2464.748884][T19051] RIP: 0033:0x403522 [ 2464.752789][T19051] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2464.772420][T19051] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2464.778502][T19051] RAX: 0000000000000000 RBX: 0000000000259a01 RCX: 0000000000413660 [ 2464.786599][T19051] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2464.794620][T19051] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000201d940 [ 2464.802957][T19051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2464.810977][T19051] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2464.820955][T19051] memory: usage 5532kB, limit 0kB, failcnt 3495 [ 2464.827349][T19051] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.834704][T19051] Memory cgroup stats for /syz5: [ 2464.835026][T19051] anon 0 [ 2464.835026][T19051] file 3481600 [ 2464.835026][T19051] kernel_stack 0 [ 2464.835026][T19051] slab 1986560 [ 2464.835026][T19051] sock 0 [ 2464.835026][T19051] shmem 3481600 [ 2464.835026][T19051] file_mapped 0 [ 2464.835026][T19051] file_dirty 0 [ 2464.835026][T19051] file_writeback 0 [ 2464.835026][T19051] anon_thp 0 [ 2464.835026][T19051] inactive_anon 3379200 [ 2464.835026][T19051] active_anon 98304 [ 2464.835026][T19051] inactive_file 0 [ 2464.835026][T19051] active_file 0 [ 2464.835026][T19051] unevictable 0 [ 2464.835026][T19051] slab_reclaimable 413696 [ 2464.835026][T19051] slab_unreclaimable 1572864 [ 2464.835026][T19051] pgfault 141372 [ 2464.835026][T19051] pgmajfault 0 [ 2464.835026][T19051] workingset_refault 0 [ 2464.835026][T19051] workingset_activate 0 [ 2464.835026][T19051] workingset_nodereclaim 0 [ 2464.835026][T19051] pgrefill 0 [ 2464.835026][T19051] pgscan 0 [ 2464.835026][T19051] pgsteal 0 [ 2464.835026][T19051] pgactivate 0 [ 2464.929779][T19051] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19051,uid=0 [ 2464.946232][T19051] Memory cgroup out of memory: Killed process 19051 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2464.965093][ T1833] oom_reaper: reaped process 19051 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2465.994202][ T9353] device bridge_slave_1 left promiscuous mode [ 2466.001264][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 2466.034727][ T9353] device bridge_slave_0 left promiscuous mode [ 2466.041440][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 2466.795352][ T9353] device hsr_slave_0 left promiscuous mode [ 2466.862627][ T9353] device hsr_slave_1 left promiscuous mode [ 2466.915344][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 2466.929538][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 2466.944570][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2466.990363][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2467.079678][ T9353] bond0 (unregistering): Released all slaves 21:02:54 executing program 0: 21:02:54 executing program 3: 21:02:54 executing program 1: 21:02:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) 21:02:54 executing program 2: 21:02:54 executing program 1: 21:02:54 executing program 3: 21:02:54 executing program 1: 21:02:54 executing program 3: 21:02:55 executing program 4: 21:02:55 executing program 1: 21:02:55 executing program 3: [ 2470.141854][T19086] IPVS: ftp: loaded support on port[0] = 21 [ 2470.234118][T19086] chnl_net:caif_netlink_parms(): no params data found [ 2470.275786][T19086] bridge0: port 1(bridge_slave_0) entered blocking state [ 2470.283070][T19086] bridge0: port 1(bridge_slave_0) entered disabled state [ 2470.291916][T19086] device bridge_slave_0 entered promiscuous mode [ 2470.301195][T19086] bridge0: port 2(bridge_slave_1) entered blocking state [ 2470.308493][T19086] bridge0: port 2(bridge_slave_1) entered disabled state [ 2470.317825][T19086] device bridge_slave_1 entered promiscuous mode [ 2470.351293][T19086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2470.366011][T19086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2470.392518][T19086] team0: Port device team_slave_0 added [ 2470.401320][T19086] team0: Port device team_slave_1 added [ 2470.466887][T19086] device hsr_slave_0 entered promiscuous mode [ 2470.513537][T19086] device hsr_slave_1 entered promiscuous mode [ 2470.572509][T19086] debugfs: Directory 'hsr0' with parent '/' already present! [ 2470.595803][T19086] bridge0: port 2(bridge_slave_1) entered blocking state [ 2470.603114][T19086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2470.610814][T19086] bridge0: port 1(bridge_slave_0) entered blocking state [ 2470.618144][T19086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2470.678678][T19086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2470.698317][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2470.709105][T10886] bridge0: port 1(bridge_slave_0) entered disabled state [ 2470.718828][T10886] bridge0: port 2(bridge_slave_1) entered disabled state [ 2470.729024][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2470.748664][T19086] 8021q: adding VLAN 0 to HW filter on device team0 [ 2470.764012][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2470.773361][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2470.780542][ T5226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2470.806196][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2470.823261][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 2470.830772][ T5226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2470.851520][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2470.864152][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2470.881767][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2470.904879][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2470.914499][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2470.929233][T19086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2470.959548][T19086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2471.108070][T19091] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2471.118499][T19091] CPU: 0 PID: 19091 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2471.127657][T19091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2471.137754][T19091] Call Trace: [ 2471.141611][T19091] dump_stack+0x191/0x1f0 [ 2471.146063][T19091] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2471.151992][T19091] dump_header+0x1e7/0xd00 [ 2471.156475][T19091] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2471.162721][T19091] ? ___ratelimit+0x542/0x720 [ 2471.167457][T19091] ? task_will_free_mem+0x14c/0x810 [ 2471.173086][T19091] oom_kill_process+0x210/0x560 [ 2471.177987][T19091] out_of_memory+0x1796/0x1c70 [ 2471.182777][T19091] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2471.188457][T19091] memory_max_write+0x90b/0xb60 [ 2471.193885][T19091] ? memory_max_show+0x1b0/0x1b0 [ 2471.198868][T19091] cgroup_file_write+0x41a/0x8e0 [ 2471.203919][T19091] ? cgroup_seqfile_stop+0x150/0x150 [ 2471.209470][T19091] kernfs_fop_write+0x55f/0x840 [ 2471.217846][T19091] ? kernfs_fop_read+0x9a0/0x9a0 [ 2471.222913][T19091] __vfs_write+0x1a9/0xcb0 [ 2471.227586][T19091] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2471.233705][T19091] ? __sb_start_write+0x10b/0x230 [ 2471.238781][T19091] vfs_write+0x481/0x920 [ 2471.243072][T19091] ksys_write+0x265/0x430 [ 2471.247484][T19091] __se_sys_write+0x92/0xb0 [ 2471.252016][T19091] __x64_sys_write+0x4a/0x70 [ 2471.256686][T19091] do_syscall_64+0xb6/0x160 [ 2471.261237][T19091] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2471.267157][T19091] RIP: 0033:0x459a59 [ 2471.271187][T19091] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2471.291023][T19091] RSP: 002b:00007f049c231c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2471.299493][T19091] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2471.307551][T19091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2471.316073][T19091] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2471.324077][T19091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f049c2326d4 [ 2471.332063][T19091] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2471.340281][T19091] memory: usage 5060kB, limit 0kB, failcnt 3504 [ 2471.346675][T19091] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2471.353652][T19091] Memory cgroup stats for /syz5: [ 2471.353965][T19091] anon 