81] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3178.130304][T17781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3178.130311][T17781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3178.310757][T17781] memory: usage 22324kB, limit 0kB, failcnt 290 [ 3178.327002][T17781] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3178.351909][T17781] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3178.368134][T17781] Memory cgroup stats for /syz3: cache:16296KB rss:156KB rss_huge:0KB shmem:16168KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16384KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3178.409043][T17781] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17237,uid=0 [ 3178.433271][T17781] Memory cgroup out of memory: Killed process 17237 (syz-executor.3) total-vm:72056kB, anon-rss:100kB, file-rss:35556kB, shmem-rss:0kB [ 3178.464227][ T1044] oom_reaper: reaped process 17237 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3178.474733][T17782] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3178.527878][T17782] CPU: 0 PID: 17782 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #84 [ 3178.535907][T17782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3178.545977][T17782] Call Trace: [ 3178.549292][T17782] dump_stack+0x172/0x1f0 [ 3178.553640][T17782] dump_header+0x10f/0xb6c [ 3178.558071][T17782] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3178.563893][T17782] ? ___ratelimit+0x60/0x595 [ 3178.568485][T17782] ? do_raw_spin_unlock+0x57/0x270 [ 3178.573607][T17782] oom_kill_process.cold+0x10/0x15 [ 3178.578722][T17782] out_of_memory+0x79a/0x1280 [ 3178.583408][T17782] ? retint_kernel+0x2d/0x2d [ 3178.588007][T17782] ? oom_killer_disable+0x280/0x280 [ 3178.593219][T17782] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3178.598772][T17782] ? memcg_event_wake+0x230/0x230 [ 3178.603813][T17782] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3178.609627][T17782] ? cgroup_file_notify+0x140/0x1b0 [ 3178.614828][T17782] memory_max_write+0x169/0x300 [ 3178.619679][T17782] ? kernfs_fop_write+0x204/0x480 [ 3178.624715][T17782] ? mem_cgroup_write+0x360/0x360 [ 3178.629748][T17782] ? lock_acquire+0x16f/0x3f0 [ 3178.634434][T17782] ? kernfs_fop_write+0x227/0x480 [ 3178.639473][T17782] cgroup_file_write+0x245/0x7a0 [ 3178.644416][T17782] ? mem_cgroup_write+0x360/0x360 [ 3178.649446][T17782] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3178.655111][T17782] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3178.660750][T17782] kernfs_fop_write+0x2ba/0x480 [ 3178.665626][T17782] __vfs_write+0x8d/0x110 [ 3178.669957][T17782] ? kernfs_fop_open+0xd90/0xd90 [ 3178.674898][T17782] vfs_write+0x20c/0x580 [ 3178.679153][T17782] ksys_write+0x14f/0x2d0 [ 3178.683497][T17782] ? __ia32_sys_read+0xb0/0xb0 [ 3178.688277][T17782] __ia32_sys_write+0x71/0xb0 [ 3178.692971][T17782] ? do_fast_syscall_32+0x175/0xc98 [ 3178.698189][T17782] do_fast_syscall_32+0x281/0xc98 [ 3178.703233][T17782] entry_SYSENTER_compat+0x70/0x7f [ 3178.708349][T17782] RIP: 0023:0xf7f72869 [ 3178.712424][T17782] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3178.732048][T17782] RSP: 002b:00000000f5d6e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3178.740487][T17782] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3178.748497][T17782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3178.756492][T17782] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3178.764485][T17782] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3178.772474][T17782] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3179.039157][T17782] memory: usage 22268kB, limit 0kB, failcnt 315 [ 3179.074186][T17782] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3179.081852][T17782] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3179.108179][T17782] Memory cgroup stats for /syz3: cache:16296KB rss:156KB rss_huge:0KB shmem:16168KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16384KB active_anon:128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3179.169075][T17797] IPVS: ftp: loaded support on port[0] = 21 [ 3179.180321][T17782] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17781,uid=0 00:29:12 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:12 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) [ 3179.224039][T17782] Memory cgroup out of memory: Killed process 17782 (syz-executor.3) total-vm:72320kB, anon-rss:152kB, file-rss:35612kB, shmem-rss:0kB [ 3179.257671][ T1044] oom_reaper: reaped process 17782 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 3181.802795][T17797] chnl_net:caif_netlink_parms(): no params data found [ 3181.926047][T17797] bridge0: port 1(bridge_slave_0) entered blocking state [ 