0 [ 2471.353965][T19091] file 2560000 [ 2471.353965][T19091] kernel_stack 196608 [ 2471.353965][T19091] slab 1986560 [ 2471.353965][T19091] sock 0 [ 2471.353965][T19091] shmem 2560000 [ 2471.353965][T19091] file_mapped 0 [ 2471.353965][T19091] file_dirty 0 [ 2471.353965][T19091] file_writeback 0 [ 2471.353965][T19091] anon_thp 0 [ 2471.353965][T19091] inactive_anon 2568192 [ 2471.353965][T19091] active_anon 98304 [ 2471.353965][T19091] inactive_file 0 [ 2471.353965][T19091] active_file 0 [ 2471.353965][T19091] unevictable 0 [ 2471.353965][T19091] slab_reclaimable 413696 [ 2471.353965][T19091] slab_unreclaimable 1572864 [ 2471.353965][T19091] pgfault 141966 [ 2471.353965][T19091] pgmajfault 0 [ 2471.353965][T19091] workingset_refault 0 [ 2471.353965][T19091] workingset_activate 0 [ 2471.353965][T19091] workingset_nodereclaim 0 [ 2471.353965][T19091] pgrefill 0 [ 2471.353965][T19091] pgscan 0 [ 2471.353965][T19091] pgsteal 0 [ 2471.353965][T19091] pgactivate 0 [ 2471.449194][T19091] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19089,uid=0 [ 2471.464991][T19091] Memory cgroup out of memory: Killed process 19089 (syz-executor.5) total-vm:72708kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2471.485804][ T1833] oom_reaper: reaped process 19089 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2471.528328][T19086] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2471.539165][T19086] CPU: 0 PID: 19086 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2471.547122][T19086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2471.557199][T19086] Call Trace: [ 2471.560525][T19086] dump_stack+0x191/0x1f0 [ 2471.564897][T19086] dump_header+0x1e7/0xd00 [ 2471.569345][T19086] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2471.575581][T19086] ? ___ratelimit+0x542/0x720 [ 2471.580371][T19086] ? task_will_free_mem+0x2c9/0x810 [ 2471.585605][T19086] oom_kill_process+0x210/0x560 [ 2471.590514][T19086] out_of_memory+0x1796/0x1c70 [ 2471.595320][T19086] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2471.600985][T19086] try_charge+0x2889/0x3d70 [ 2471.605516][T19086] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2471.612206][T19086] mem_cgroup_try_charge+0xa29/0xe40 [ 2471.617594][T19086] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2471.623407][T19086] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2471.629414][T19086] handle_mm_fault+0x522b/0x9f70 [ 2471.634409][T19086] do_user_addr_fault+0x905/0x1510 [ 2471.639569][T19086] __do_page_fault+0x1a2/0x410 [ 2471.644405][T19086] do_page_fault+0xbb/0x500 [ 2471.648955][T19086] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2471.654365][T19086] page_fault+0x4e/0x60 [ 2471.659500][T19086] RIP: 0033:0x403522 [ 2471.663564][T19086] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2471.683454][T19086] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2471.690579][T19086] RAX: 0000000000000000 RBX: 000000000025b504 RCX: 0000000000413660 [ 2471.698625][T19086] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2471.706881][T19086] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000cf6940 [ 2471.714868][T19086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2471.722975][T19086] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2471.732224][T19086] memory: usage 4640kB, limit 0kB, failcnt 3519 [ 2471.738605][T19086] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2471.745659][T19086] Memory cgroup stats for /syz5: [ 2471.745927][T19086] anon 0 [ 2471.745927][T19086] file 2560000 [ 2471.745927][T19086] kernel_stack 0 [ 2471.745927][T19086] slab 1986560 [ 2471.745927][T19086] sock 0 [ 2471.745927][T19086] shmem 2560000 [ 2471.745927][T19086] file_mapped 0 [ 2471.745927][T19086] file_dirty 0 [ 2471.745927][T19086] file_writeback 0 [ 2471.745927][T19086] anon_thp 0 [ 2471.745927][T19086] inactive_anon 2568192 [ 2471.745927][T19086] active_anon 98304 [ 2471.745927][T19086] inactive_file 0 [ 2471.745927][T19086] active_file 0 [ 2471.745927][T19086] unevictable 0 [ 2471.745927][T19086] slab_reclaimable 413696 [ 2471.745927][T19086] slab_unreclaimable 1572864 [ 2471.745927][T19086] pgfault 141999 [ 2471.745927][T19086] pgmajfault 0 [ 2471.745927][T19086] workingset_refault 0 [ 2471.745927][T19086] workingset_activate 0 [ 2471.745927][T19086] workingset_nodereclaim 0 [ 2471.745927][T19086] pgrefill 0 [ 2471.745927][T19086] pgscan 0 [ 2471.745927][T19086] pgsteal 0 [ 2471.745927][T19086] pgactivate 0 [ 2471.842151][T19086] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19086,uid=0 [ 2471.858840][T19086] Memory cgroup out of memory: Killed process 19086 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2471.877833][ T1833] oom_reaper: reaped process 19086 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:02:58 executing program 0: 21:02:58 executing program 3: 21:02:58 executing program 1: 21:02:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$cgroup_int(r2, 0x0, 0x0) [ 2473.304286][T12780] device bridge_slave_1 left promiscuous mode [ 2473.310763][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2473.384361][T12780] device bridge_slave_0 left promiscuous mode [ 2473.390915][T12780] bridge0: port 1(bridge_slave_0) entered disabled state [ 2474.213812][T12780] device hsr_slave_0 left promiscuous mode [ 2474.273152][T12780] device hsr_slave_1 left promiscuous mode [ 2474.349680][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2474.362954][T19099] IPVS: ftp: loaded support on port[0] = 21 [ 2474.374126][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2474.389609][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2474.439384][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2474.545033][T12780] bond0 (unregistering): Released all slaves [ 2474.744570][T19099] chnl_net:caif_netlink_parms(): no params data found [ 2474.788564][T19099] bridge0: port 1(bridge_slave_0) entered blocking state [ 2474.795871][T19099] bridge0: port 1(bridge_slave_0) entered disabled state [ 2474.805387][T19099] device bridge_slave_0 entered promiscuous mode [ 2474.814988][T19099] bridge0: port 2(bridge_slave_1) entered blocking state [ 2474.823196][T19099] bridge0: port 2(bridge_slave_1) entered disabled state [ 2474.832190][T19099] device bridge_slave_1 entered promiscuous mode [ 2474.861837][T19099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2474.876147][T19099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2474.967284][T19099] team0: Port device team_slave_0 added [ 2474.978609][T19099] team0: Port device team_slave_1 added [ 2475.081123][T19099] device hsr_slave_0 entered promiscuous mode [ 2475.134110][T19099] device hsr_slave_1 entered promiscuous mode [ 2475.172570][T19099] debugfs: Directory 'hsr0' with parent '/' already present! [ 2475.204392][T19099] bridge0: port 2(bridge_slave_1) entered blocking state [ 2475.211642][T19099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2475.219526][T19099] bridge0: port 1(bridge_slave_0) entered blocking state [ 2475.226860][T19099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2475.323171][T19099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2475.351169][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2475.361078][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2475.371111][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2475.391331][T19099] 8021q: adding VLAN 0 to HW filter on device team0 [ 2475.407684][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2475.417322][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 2475.424646][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2475.459196][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2475.469438][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 2475.476790][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2475.487312][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2475.498817][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2475.519480][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2475.537570][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2475.553976][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2475.567720][T19099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2475.598948][T19099] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2475.756345][T19106] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2475.766848][T19106] CPU: 1 PID: 19106 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2475.775088][T19106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2475.785381][T19106] Call Trace: [ 2475.788742][T19106] dump_stack+0x191/0x1f0 [ 2475.793149][T19106] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2475.799117][T19106] dump_header+0x1e7/0xd00 [ 2475.804140][T19106] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2475.810362][T19106] ? ___ratelimit+0x542/0x720 [ 2475.815292][T19106] ? task_will_free_mem+0x14c/0x810 [ 2475.820542][T19106] oom_kill_process+0x210/0x560 [ 2475.825446][T19106] out_of_memory+0x1796/0x1c70 [ 2475.830264][T19106] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2475.835965][T19106] memory_max_write+0x90b/0xb60 [ 2475.840963][T19106] ? memory_max_show+0x1b0/0x1b0 [ 2475.845955][T19106] cgroup_file_write+0x41a/0x8e0 [ 2475.850967][T19106] ? cgroup_seqfile_stop+0x150/0x150 [ 2475.856333][T19106] kernfs_fop_write+0x55f/0x840 [ 2475.861283][T19106] ? kernfs_fop_read+0x9a0/0x9a0 [ 2475.866272][T19106] __vfs_write+0x1a9/0xcb0 [ 2475.870755][T19106] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 2475.876863][T19106] ? __sb_start_write+0x10b/0x230 [ 2475.882015][T19106] vfs_write+0x481/0x920 [ 2475.886280][T19106] ksys_write+0x265/0x430 [ 2475.890655][T19106] __se_sys_write+0x92/0xb0 [ 2475.895209][T19106] __x64_sys_write+0x4a/0x70 [ 2475.899847][T19106] do_syscall_64+0xb6/0x160 [ 2475.904411][T19106] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2475.910315][T19106] RIP: 0033:0x459a59 [ 2475.914261][T19106] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2475.934022][T19106] RSP: 002b:00007f1babea4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2475.942513][T19106] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2475.950736][T19106] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 2475.958734][T19106] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2475.966853][T19106] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1babea56d4 [ 2475.974980][T19106] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2475.984413][T19106] memory: usage 4964kB, limit 0kB, failcnt 3528 [ 2475.990732][T19106] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2475.997864][T19106] Memory cgroup stats for /syz5: [ 2475.998201][T19106] anon 0 [ 2475.998201][T19106] file 2306048 [ 2475.998201][T19106] kernel_stack 196608 [ 2475.998201][T19106] slab 1986560 [ 2475.998201][T19106] sock 0 [ 2475.998201][T19106] shmem 2306048 [ 2475.998201][T19106] file_mapped 0 [ 2475.998201][T19106] file_dirty 0 [ 2475.998201][T19106] file_writeback 0 [ 2475.998201][T19106] anon_thp 0 [ 2475.998201][T19106] inactive_anon 2297856 [ 2475.998201][T19106] active_anon 98304 [ 2475.998201][T19106] inactive_file 0 [ 2475.998201][T19106] active_file 0 [ 2475.998201][T19106] unevictable 0 [ 2475.998201][T19106] slab_reclaimable 413696 [ 2475.998201][T19106] slab_unreclaimable 1572864 [ 2475.998201][T19106] pgfault 142527 [ 2475.998201][T19106] pgmajfault 0 [ 2475.998201][T19106] workingset_refault 0 [ 2475.998201][T19106] workingset_activate 0 [ 2475.998201][T19106] workingset_nodereclaim 0 [ 2475.998201][T19106] pgrefill 0 [ 2475.998201][T19106] pgscan 0 [ 2475.998201][T19106] pgsteal 0 [ 2475.998201][T19106] pgactivate 0 [ 2476.093168][T19106] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19104,uid=0 [ 2476.109254][T19106] Memory cgroup out of memory: Killed process 19104 (syz-executor.5) total-vm:72708kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2476.132034][ T1833] oom_reaper: reaped process 19104 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2476.170035][T19099] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2476.180321][T19099] CPU: 1 PID: 19099 Comm: syz-executor.5 Not tainted 5.4.0-rc2+ #0 [ 2476.188245][T19099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2476.198328][T19099] Call Trace: [ 2476.201654][T19099] dump_stack+0x191/0x1f0 [ 2476.206016][T19099] dump_header+0x1e7/0xd00 [ 2476.210471][T19099] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 2476.216845][T19099] ? ___ratelimit+0x542/0x720 [ 2476.221597][T19099] ? task_will_free_mem+0x2c9/0x810 [ 2476.226874][T19099] oom_kill_process+0x210/0x560 [ 2476.231893][T19099] out_of_memory+0x1796/0x1c70 [ 2476.236682][T19099] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2476.242490][T19099] try_charge+0x2889/0x3d70 [ 2476.247148][T19099] ? kmsan_memcpy_memmove_metadata+0x109/0x2e0 [ 2476.253425][T19099] mem_cgroup_try_charge+0xa29/0xe40 [ 2476.259026][T19099] mem_cgroup_try_charge_delay+0x7e/0x140 [ 2476.264809][T19099] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2476.270730][T19099] handle_mm_fault+0x522b/0x9f70 [ 2476.275724][T19099] do_user_addr_fault+0x905/0x1510 [ 2476.280889][T19099] __do_page_fault+0x1a2/0x410 [ 2476.285707][T19099] do_page_fault+0xbb/0x500 [ 2476.290346][T19099] ? kmsan_unpoison_pt_regs+0x28/0x30 [ 2476.295749][T19099] page_fault+0x4e/0x60 [ 2476.299917][T19099] RIP: 0033:0x403522 [ 2476.303856][T19099] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2476.323523][T19099] RSP: 002b:0000000000a6ecc0 EFLAGS: 00010246 [ 2476.329636][T19099] RAX: 0000000000000000 RBX: 000000000025c72c RCX: 0000000000413660 [ 2476.337630][T19099] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000a6fdf0 [ 2476.345616][T19099] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000242f940 [ 2476.353608][T19099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a6fdf0 [ 2476.361599][T19099] R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0 [ 2476.371454][T19099] memory: usage 4544kB, limit 0kB, failcnt 3537 [ 2476.377873][T19099] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2476.384819][T19099] Memory cgroup stats for /syz5: [ 2476.385112][T19099] anon 0 [ 2476.385112][T19099] file 2441216 [ 2476.385112][T19099] kernel_stack 0 [ 2476.385112][T19099] slab 1986560 [ 2476.385112][T19099] sock 0 [ 2476.385112][T19099] shmem 2441216 [ 2476.385112][T19099] file_mapped 0 [ 2476.385112][T19099] file_dirty 0 [ 2476.385112][T19099] file_writeback 0 [ 2476.385112][T19099] anon_thp 0 [ 2476.385112][T19099] inactive_anon 2297856 [ 2476.385112][T19099] active_anon 98304 [ 2476.385112][T19099] inactive_file 0 [ 2476.385112][T19099] active_file 0 [ 2476.385112][T19099] unevictable 0 [ 2476.385112][T19099] slab_reclaimable 413696 [ 2476.385112][T19099] slab_unreclaimable 1572864 [ 2476.385112][T19099] pgfault 142527 [ 2476.385112][T19099] pgmajfault 0 [ 2476.385112][T19099] workingset_refault 0 [ 2476.385112][T19099] workingset_activate 0 [ 2476.385112][T19099] workingset_nodereclaim 0 [ 2476.385112][T19099] pgrefill 0 [ 2476.385112][T19099] pgscan 0 [ 2476.385112][T19099] pgsteal 0 [ 2476.385112][T19099] pgactivate 0 [ 2476.479593][T19099] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19099,uid=0 [ 2476.495377][T19099] Memory cgroup out of memory: Killed process 19099 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2476.514168][ T1833] oom_reaper: reaped process 19099 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 21:03:03 executing program 2: 21:03:03 executing program 1: 21:03:03 executing program 3: 21:03:03 executing program 4: 21:03:03 executing program 0: 21:03:03 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r2, 0x0, 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2477.555126][T12780] device bridge_slave_1 left promiscuous mode [ 2477.561765][T12780] bridge0: port 2(bridge_slave_1) entered disabled state [ 2477.592908][T12780] device bridge_slave_0 left promiscuous mode 21:03:03 executing program 3: 21:03:03 executing program 1: [ 2477.599623][T12780] bridge0: port 1(bridge_slave_0) entered disabled state 21:03:03 executing program 1: 21:03:03 executing program 3: 21:03:03 executing program 1: 21:03:04 executing program 3: [ 2478.983519][T12780] device hsr_slave_0 left promiscuous mode [ 2479.022809][T12780] device hsr_slave_1 left promiscuous mode [ 2479.082969][T12780] team0 (unregistering): Port device team_slave_1 removed [ 2479.096761][T12780] team0 (unregistering): Port device team_slave_0 removed [ 2479.110304][T12780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2479.148775][T12780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2479.223369][T12780] bond0 (unregistering): Released all slaves [ 2479.798058][T19128] IPVS: ftp: loaded support on port[0] = 21 [ 2479.917405][T19128] chnl_net:caif_netlink_parms(): no params data found [ 2479.967503][T19128] bridge0: port 1(bridge_slave_0) entered blocking state [ 2479.974700][T19128] bridge0: port 1(bridge_slave_0) entered disabled state [ 2479.984295][T19128] device bridge_slave_0 entered promiscuous mode [ 2479.993418][T19128] bridge0: port 2(bridge_slave_1) entered blocking state [ 2480.000533][T19128] bridge0: port 2(bridge_slave_1) entered disabled state [ 2480.010133][T19128] device bridge_slave_1 entered promiscuous mode [ 2480.035262][T19128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2480.049181][T19128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2480.079619][T19128] team0: Port device team_slave_0 added [ 2480.088578][T19128] team0: Port device team_slave_1 added [ 2480.146790][T19128] device hsr_slave_0 entered promiscuous mode [ 2480.193535][T19128] device hsr_slave_1 entered promiscuous mode [ 2480.262694][T19128] debugfs: Directory 'hsr0' with parent '/' already present! [ 2480.295348][T19128] bridge0: port 2(bridge_slave_1) entered blocking state [ 2480.302551][T19128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2480.310033][T19128] bridge0: port 1(bridge_slave_0) entered blocking state [ 2480.317322][T19128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2480.376030][T19128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2480.385899][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 2480.395768][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 2480.417883][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2480.427028][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2480.440414][T19128] 8021q: adding VLAN 0 to HW filter on device team0 [ 2480.452173][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2480.462136][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2480.471379][T12782] bridge0: port 1(bridge_slave_0) entered blocking state [ 2480.478701][T12782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2480.493616][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2480.503540][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2480.512398][ T2419] bridge0: port 2(bridge_slave_1) entered blocking state [ 2480.520561][ T2419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2480.535685][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2480.549915][ T2419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2480.565872][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2480.576814][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2480.587465][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2480.609445][T19128] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2480.620326][T19128] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2480.635298][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2480.645182][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2480.655589][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2480.664766][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2480.675591][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2480.685411][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2480.696202][T12782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2480.724749][T19128] 8021q: adding VLAN 0 to HW filter on device batadv0 21:03:09 executing program 2: 21:03:09 executing program 1: 21:03:09 executing program 3: 21:03:09 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r2, 0x0, 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 21:03:12 executing program 0: 21:03:12 executing program 4: 21:03:12 executing program 3: 21:03:12 executing program 1: 21:03:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x40, 0x0, 0x3, 0x7, 0x0, 0x6, 0x0, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x3, 0x9}, 0x0, 0x58, 0x0, 0x5, 0x6, 0x5, 0x8}, 0x0, 0xa, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.\x93sage_sys\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) openat$cgroup(r2, 0x0, 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 21:03:12 executing program 2: 21:03:12 executing program 3: 21:03:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000001c0)='tls\x00', 0x4) shutdown(r1, 0x1) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "215e2eb7b724937e", "df28196f6317ffbc13846cbe59f4f1b8c255c35c6b898da733494d6ae33cbdfb", "7b45bfdf", "1215ddea89823d54"}, 0x38) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c}, 0x1c}}, 0x4000) close(r1) 21:03:13 executing program 3: syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getpgrp(0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004ac0)=[{&(0x7f00000003c0)=""/157, 0x9d}, {&(0x7f00000004c0)=""/222, 0xde}, {&(0x7f00000005c0)=""/186, 0xba}, {0x0}], 0x4, &(0x7f0000000780)=""/186, 0xba}, 0x80000000}, {{&(0x7f0000000840)=@nfc, 0x80, &(0x7f0000001b00)=[{&(0x7f00000008c0)=""/226, 0xe2}, {&(0x7f00000009c0)=""/117, 0x75}, {&(0x7f0000000180)=""/14, 0xe}, {&(0x7f0000000240)=""/54, 0x36}, {&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/162, 0xa2}], 0x6, &(0x7f0000001b80)=""/202, 0xca}, 0x2}, {{&(0x7f0000001fc0)=@nfc, 0x80, &(0x7f00000034c0)=[{&(0x7f00000020c0)=""/145, 0x91}, {&(0x7f0000004a00)=""/168, 0xa8}, {&(0x7f0000002240)=""/53, 0x35}, {&(0x7f0000002280)=""/126, 0x7e}, {&(0x7f0000004b00)=""/4096, 0x1000}, {&(0x7f0000003300)=""/145, 0x91}, {&(0x7f00000033c0)=""/184, 0xb8}, {0x0}], 0x8, &(0x7f0000003580)=""/78, 0x4e}}, {{&(0x7f0000003600)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000047c0)=[{&(0x7f0000003680)=""/224, 0xe0}, {&(0x7f0000003780)=""/6, 0x6}, {0x0}], 0x3, &(0x7f0000004800)=""/132, 0x84}}], 0x4, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) open(&(0x7f0000000140)='./bus\x00', 0x145042, 0x0) getgroups(0x5, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0]) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 21:03:13 executing program 1: memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$caif_stream(0x25, 0x1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000280)='/dev/input/event#\x00', 0x0) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 21:03:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:19 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='clear_refs\x00') pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='clear_refs\x00') pwritev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) 21:03:19 executing program 1: socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, 0x0}], 0x1, 0x4, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam\x00\x00\x10\x00', 0x2}) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) getgid() ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x200000000000, 0x2, 0x0, 0x400000200, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc], 0x0, 0x44110}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000780)={"eaa545e7421d85382ba46bd65966a55a8a83886fd638fa602d6b7da50f67b2f7b19acfe93c195f18e5175624f1a0f90796139e737003000000e37481bf083f14d999650edb9097a2424eb05758d0290ff56fb045e448bf92657a2c3312d7778b32571bd14fb8caad0dc70d4e243038e3f69eeaf8dc766d250c4bfa8afc182d75896e0d7e694cbce34d82d8c930e299ae5f52e3647fad40732f0bb0be973e07b75ec8b1c8753e40609f918c0b892a7ec015541ad2b39be8d258973e3b73d3617c8aec4a7987b165ab65ade11ed94100e9de9d81db8612a033f60b236f48e0f3004c996d64afcca027289ef7c38efa2a8bc259eda9e45161b1fbb1dc0dda4a1c3166c2a782f5977ee8bd9d551e509f3c72687a8944ee55ad69c3c2fed0c2116d56ca160697c6369feda6e5865cc0b1d4bfe6d2681ca34903d6c57f399fb2c85a8e25fb3dc4c13bac6a7812e864f919a4358ae8ead402d6c81b955f0a4189b654d66186c36ac9ae5ca312d772942cfcfbdcf01ee1ae94f43ca82e6893aed89d05f386fb65827e27613f8b80ecfaf7d54cbb993d092428cdd31b05578bf47c78c9af37380bc512cc46d8c1bcc81f8993009b203a35e56e2eb4434a6db1229ed3a6e0476f9a3802000000000000005549716044f3554bb0e200aecfeefc0e83ce237b5cc3f3b27045faaeb2b6f7e190143240f6baa10f3d41bff09cb3d39627e1594309d60c23dd98a696d038d74317d7268c98a80000000167870598d34a09d385ec186ef848af49d312f9bc1448616092181f0f039c30da45266aeff06248d994a228db7ecd834189357a12fcb112ebebecf3ad2b960fbef92b827e51cfd9f5bf443ba730529f1ecee07984168142de2bd3d17ca50d3de1c1aeae8c15e0f44742d34f8dfcd2bbc8dc039da3aa25d6fb402f8abe3b3ad9f18ec78a8f788f0a499461f451873551b813b864c5eaf16ea9abdc87aec43d1d2e9e9691ab69d5e77fe124cc581d0183582790bab792be6e985da3f975e523a7b49175e29268d39e2d12a142dda1b59e9347805b10612b19348cbab9647b517a210d70ecf31696731c20bb6b757b661ccd166b52971027122e4736e44d35454df573354f2f96644e41c80692b2688bae0bffb8a2ef53d2b91bf2ecbc60e1cec442e5bf372c3b289ed320947bb3bc368278f48a8c797e604e647f97440000000000000008e83464dc4acabef1b949623aad99e811f3159dee90f1e6dbe1974876f10971694bf3c33e8260824bfbb35d63e51d5364c151f46c8fccf832d02120bf026b3729b44c9706ba102fc40277f51d9737bc6c1c945bf99d6fb89b4b773213758ae352d6158fc2ca928c6859f4c970cf2491004c6a1707002dbfab19b9d31adcca5ab570a393ae894a2f4e0110a7513a1982bfa900"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES32=r4], 