3181.933255][T17797] bridge0: port 1(bridge_slave_0) entered disabled state [ 3181.946218][T17797] device bridge_slave_0 entered promiscuous mode [ 3182.021602][T17797] bridge0: port 2(bridge_slave_1) entered blocking state [ 3182.030955][T17797] bridge0: port 2(bridge_slave_1) entered disabled state [ 3182.041975][T17797] device bridge_slave_1 entered promiscuous mode [ 3182.142822][T17797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3182.161799][T17797] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3182.240318][T17797] team0: Port device team_slave_0 added [ 3182.251335][T17797] team0: Port device team_slave_1 added [ 3182.409329][T17797] device hsr_slave_0 entered promiscuous mode [ 3182.475792][T17797] device hsr_slave_1 entered promiscuous mode [ 3183.115572][T17797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3183.195445][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3183.209716][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3183.231767][T17797] 8021q: adding VLAN 0 to HW filter on device team0 [ 3183.255216][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3183.267653][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3183.277683][ T8099] bridge0: port 1(bridge_slave_0) entered blocking state [ 3183.284832][ T8099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3183.368815][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3183.390590][T15633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3183.402344][T15633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3183.411838][T15633] bridge0: port 2(bridge_slave_1) entered blocking state [ 3183.418983][T15633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3183.480944][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3183.558771][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3183.597863][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3183.617041][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3183.688489][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3183.729177][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3183.757413][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3183.768982][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3183.780031][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3183.856884][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3183.871881][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3183.958310][T17797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3184.102267][T17797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3184.310340][T17805] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3184.329882][T17805] CPU: 0 PID: 17805 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3184.337927][T17805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3184.348001][T17805] Call Trace: [ 3184.351321][T17805] dump_stack+0x172/0x1f0 [ 3184.355672][T17805] dump_header+0x10f/0xb6c [ 3184.360103][T17805] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3184.365931][T17805] ? ___ratelimit+0x60/0x595 [ 3184.370537][T17805] ? do_raw_spin_unlock+0x57/0x270 [ 3184.375676][T17805] oom_kill_process.cold+0x10/0x15 [ 3184.380824][T17805] out_of_memory+0x79a/0x1280 [ 3184.385518][T17805] ? lock_downgrade+0x880/0x880 [ 3184.390404][T17805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.396669][T17805] ? oom_killer_disable+0x280/0x280 [ 3184.401884][T17805] ? find_held_lock+0x35/0x130 [ 3184.406769][T17805] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3184.412336][T17805] ? memcg_event_wake+0x230/0x230 [ 3184.417388][T17805] ? do_raw_spin_unlock+0x57/0x270 [ 3184.422517][T17805] ? _raw_spin_unlock+0x2d/0x50 [ 3184.427389][T17805] try_charge+0x102c/0x15c0 [ 3184.431906][T17805] ? find_held_lock+0x35/0x130 [ 3184.436697][T17805] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3184.442260][T17805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.448525][T17805] ? kasan_check_read+0x11/0x20 [ 3184.453382][T17805] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3184.458989][T17805] mem_cgroup_try_charge+0x24d/0x5e0 [ 3184.464278][T17805] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3184.469906][T17805] __handle_mm_fault+0x1e1f/0x3ec0 [ 3184.475017][T17805] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3184.480570][T17805] ? find_held_lock+0x35/0x130 [ 3184.485356][T17805] ? handle_mm_fault+0x322/0xb30 [ 3184.490298][T17805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.496590][T17805] ? kasan_check_read+0x11/0x20 [ 3184.501443][T17805] handle_mm_fault+0x43f/0xb30 [ 3184.506205][T17805] __do_page_fault+0x5ef/0xda0 [ 3184.510957][T17805] do_page_fault+0x71/0x581 [ 3184.515452][T17805] ? page_fault+0x8/0x30 [ 3184.519684][T17805] page_fault+0x1e/0x30 [ 3184.523854][T17805] RIP: 0023:0x8055172 [ 3184.528272][T17805] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3184.547870][T17805] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3184.553924][T17805] RAX: 00000000f5d10b40 RBX: 0000000000020000 RCX: 00000000f5cf0000 [ 3184.561900][T17805] RDX: 0000000000000003 RSI: 00000000f5d10b40 RDI: 0000000000021000 [ 3184.569868][T17805] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3184.577847][T17805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3184.585835][T17805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3184.606640][T17805] memory: usage 5244kB, limit 0kB, failcnt 1356 [ 3184.612933][T17805] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3184.620603][T17805] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3184.627520][T17805] Memory cgroup stats for /syz4: cache:84KB rss:0KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3184.651012][T17805] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17805,uid=0 [ 3184.666725][T17805] Memory cgroup out of memory: Killed process 17805 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3184.688289][ T1044] oom_reaper: reaped process 17805 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:29:18 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x45020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:18 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) 00:29:18 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xa801000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:18 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:18 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x3102000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3184.728836][T17797] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3184.754283][T17797] CPU: 1 PID: 17797 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3184.762321][T17797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3184.772386][T17797] Call Trace: [ 3184.772419][T17797] dump_stack+0x172/0x1f0 [ 3184.780038][T17797] dump_header+0x10f/0xb6c [ 3184.784468][T17797] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3184.790298][T17797] ? ___ratelimit+0x60/0x595 [ 3184.790316][T17797] ? do_raw_spin_unlock+0x57/0x270 [ 3184.790335][T17797] oom_kill_process.cold+0x10/0x15 [ 3184.790354][T17797] out_of_memory+0x79a/0x1280 [ 3184.809883][T17797] ? lock_downgrade+0x880/0x880 [ 3184.814757][T17797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.821020][T17797] ? oom_killer_disable+0x280/0x280 [ 3184.821037][T17797] ? find_held_lock+0x35/0x130 [ 3184.821062][T17797] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3184.821081][T17797] ? memcg_event_wake+0x230/0x230 [ 3184.836607][T17797] ? do_raw_spin_unlock+0x57/0x270 [ 3184.836635][T17797] ? _raw_spin_unlock+0x2d/0x50 [ 3184.846783][T17797] try_charge+0x102c/0x15c0 [ 3184.846798][T17797] ? find_held_lock+0x35/0x130 [ 3184.846816][T17797] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3184.846831][T17797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.846848][T17797] ? kasan_check_read+0x11/0x20 [ 3184.846863][T17797] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3184.846879][T17797] mem_cgroup_try_charge+0x24d/0x5e0 [ 3184.846898][T17797] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3184.846920][T17797] __handle_mm_fault+0x1e1f/0x3ec0 [ 3184.856278][T17797] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3184.856295][T17797] ? find_held_lock+0x35/0x130 [ 3184.856309][T17797] ? handle_mm_fault+0x322/0xb30 [ 3184.856330][T17797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.856349][T17797] ? kasan_check_read+0x11/0x20 [ 3184.856373][T17797] handle_mm_fault+0x43f/0xb30 [ 3184.866700][T17797] __do_page_fault+0x5ef/0xda0 [ 3184.866722][T17797] do_page_fault+0x71/0x581 [ 3184.866736][T17797] ? page_fault+0x8/0x30 [ 3184.866748][T17797] page_fault+0x1e/0x30 [ 3184.866759][T17797] RIP: 0023:0x804afea [ 3184.866774][T17797] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3184.866780][T17797] RSP: 002b:000000000845ed10 EFLAGS: 00010202 00:29:18 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:18 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) [ 3184.866791][T17797] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3184.866799][T17797] RDX: 000000000000000c RSI: 000000000030960d RDI: 0000000000000000 [ 3184.866814][T17797] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3184.883461][T17797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3184.883471][T17797] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3185.028242][T17797] memory: usage 4980kB, limit 0kB, failcnt 1365 [ 3185.041116][T17797] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3185.065825][T17797] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:29:18 