0x1}}, 0x0) 21:03:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:19 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x2f9, 0x0, &(0x7f0000000280)=[@acquire, @acquire={0x40046305, 0x2}, @request_death, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x1000001ed, 0x0, 0x0}) 21:03:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x4c, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:19 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r1 = socket$inet_udplite(0x2, 0x2, 0x88) close(r1) accept4$alg(r0, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000000c0), 0x4557434d) sendfile(r1, r2, 0x0, 0x20000000006) [ 2493.128601][T19395] binder: 19393:19395 unknown command 0 [ 2493.134626][T19395] binder: 19393:19395 ioctl c0306201 20000080 returned -22 [ 2493.155343][T19398] binder: 19393:19398 unknown command 0 [ 2493.161004][T19398] binder: 19393:19398 ioctl c0306201 20000080 returned -22 21:03:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) io_setup(0x3b24, &(0x7f0000000740)=0x0) io_submit(r1, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000780), 0x4000}]) io_submit(r1, 0x1, &(0x7f0000000340)=[0x0]) getpid() ptrace(0x10, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x10, 0xffffffffffffffff, 0x0) 21:03:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f00000002c0)={'team0\x00', {0x2, 0x0, @multicast2}}) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000680)="ff5b93baf4715971ba778a4091bf32a5307d1aad95db841680c544d506ab1c3405176a92ebe5ce0025e269e33dba850c0edff31990e83f65d40e8aec1f8801132a4088456b3f9166215a20ce4113818fe8668752a06696602189d19eb27eeb7c7a8fe69d0e65a052a93b5c4cf71bc11c4bc0bc7fbc5637850e7cf553dc9683e2a77d09196b818171d8e2b85add4e45494bc588edfedd7bd8045fa963bdd79c6885fb32e67153a5050367a53907b55917d7f298c40364e253", 0xffffffe1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x2}, 0x0) r4 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r4, &(0x7f00000004c0)='1', 0x1) sendfile(r4, r4, &(0x7f0000000200), 0xff8) 21:03:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f00000002c0)={'team0\x00', {0x2, 0x0, @multicast2}}) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000680)="ff5b93baf4715971ba778a4091bf32a5307d1aad95db841680c544d506ab1c3405176a92ebe5ce0025e269e33dba850c0edff31990e83f65d40e8aec1f8801132a4088456b3f9166215a20ce4113818fe8668752a06696602189d19eb27eeb7c7a8fe69d0e65a052a93b5c4cf71bc11c4bc0bc7fbc5637850e7cf553dc9683e2a77d09196b818171d8e2b85add4e45494bc588edfedd7bd8045fa963bdd79c6885fb32e67153a5050367a53907b55917d7f298c40364e253", 0xffffffe1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x2}, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r3, &(0x7f00000004c0)='1', 0x1) sendfile(r3, r3, &(0x7f0000000200), 0xff8) 21:03:23 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x1a3204, 0x143) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) write$P9_RLCREATE(r4, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x1b, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x8) write$P9_RLCREATE(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) socket$inet(0x10, 0x0, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000240)={0x20, 0x0, 0x0, {0x0, 0x4, 0x8, 0x6}}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) 21:03:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:23 executing program 1: pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_GET_FP_MODE(0x2e) write(r1, &(0x7f00000001c0), 0xfffffef3) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000280)) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x0) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1, 0x0, 0x0, 0x8}) getsockname$packet(0xffffffffffffffff, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000700)=0x14) ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000740)={@mcast2, 0x5f, r3}) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x800000, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(r4, &(0x7f0000000c80)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0x1000}, 0x1006) getpid() sendfile(r4, r4, &(0x7f0000000240), 0x2008000fffffffe) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x3) ioctl$RTC_VL_READ(r1, 0x80047013, 0x0) ptrace(0xffffffffffffffff, 0x0) mount(&(0x7f0000000140)=@sr0='/dev/sr0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000400)='fuse\x00', 0x18000, &(0x7f0000000480)='ramfs\x00') ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000080)={0x2, 0x769, 0x5, 0x0, 0x80, 0xb093}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) prctl$PR_GET_UNALIGN(0x5, &(0x7f00000000c0)) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, 0x0) stat(&(0x7f0000000180)='./file0/bus\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000600)={0xa0, 0x0, 0x8, {{0x0, 0x1, 0xc08a, 0x5, 0x6, 0x20ddbcfd, {0x6, 0x0, 0x0, 0x9, 0x8, 0x88, 0x0, 0x0, 0xffffffff, 0xfff, 0xfffffffffffeffff, 0x0, r5, 0x10001, 0x2}}, {0x0, 0x8}}}, 0xa0) r6 = creat(&(0x7f0000000100)='./file0\x00', 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0) dup(r6) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f00000004c0)=0xb59) ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, 0x0) 21:03:23 executing program 5: msgctl$IPC_SET(0x0, 0x3, &(0x7f0000000000)={{0x0, 0xffffffffffffffff}}) 21:03:26 executing program 2: sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000002680)=[{0x0, 0x2d, 0x0, 0x0, &(0x7f0000001540)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB], 0x18}], 0x4924924924922a7, 0x0) 21:03:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) poll(&(0x7f0000000240), 0x0, 0x40) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:03:26 executing program 5: r0 = gettid() r1 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x40000000) write$binfmt_script(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="01"], 0x1) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 21:03:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:26 executing program 1: sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0x80005) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000002680)=[{0x0, 0x2d, 0x0, 0x0, &(0x7f0000001540)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB], 0x18}], 0x4924924924922a7, 0x0) 21:03:26 executing program 5: r0 = gettid() r1 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x40000000) write$binfmt_script(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="01"], 0x1) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 21:03:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet(0x2, 0x3, 0x29) socket$packet(0x11, 0x2, 0x300) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000001c0)='erspan0\x00', 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) [ 2501.062682][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2501.068823][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2501.075171][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2501.081417][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2501.087766][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2501.094092][ C1] protocol 88fb is buggy, dev hsr_slave_1 21:03:32 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:32 executing program 1: unshare(0x600) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fallocate(r0, 0x4, 0x0, 0x0) 21:03:32 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x1c, 0x0, &(0x7f0000000280)=[@acquire, @decrefs, @dead_binder_done], 0x0, 0x0, 0x0}) 21:03:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000080), 0x4) 21:03:33 executing program 2: pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) bind$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) 21:03:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000002c0)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000080)) dup3(r0, r1, 0x0) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 21:03:35 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, 0x0, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r0, 0x0, 0x0, 0x0) 21:03:35 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x14, 0x0, &(0x7f0000000100)) 21:03:35 executing program 1: r0 = gettid() r1 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) syz_open_procfs(0x0, &(0x7f0000000180)='cmdline\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$binfmt_script(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="01e23ddf45f1f8fddf8ee3440fa2d936fa4e0f9fdbe572c3c922835d1274e1220c22b4870000000000000000000005000000bf5777b965ce27d15a5383acc22cb40000295fdc2401030200008c6574d6f644db112a4dfda3a9ed873bb0723ff13c3f8ec538d87aef23d8e9f11dcfd797036ef46b1173ccb06989ad94eed2ffe180ded477a350b604129634938dbcf0d0998993ed44bbfbd5302b7d10cd61a5260f7d4839f0ac1f146fc57b7dce415b928b00dce72fc99261fa9826"], 0xbb) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x4008001, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 21:03:35 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:35 executing program 5: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x84000) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r6, 0x237, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}]) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x1}}, 0x30) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xa2127d61d94dfe13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) 21:03:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:41 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000002c0)={[], 0x0, 0x0, 0x0, 0x0, 0x135}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000280)) ptrace$cont(0x1f, r2, 0x0, 0x0) 21:03:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:41 executing program 1: socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="1c0000001e005f0214fffffffffffff8070000030000000000000000", 0x1c) 21:03:41 executing program 5: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x84000) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r6, 0x237, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}]) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x1}}, 0x30) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xa2127d61d94dfe13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) 21:03:42 executing program 4: dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) syz_genetlink_get_family_id$team(0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x800000, 0x0) chdir(&(0x7f0000000080)='./file0\x00') fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000480)) r0 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000c80)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0xf05}, 0x1006) sendfile(r0, r0, &(0x7f0000000240), 0x2008000fffffffe) creat(&(0x7f0000000340)='./file0\x00', 0x4e) 21:03:42 executing program 2: unshare(0x600) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 21:03:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000280)=[@request_death={0x40106308}, @release], 0x0, 0x0, 0x0}) 21:03:42 executing program 5: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x84000) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r6, 0x237, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}]) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x1}}, 0x30) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xa2127d61d94dfe13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) 21:03:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) [ 2516.919240][T20244] binder: 20243:20244 unknown command 0 [ 2516.925040][T20244] binder: 20243:20244 ioctl c0306201 20000080 returned -22 [ 2516.943911][T20244] binder: BINDER_SET_CONTEXT_MGR already set [ 2516.950060][T20244] binder: 20243:20244 ioctl 40046207 0 returned -16 21:03:43 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @acquire={0x400c630f}, @request_death], 0x0, 0x0, 0x0}) [ 2517.174170][T20363] binder: 20362:20363 unknown command 0 [ 2517.179927][T20363] binder: 20362:20363 ioctl c0306201 20000080 returned -22 21:03:51 executing program 0: 21:03:51 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:51 executing program 1: r0 = socket$kcm(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='/group.sta\x9f\xd4t\x00+\x96FR\bR\t\x12\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0W\xdfuE\xfe\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6J\x81W!\xf0\\\xa1O\x9f\x93\x19C\xceQCV\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1fM\xeba_\xa9\xcd\x10\xcd\x0e~\xc6\xed\xb6\x82\xf6\xee\x9aK\xdd\x86\xf8\x0f\x15Y-\xb8A1\x1bb\xff\xf0\xd2M\xf7)\xaa\x8a\x18\xb9_\x83>\xeb\xfc\xc18^\x1d\xb3Y\xdc#\xde\xdb\x89\x90L\x99o\x02\xb6\x98e\xc6b\xce\xb7\x99k3&\xaf\v\xc6\x80\xff\xdb\xb7\x0e\xb4K\xf8\x17\xba\xf8\xee\fe\xed]\x93\x13\xbc\xf5\xe2<\xa2\xaf\x83\xa3\xaabc\x95\x00\t:\xcc\xe1\t]\x84\x90\x17l\xd3\xa7M\xdb\x02J\x90\xe8\xe8\xb3\xc9\xf6\xea\xb2\xdeI\xe4\x0f\xd4\xca(\xcd\xfa\xb2\xb8@\xca\x17u\x02Rb\xad\xd0\xf7\x9bz#\xb8\x1d\x88\xf6?3,\x89\xb1-p\x8a\r\xdb\xd6,\xa4\x01y\x1bc\xb7\x19\xcey\xb5\xae\xc4\xe3\xc4\xe9=\x1e\x8c\xec\xfe\x05b\x7f`Y k\xc4\xa8 \xc3\x9b\v\xbbE\x8c\xb8\xe6\x8a\xa0s\b\xcb\xbb\xfa\xde\xf0\n`\x8az<\f\xf1\xbe\x85\xd1Wk\x17\xbc1q\x8b\x93Y|\x9e\xe2\xc9Ms/A\x98\xf2\x88\n\x92?7\xb1\xe0\xee\xe8yo\xb7\xb2p\xc5O~\x87\x17F\b\xb5\xd6\xdc\xe4u:$>\xd1\xaf\x1a\xcb\x18\x8a\x0e$\xbd\x94N\xc84}_\x06\x11\xd2\xdd7\xe0\b\x0f\xd0\xb0WZ\xfc\xb1\xc3\tS\x13\a6\xc0\xbc\vG\xe4p\x1b\xee\x89_=\xb8\x12\xddpk\x860\x03\xfd\xde\x0f\x9c\xc2\xe5.\xfe\xaf\x8f\xe2\x16\x8c\xdbS\xe6\xc26\xde\xf4I\x9f\x003P\xb5\x9fg\x82!\xf2\x82 \xc1Os\xd7C\\\xad\xb3n}t\xba|\x10\x05,rk\xd1\t|\x1e\x00\x9e\xfa\"\x85\xdd\xb7O\a\xfc\x14\xa8\x00\x1f6M\xb00\xbd\xb7\xd6\xa8\xffe\xb2\xcb\'', 0x2761, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0x4, &(0x7f0000000000)=r1, 0x110) 21:03:51 executing program 5: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x84000) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r6, 0x237, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}]) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x1}}, 0x30) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xa2127d61d94dfe13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) 21:03:51 executing program 4: 21:03:52 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = syz_open_procfs$namespace(0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x0, 0x0, 0x0) 21:03:52 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:52 executing program 1: 21:03:52 executing program 5: 21:03:52 executing program 1: r0 = socket$kcm(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='/group.sta\x9f\xd4t\x00+\x96FR\bR\t\x12\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0W\xdfuE\xfe\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6J\x81W!\xf0\\\xa1O\x9f\x93\x19C\xceQCV\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1fM\xeba_\xa9\xcd\x10\xcd\x0e~\xc6\xed\xb6\x82\xf6\xee\x9aK\xdd\x86\xf8\x0f\x15Y-\xb8A1\x1bb\xff\xf0\xd2M\xf7)\xaa\x8a\x18\xb9_\x83>\xeb\xfc\xc18^\x1d\xb3Y\xdc#\xde\xdb\x89\x90L\x99o\x02\xb6\x98e\xc6b\xce\xb7\x99k3&\xaf\v\xc6\x80\xff\xdb\xb7\x0e\xb4K\xf8\x17\xba\xf8\xee\fe\xed]\x93\x13\xbc\xf5\xe2<\xa2\xaf\x83\xa3\xaabc\x95\x00\t:\xcc\xe1\t]\x84\x90\x17l\xd3\xa7M\xdb\x02J\x90\xe8\xe8\xb3\xc9\xf6\xea\xb2\xdeI\xe4\x0f\xd4\xca(\xcd\xfa\xb2\xb8@\xca\x17u\x02Rb\xad\xd0\xf7\x9bz#\xb8\x1d\x88\xf6?3,\x89\xb1-p\x8a\r\xdb\xd6,\xa4\x01y\x1bc\xb7\x19\xcey\xb5\xae\xc4\xe3\xc4\xe9=\x1e\x8c\xec\xfe\x05b\x7f`Y k\xc4\xa8 \xc3\x9b\v\xbbE\x8c\xb8\xe6\x8a\xa0s\b\xcb\xbb\xfa\xde\xf0\n`\x8az<\f\xf1\xbe\x85\xd1Wk\x17\xbc1q\x8b\x93Y|\x9e\xe2\xc9Ms/A\x98\xf2\x88\n\x92?7\xb1\xe0\xee\xe8yo\xb7\xb2p\xc5O~\x87\x17F\b\xb5\xd6\xdc\xe4u:$>\xd1\xaf\x1a\xcb\x18\x8a\x0e$\xbd\x94N\xc84}_\x06\x11\xd2\xdd7\xe0\b\x0f\xd0\xb0WZ\xfc\xb1\xc3\tS\x13\a6\xc0\xbc\vG\xe4p\x1b\xee\x89_=\xb8\x12\xddpk\x860\x03\xfd\xde\x0f\x9c\xc2\xe5.\xfe\xaf\x8f\xe2\x16\x8c\xdbS\xe6\xc26\xde\xf4I\x9f\x003P\xb5\x9fg\x82!