executing program 5: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) ioctl$TUNGETFILTER(r8, 0x801054db, &(0x7f0000000700)=""/4096) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3185.104760][T17797] Memory cgroup stats for /syz4: cache:84KB rss:0KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3185.220150][T17797] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17797,uid=0 [ 3185.306036][T17797] Memory cgroup out of memory: Killed process 17797 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3185.354160][ T1044] oom_reaper: reaped process 17797 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB [ 3185.358916][T17819] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3185.388304][T17819] CPU: 0 PID: 17819 Comm: syz-executor.5 Not tainted 5.1.0-rc6+ #84 [ 3185.396342][T17819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3185.406441][T17819] Call Trace: [ 3185.409759][T17819] dump_stack+0x172/0x1f0 [ 3185.414145][T17819] dump_header+0x10f/0xb6c [ 3185.418584][T17819] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3185.424413][T17819] ? ___ratelimit+0x60/0x595 [ 3185.429015][T17819] ? do_raw_spin_unlock+0x57/0x270 [ 3185.434150][T17819] oom_kill_process.cold+0x10/0x15 [ 3185.439281][T17819] out_of_memory+0x79a/0x1280 [ 3185.444326][T17819] ? oom_killer_disable+0x280/0x280 [ 3185.449542][T17819] ? find_held_lock+0x35/0x130 [ 3185.454334][T17819] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3185.459906][T17819] ? memcg_event_wake+0x230/0x230 [ 3185.464957][T17819] ? do_raw_spin_unlock+0x57/0x270 [ 3185.470100][T17819] ? _raw_spin_unlock+0x2d/0x50 [ 3185.474977][T17819] try_charge+0x102c/0x15c0 [ 3185.479496][T17819] ? find_held_lock+0x35/0x130 [ 3185.484285][T17819] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3185.489876][T17819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3185.496163][T17819] ? kasan_check_read+0x11/0x20 [ 3185.501055][T17819] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3185.506644][T17819] mem_cgroup_try_charge+0x24d/0x5e0 [ 3185.511994][T17819] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3185.517655][T17819] __handle_mm_fault+0x1e1f/0x3ec0 [ 3185.522879][T17819] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3185.528448][T17819] ? find_held_lock+0x35/0x130 [ 3185.533250][T17819] ? handle_mm_fault+0x322/0xb30 [ 3185.538220][T17819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3185.544490][T17819] ? kasan_check_read+0x11/0x20 [ 3185.549367][T17819] handle_mm_fault+0x43f/0xb30 [ 3185.554154][T17819] __do_page_fault+0x5ef/0xda0 [ 3185.559081][T17819] do_page_fault+0x71/0x581 [ 3185.563610][T17819] ? page_fault+0x8/0x30 [ 3185.567866][T17819] page_fault+0x1e/0x30 [ 3185.572026][T17819] RIP: 0023:0x8055172 [ 3185.576021][T17819] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3185.595641][T17819] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3185.601719][T17819] RAX: 00000000f5d5cb40 RBX: 0000000000020000 RCX: 00000000f5d3c000 [ 3185.609705][T17819] RDX: 0000000000000003 RSI: 00000000f5d5cb40 RDI: 0000000000021000 [ 3185.617776][T17819] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3185.625760][T17819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3185.633743][T17819] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3185.713661][T17819] memory: usage 49452kB, limit 0kB, failcnt 817 [ 3185.720088][T17819] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3185.734005][T17819] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3185.748895][T17819] Memory cgroup stats for /syz5: cache:0KB rss:188KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:140KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3185.801638][T17819] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17378,uid=0 [ 3185.849655][T17819] Memory cgroup out of memory: Killed process 17378 (syz-executor.5) total-vm:72056kB, anon-rss:96kB, file-rss:35556kB, shmem-rss:0kB 00:29:20 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:20 executing program 5: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x0, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) [ 3186.822546][T17826] IPVS: ftp: loaded support on port[0] = 21 00:29:20 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x46000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:20 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xa802000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:20 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:20 executing program 5: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x0, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) [ 3187.197397][T17837] IPVS: ftp: loaded