\xf2\x82 \xc1Os\xd7C\\\xad\xb3n}t\xba|\x10\x05,rk\xd1\t|\x1e\x00\x9e\xfa\"\x85\xdd\xb7O\a\xfc\x14\xa8\x00\x1f6M\xb00\xbd\xb7\xd6\xa8\xffe\xb2\xcb\'', 0x2761, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0x5, &(0x7f0000000000)=r1, 0x110) 21:03:52 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:52 executing program 5: 21:03:55 executing program 0: 21:03:55 executing program 5: 21:03:55 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:03:55 executing program 1: 21:03:55 executing program 4: 21:04:01 executing program 2: 21:04:01 executing program 1: 21:04:01 executing program 5: 21:04:01 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:01 executing program 1: 21:04:01 executing program 5: 21:04:01 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:02 executing program 0: 21:04:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:02 executing program 5: 21:04:02 executing program 1: 21:04:04 executing program 4: 21:04:07 executing program 2: 21:04:07 executing program 1: 21:04:07 executing program 5: 21:04:07 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:07 executing program 4: 21:04:07 executing program 0: 21:04:07 executing program 1: 21:04:07 executing program 5: 21:04:07 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:07 executing program 1: 21:04:07 executing program 5: 21:04:07 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:16 executing program 2: 21:04:16 executing program 1: 21:04:16 executing program 5: 21:04:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:16 executing program 4: 21:04:16 executing program 0: 21:04:17 executing program 5: 21:04:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:17 executing program 1: 21:04:17 executing program 5: r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r0, &(0x7f0000000a80)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2, 0x6}, 0x80, 0x0}, 0x280f9d97134acda9) sendmsg(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="ba", 0x5e8}], 0x1}, 0x0) 21:04:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:17 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f00000000c0)={@random="cd390b081bf2", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, "d5cae2", 0x0, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, @ipv4={[], [], @dev}}}}}}}}, 0x0) 21:04:23 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3c, 0x0, &(0x7f0000000280)=[@dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:23 executing program 5: creat(&(0x7f0000000080)='./file0\x00', 0x0) setxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='security.capability\x00', 0x0, 0x0, 0x0) getxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='security.capability\x00', 0x0, 0x0) 21:04:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:23 executing program 1: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x2) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x40) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket(0x840000000002, 0x3, 0x200000000000ff) sendmmsg$inet(r3, &(0x7f0000002dc0)=[{{&(0x7f0000000300), 0x10, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="109e093c00000000ca78deb3b94439c0513776de95ad29bbef21a4072f8786ca175af94beb17575111cc9d8d342c6b8b0a620000"], 0x8}}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x8, &(0x7f00000004c0)) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) io_setup(0x3b24, &(0x7f0000000740)=0x0) io_submit(r5, 0x6c2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000780), 0x4000}]) io_submit(r5, 0x1, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x80, r4, &(0x7f0000000000), 0x0, 0x2f, 0x0, 0x1}]) r6 = getpid() rt_tgsigqueueinfo(r6, r6, 0x16, &(0x7f00000002c0)) ptrace(0x10, r6) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x10, 0xffffffffffffffff, 0x0) 21:04:26 executing program 4: syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa5, 0x57, 0x77, 0x8, 0x9710, 0x7810, 0xe38f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xfe, 0x0, 0x3, 0xdf, 0x4a, 0x15, 0x0, [], [{{0x9, 0x5, 0x8f, 0x2d552b3f4576f05f}}, {{0x9, 0x5, 0xf, 0x2}}, {{0x9, 0x5, 0x81, 0x12}}]}}]}}]}}, 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) 21:04:26 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) setsockopt$sock_attach_bpf(r0, 0x29, 0x39, 0x0, 0x0) 21:04:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800a1695e1dcfe87b1071") setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f0000000000)={0x0, 0xffffffff, 0x8492e03}, 0xc) syz_emit_ethernet(0x5e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6035266800283a00fe80000000000000000000000000000000000000000000890090780000000094bca7b32b3df8fcc7980679bffabd17fe8000000000000000000000000000bb714fcefe96c7235106000000000000000000"], &(0x7f0000000100)={0x0, 0x2, [0x0, 0x484]}) 21:04:26 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp6\x00\x7f\x94\xa8(\xc1\xc1b/{\xd8\x12\x0e\xafg\xd7Ot\x06Ak\x80\tF\xb9\x10\xf9\xfa\x17\xe3 \xf2\x19S\x99\xe7\x04E\xd1\xe2N\x1d\xbe\xb6l\xdaa\xd4\xda4\xb9\x9eY\xb6\xd5~2i8\xcb\xa2\xab6\xaa\xec\x199\x10\x02\xbd\xe4*z\b\rK\xb9u\x01\x16j\x83~9\x10{\x8c\xe6\x97\xce\xa6Y\xb5]\x8d\xc5\x8fQ4\x96\xb6\x96\xc1\x7fw\x11\xdf<\x1d\xa7p\xbb\xb2\x99\xa3C\xd7F\xb4\xb7\xa1\xe5\x00-\xa0W\x8a\nN+\x99\xddW\x19\xfc\x18}p\xbc\xbe\xbb\x85R\xac\xa35{\xaf\x92\b\x05\xa7Wf\xcf\x13') sendfile(r1, r2, &(0x7f0000000000)=0xf0, 0x80000002) 21:04:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x21f, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xdc, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff1800000000000000000b000a508800000000000014000200fe880000f00000000000000000040000"], 0x2c}}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x4924c57, 0x0) 21:04:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:26 executing program 1: open(0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(0xffffffffffffffff, &(0x7f00000003c0)=""/11, 0x2f8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r3, 0x16) 21:04:28 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x54, 0x0, &(0x7f0000000280)=[@acquire={0x40046304}, @release, @decrefs, @dead_binder_done, @clear_death, @acquire_done, @free_buffer], 0x0, 0x0, 0x0}) 21:04:28 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x7005, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'all\x00\x19\x00\x00!C\x19\xb2d\xb4\xa0$v', 0x420000015001}) ptrace$setopts(0x4206, r0, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000140)='threaded\x00', 0x5dc291) lseek(r2, 0xfffdfffffffffff7, 0x1) write$binfmt_misc(r2, 0x0, 0x0) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req3={0x10000, 0xffff, 0x0, 0x3, 0x3, 0x5, 0x2}, 0x1c) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000140)='threaded\x00', 0x5dc291) lseek(r3, 0xfffdfffffffffff7, 0x1) r4 = syz_open_dev$binderN(&(0x7f0000000040)='/deW/binder#\x00', 0x0, 0x800) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x20, 0x0, &(0x7f0000000280)=[@acquire, @request_death={0x400c630e, 0x3}, @decrefs], 0x0, 0x0, 0x0}) r5 = dup(r4) write$P9_RSTATFS(r5, &(0x7f0000000180)={0x43, 0x9, 0x1, {0xe5e, 0x1, 0x7, 0x0, 0x4, 0x4, 0x8, 0x2, 0xfffffffc}}, 0x43) write$binfmt_misc(r3, 0x0, 0x0) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$cgroup_type(r6, &(0x7f0000000140)='threaded\x00', 0x5dc291) lseek(r6, 0xfffdfffffffffff7, 0x1) write$binfmt_misc(r6, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000200)=@ccm_128={{0x303}, "1f12d1b9f5938cf0", "1d4733c46c5c1f51f5680f7b1def203f", "9de66c41", "5e88f33fb3c38413"}, 0x28) tkill(r0, 0x800000000002e) wait4(0x0, 0x0, 0x0, 0x0) r7 = dup2(r3, r1) ioctl$KDGKBDIACR(r7, 0x4b4a, &(0x7f00000002c0)=""/204) 21:04:28 executing program 2: clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x400000000000038) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x2000008, 0x40000000000000, 0x1a}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 21:04:28 executing program 1: r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$kcm(0x11, 0x10000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f0000001a00)=r1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) r3 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="000088a8ff"], 0xb107) [ 2562.354553][T21243] device nr0 entered promiscuous mode [ 2562.402887][T21243] ===================================================== [ 2562.409925][T21243] BUG: KMSAN: uninit-value in __skb_flow_dissect+0x207e/0x7a40 [ 2562.417504][T21243] CPU: 1 PID: 21243 Comm: syz-executor.1 Not tainted 5.4.0-rc2+ #0 [ 2562.425413][T21243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2562.435495][T21243] Call Trace: [ 2562.440213][T21243] dump_stack+0x191/0x1f0 [ 2562.444590][T21243] kmsan_report+0x14e/0x2c0 [ 2562.449284][T21243] __msan_warning+0x73/0xe0 [ 2562.453844][T21243] __skb_flow_dissect+0x207e/0x7a40 [ 2562.461661][T21243] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2562.467351][T21243] __skb_get_hash_symmetric+0x108/0x260 [ 2562.473042][T21243] packet_rcv_fanout+0xa73/0x2550 [ 2562.478115][T21243] ? __msan_metadata_ptr_for_store_2+0x13/0x20 [ 2562.484312][T21243] ? kmsan_get_metadata+0x39/0x350 [ 2562.490250][T21243] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2562.497400][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2562.503345][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2562.509294][T21243] __netif_receive_skb_core+0x1cab/0x51a0 [ 2562.515056][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2562.520991][T21243] ? kmsan_get_metadata+0x39/0x350 [ 2562.526144][T21243] ? packet_direct_xmit+0x470/0x470 [ 2562.532078][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2562.538101][T21243] netif_receive_skb_internal+0x3cc/0xc20 [ 2562.543835][T21243] ? kmsan_get_metadata+0x39/0x350 [ 2562.548948][T21243] netif_receive_skb+0x1da/0x3a0 [ 2562.553896][T21243] tun_get_user+0x6c44/0x6f70 [ 2562.558607][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2562.567194][T21243] tun_chr_write_iter+0x1f2/0x360 [ 2562.572222][T21243] ? tun_chr_read_iter+0x460/0x460 [ 2562.577342][T21243] __vfs_write+0xa2c/0xcb0 [ 2562.582390][T21243] vfs_write+0x481/0x920 [ 2562.586913][T21243] ksys_write+0x265/0x430 [ 2562.591249][T21243] __se_sys_write+0x92/0xb0 [ 2562.595847][T21243] __x64_sys_write+0x4a/0x70 [ 2562.600434][T21243] do_syscall_64+0xb6/0x160 [ 2562.604934][T21243] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2562.610820][T21243] RIP: 0033:0x459a59 [ 2562.614730][T21243] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2562.634422][T21243] RSP: 002b:00007f073d62ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2562.642882][T21243] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2562.650934][T21243] RDX: 000000000000b107 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2562.659179][T21243] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2562.667178][T21243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f073d62b6d4 [ 2562.675158][T21243] R13: 00000000004c9ea0 R14: 00000000004e1ac0 R15: 00000000ffffffff [ 2562.683142][T21243] [ 2562.685459][T21243] Uninit was stored to memory at: [ 2562.690487][T21243] kmsan_internal_chain_origin+0xbd/0x170 [ 2562.696204][T21243] __msan_chain_origin+0x6b/0xe0 [ 2562.701745][T21243] __skb_flow_dissect+0x30ee/0x7a40 [ 2562.706934][T21243] __skb_get_hash_symmetric+0x108/0x260 [ 2562.712471][T21243] packet_rcv_fanout+0xa73/0x2550 [ 2562.717487][T21243] __netif_receive_skb_core+0x1cab/0x51a0 [ 2562.723195][T21243] netif_receive_skb_internal+0x3cc/0xc20 [ 2562.728906][T21243] netif_receive_skb+0x1da/0x3a0 [ 2562.733837][T21243] tun_get_user+0x6c44/0x6f70 [ 2562.738511][T21243] tun_chr_write_iter+0x1f2/0x360 [ 2562.743523][T21243] __vfs_write+0xa2c/0xcb0 [ 2562.747927][T21243] vfs_write+0x481/0x920 [ 2562.752159][T21243] ksys_write+0x265/0x430 [ 2562.756474][T21243] __se_sys_write+0x92/0xb0 [ 2562.760969][T21243] __x64_sys_write+0x4a/0x70 [ 2562.765550][T21243] do_syscall_64+0xb6/0x160 [ 2562.770062][T21243] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2562.776044][T21243] [ 2562.778628][T21243] Uninit was stored to memory at: [ 2562.783906][T21243] kmsan_internal_chain_origin+0xbd/0x170 [ 2562.789618][T21243] __msan_chain_origin+0x6b/0xe0 [ 2562.794570][T21243] skb_vlan_untag+0x6bc/0xd20 [ 2562.799351][T21243] __netif_receive_skb_core+0x833/0x51a0 [ 2562.805058][T21243] netif_receive_skb_internal+0x3cc/0xc20 [ 2562.810765][T21243] netif_receive_skb+0x1da/0x3a0 [ 2562.815708][T21243] tun_get_user+0x6c44/0x6f70 [ 2562.820375][T21243] tun_chr_write_iter+0x1f2/0x360 [ 2562.825393][T21243] __vfs_write+0xa2c/0xcb0 [ 2562.829796][T21243] vfs_write+0x481/0x920 [ 2562.834133][T21243] ksys_write+0x265/0x430 [ 2562.838452][T21243] __se_sys_write+0x92/0xb0 [ 2562.842946][T21243] __x64_sys_write+0x4a/0x70 [ 2562.847526][T21243] do_syscall_64+0xb6/0x160 [ 2562.852023][T21243] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2562.857984][T21243] [ 2562.860306][T21243] Uninit was created at: [ 2562.864541][T21243] kmsan_internal_poison_shadow+0x60/0x120 [ 2562.870346][T21243] kmsan_slab_alloc+0xaa/0x120 [ 2562.875111][T21243] __kmalloc_node_track_caller+0xb55/0x1320 [ 2562.881003][T21243] __alloc_skb+0x306/0xa10 [ 2562.885420][T21243] alloc_skb_with_frags+0x18c/0xa80 [ 2562.890618][T21243] sock_alloc_send_pskb+0xafd/0x10a0 [ 2562.895987][T21243] tun_get_user+0x1132/0x6f70 [ 2562.900651][T21243] tun_chr_write_iter+0x1f2/0x360 [ 2562.905661][T21243] __vfs_write+0xa2c/0xcb0 [ 2562.910084][T21243] vfs_write+0x481/0x920 [ 2562.914315][T21243] ksys_write+0x265/0x430 [ 2562.918816][T21243] __se_sys_write+0x92/0xb0 [ 2562.923317][T21243] __x64_sys_write+0x4a/0x70 [ 2562.927986][T21243] do_syscall_64+0xb6/0x160 [ 2562.932486][T21243] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2562.938418][T21243] ===================================================== [ 2562.945360][T21243] Disabling lock debugging due to kernel taint [ 2562.951499][T21243] Kernel panic - not syncing: panic_on_warn set ... [ 2562.958082][T21243] CPU: 1 PID: 21243 Comm: syz-executor.1 Tainted: G B 5.4.0-rc2+ #0 [ 2562.967434][T21243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2562.977566][T21243] Call Trace: [ 2562.980862][T21243] dump_stack+0x191/0x1f0 [ 2562.985190][T21243] panic+0x3c9/0xc1e [ 2562.989103][T21243] kmsan_report+0x2b6/0x2c0 [ 2562.993624][T21243] __msan_warning+0x73/0xe0 [ 2562.998128][T21243] __skb_flow_dissect+0x207e/0x7a40 [ 2563.003361][T21243] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2563.010122][T21243] __skb_get_hash_symmetric+0x108/0x260 [ 2563.015672][T21243] packet_rcv_fanout+0xa73/0x2550 [ 2563.020695][T21243] ? __msan_metadata_ptr_for_store_2+0x13/0x20 [ 2563.026849][T21243] ? kmsan_get_metadata+0x39/0x350 [ 2563.031957][T21243] ? kmsan_internal_set_origin+0x6a/0xb0 [ 2563.037589][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2563.043666][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2563.049796][T21243] __netif_receive_skb_core+0x1cab/0x51a0 [ 2563.055552][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2563.061478][T21243] ? kmsan_get_metadata+0x39/0x350 [ 2563.066679][T21243] ? packet_direct_xmit+0x470/0x470 [ 2563.071959][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2563.078006][T21243] netif_receive_skb_internal+0x3cc/0xc20 [ 2563.083922][T21243] ? kmsan_get_metadata+0x39/0x350 [ 2563.089055][T21243] netif_receive_skb+0x1da/0x3a0 [ 2563.094005][T21243] tun_get_user+0x6c44/0x6f70 [ 2563.098809][T21243] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 2563.104702][T21243] tun_chr_write_iter+0x1f2/0x360 [ 2563.109812][T21243] ? tun_chr_read_iter+0x460/0x460 [ 2563.115265][T21243] __vfs_write+0xa2c/0xcb0 [ 2563.119692][T21243] vfs_write+0x481/0x920 [ 2563.123937][T21243] ksys_write+0x265/0x430 [ 2563.128278][T21243] __se_sys_write+0x92/0xb0 [ 2563.132782][T21243] __x64_sys_write+0x4a/0x70 [ 2563.137367][T21243] do_syscall_64+0xb6/0x160 [ 2563.141888][T21243] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 2563.147782][T21243] RIP: 0033:0x459a59 [ 2563.151668][T21243] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2563.171262][T21243] RSP: 002b:00007f073d62ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2563.179665][T21243] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2563.187647][T21243] RDX: 000000000000b107 RSI: 00000000200000c0 RDI: 0000000000000005 [ 2563.195624][T21243] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2563.203600][T21243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f073d62b6d4 [ 2563.211670][T21243] R13: 00000000004c9ea0 R14: 00000000004e1ac0 R15: 00000000ffffffff [ 2563.221841][T21243] Kernel Offset: disabled [ 2563.226198][T21243] Rebooting in 86400 seconds..