support on port[0] = 21 00:29:21 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x46010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3188.485028][T17826] chnl_net:caif_netlink_parms(): no params data found [ 3188.701389][T17837] chnl_net:caif_netlink_parms(): no params data found [ 3188.713362][T17826] bridge0: port 1(bridge_slave_0) entered blocking state [ 3188.723731][T17826] bridge0: port 1(bridge_slave_0) entered disabled state [ 3188.745469][T17826] device bridge_slave_0 entered promiscuous mode [ 3188.829051][T17826] bridge0: port 2(bridge_slave_1) entered blocking state [ 3188.831903][T17851] IPVS: ftp: loaded support on port[0] = 21 [ 3188.843679][T17826] bridge0: port 2(bridge_slave_1) entered disabled state [ 3188.859137][T17826] device bridge_slave_1 entered promiscuous mode [ 3189.154434][T17826] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3189.168321][T17837] bridge0: port 1(bridge_slave_0) entered blocking state [ 3189.177314][T17837] bridge0: port 1(bridge_slave_0) entered disabled state [ 3189.193023][T17837] device bridge_slave_0 entered promiscuous mode [ 3189.227679][T17826] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3189.281194][T17837] bridge0: port 2(bridge_slave_1) entered blocking state [ 3189.303567][T17837] bridge0: port 2(bridge_slave_1) entered disabled state [ 3189.327862][T17837] device bridge_slave_1 entered promiscuous mode [ 3189.367826][T17853] IPVS: ftp: loaded support on port[0] = 21 [ 3189.540123][T17826] team0: Port device team_slave_0 added [ 3189.555851][T17837] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3189.576036][T17826] team0: Port device team_slave_1 added [ 3189.648865][T17837] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3189.729370][T17837] team0: Port device team_slave_0 added [ 3189.810350][T17837] team0: Port device team_slave_1 added [ 3189.870043][T17826] device hsr_slave_0 entered promiscuous mode [ 3189.975927][T17826] device hsr_slave_1 entered promiscuous mode [ 3190.339148][T17837] device hsr_slave_0 entered promiscuous mode [ 3190.405881][T17837] device hsr_slave_1 entered promiscuous mode [ 3190.728343][T17851] chnl_net:caif_netlink_parms(): no params data found [ 3190.985335][T17853] chnl_net:caif_netlink_parms(): no params data found [ 3191.181224][T17851] bridge0: port 1(bridge_slave_0) entered blocking state [ 3191.194145][T17851] bridge0: port 1(bridge_slave_0) entered disabled state [ 3191.205432][T17851] device bridge_slave_0 entered promiscuous mode [ 3191.318685][T17851] bridge0: port 2(bridge_slave_1) entered blocking state [ 3191.326626][T17851] bridge0: port 2(bridge_slave_1) entered disabled state [ 3191.337583][T17851] device bridge_slave_1 entered promiscuous mode [ 3191.468813][T17853] bridge0: port 1(bridge_slave_0) entered blocking state [ 3191.476707][T17853] bridge0: port 1(bridge_slave_0) entered disabled state [ 3191.490424][T17853] device bridge_slave_0 entered promiscuous mode [ 3191.516954][T17851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3191.591412][T17853] bridge0: port 2(bridge_slave_1) entered blocking state [ 3191.599644][T17853] bridge0: port 2(bridge_slave_1) entered disabled state [ 3191.610777][T17853] device bridge_slave_1 entered promiscuous mode [ 3191.625992][T17851] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3191.746879][T17853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3191.771408][T17851] team0: Port device team_slave_0 added [ 3191.943947][T17853] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3191.964005][T17851] team0: Port device team_slave_1 added [ 3192.114890][T17826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3192.127131][T17853] team0: Port device team_slave_0 added [ 3192.210490][T17853] team0: Port device team_slave_1 added [ 3192.250740][T17851] device hsr_slave_0 entered promiscuous mode [ 3192.296216][T17851] device hsr_slave_1 entered promiscuous mode [ 3192.579625][T17853] device hsr_slave_0 entered promiscuous mode [ 3192.625854][T17853] device hsr_slave_1 entered promiscuous mode [ 3192.694556][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3192.705678][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3192.895601][T17837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3192.907751][T17826] 8021q: adding VLAN 0 to HW filter on device team0 [ 3193.068321][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3193.080015][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3193.091733][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3193.103122][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3193.113114][ T5483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3193.120262][ T5483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3193.212196][T17837] 8021q: adding VLAN 0 to HW filter on device team0 [ 3193.220652][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3193.277516][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3193.289227][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3193.301231][ T5481] bridge0: port 2(bridge_slave_1) entered blocking state [ 3193.308394][ T5481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3193.319164][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3193.330765][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3193.340741][ T5481] bridge0: port 1(bridge_slave_0) entered blocking state [ 3193.347891][ T5481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3193.453165][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3193.465629][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3193.476771][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3193.488355][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3193.498239][ T8099] bridge0: port 2(bridge_slave_1) entered blocking state [ 3193.505358][ T8099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3193.616519][T15633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3193.628696][T15633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3193.802975][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3193.815355][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3193.826004][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3193.871739][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3193.883146][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3193.896524][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3193.986772][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3193.998597][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3194.009308][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3194.044819][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3194.056635][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3194.075868][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3194.086798][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3194.195991][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3194.206417][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3194.217593][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3194.228090][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3194.260526][T17826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3194.285427][T15633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3194.296105][T15633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3194.391222][T17853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3194.427077][T17837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3194.471541][T17851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3194.589793][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3194.599435][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3194.708621][T17853] 8021q: adding VLAN 0 to HW filter on device team0 [ 3194.720853][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3194.730693][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3194.750903][T17851] 8021q: adding VLAN 0 to HW filter on device team0 [ 3194.844766][T17837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3194.861186][T17826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3194.878305][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3194.889776][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3194.899590][ T5483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3194.906733][ T5483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3194.922711][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3194.951037][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3194.986166][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3195.005854][ T5483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3195.012948][ T5483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3195.065062][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3195.187926][T17860] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3195.208778][T17860] CPU: 0 PID: 17860 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3195.216799][T17860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3195.226865][T17860] Call Trace: [ 3195.226899][T17860] dump_stack+0x172/0x1f0 [ 3195.226919][T17860] dump_header+0x10f/0xb6c [ 3195.226935][T17860] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3195.226950][T17860] ? ___ratelimit+0x60/0x595 [ 3195.226964][T17860] ? do_raw_spin_unlock+0x57/0x270 [ 3195.226978][T17860] oom_kill_process.cold+0x10/0x15 [ 3195.226993][T17860] out_of_memory+0x79a/0x1280 [ 3195.227008][T17860] ? lock_downgrade+0x880/0x880 [ 3195.227023][T17860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3195.227037][T17860] ? oom_killer_disable+0x280/0x280 [ 3195.227048][T17860] ? find_held_lock+0x35/0x130 [ 3195.227070][T17860] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3195.227083][T17860] ? memcg_event_wake+0x230/0x230 [ 3195.227112][T17860] ? do_raw_spin_unlock+0x57/0x270 [ 3195.227127][T17860] ? _raw_spin_unlock+0x2d/0x50 [ 3195.227144][T17860] try_charge+0x102c/0x15c0 [ 3195.227156][T17860] ? find_held_lock+0x35/0x130 [ 3195.227176][T17860] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3195.227197][T17860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3195.227216][T17860] ? kasan_check_read+0x11/0x20 [ 3195.227234][T17860] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3195.227251][T17860] mem_cgroup_try_charge+0x24d/0x5e0 [ 3195.227271][T17860] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3195.227291][T17860] __handle_mm_fault+0x1e1f/0x3ec0 [ 3195.227311][T17860] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3195.227324][T17860] ? find_held_lock+0x35/0x130 [ 3195.227340][T17860] ? handle_mm_fault+0x322/0xb30 [ 3195.227362][T17860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3195.227379][T17860] ? kasan_check_read+0x11/0x20 [ 3195.227398][T17860] handle_mm_fault+0x43f/0xb30 [ 3195.227416][T17860] __do_page_fault+0x5ef/0xda0 [ 3195.227437][T17860] do_page_fault+0x71/0x581 [ 3195.227450][T17860] ? page_fault+0x8/0x30 [ 3195.227465][T17860] page_fault+0x1e/0x30 [ 3195.227477][T17860] RIP: 0023:0x8055172 [ 3195.227493][T17860] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3195.227501][T17860] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3195.227513][T17860] RAX: 00000000f5d9db40 RBX: 0000000000020000 RCX: 00000000f5d7d000 [ 3195.227522][T17860] RDX: 0000000000000003 RSI: 00000000f5d9db40 RDI: 0000000000021000 [ 3195.227530][T17860] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3195.227537][T17860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3195.227545][T17860] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3195.231618][T17860] memory: usage 3728kB, limit 0kB, failcnt 2333 [ 3195.483814][T17860] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3195.491357][T17860] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3195.527050][T17860] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3195.763661][T17860] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17860,uid=0 [ 3195.803680][T17860] Memory cgroup out of memory: Killed process 17860 (syz-executor.0) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB [ 3195.826182][ T1044] oom_reaper: reaped process 17860 (syz-executor.0), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:29:29 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3195.875973][T17837] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3195.893761][T17837] CPU: 0 PID: 17837 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3195.901777][T17837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3195.911847][T17837] Call Trace: [ 3195.915158][T17837] dump_stack+0x172/0x1f0 [ 3195.919507][T17837] dump_header+0x10f/0xb6c [ 3195.923928][T17837] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3195.929737][T17837] ? ___ratelimit+0x60/0x595 [ 3195.934329][T17837] ? do_raw_spin_unlock+0x57/0x270 [ 3195.939446][T17837] oom_kill_process.cold+0x10/0x15 [ 3195.939472][T17837] out_of_memory+0x79a/0x1280 [ 3195.949251][T17837] ? lock_downgrade+0x880/0x880 [ 3195.949267][T17837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3195.949287][T17837] ? oom_killer_disable+0x280/0x280 [ 3195.960351][T17837] ? find_held_lock+0x35/0x130 [ 3195.960380][T17837] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3195.960398][T17837] ? memcg_event_wake+0x230/0x230 [ 3195.980888][T17837] ? do_raw_spin_unlock+0x57/0x270 [ 3195.980910][T17837] ? _raw_spin_unlock+0x2d/0x50 [ 3195.990857][T17837] try_charge+0x102c/0x15c0 [ 3195.990880][T17837] ? find_held_lock+0x35/0x130 [ 3196.000145][T17837] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3196.000166][T17837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3196.000197][T17837] ? kasan_check_read+0x11/0x20 [ 3196.011956][T17837] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3196.011977][T17837] mem_cgroup_try_charge+0x24d/0x5e0 [ 3196.011998][T17837] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3196.033258][T17837] __handle_mm_fault+0x1e1f/0x3ec0 [ 3196.038374][T17837] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3196.038390][T17837] ? find_held_lock+0x35/0x130 [ 3196.038411][T17837] ? handle_mm_fault+0x322/0xb30 [ 3196.048713][T17837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3196.048735][T17837] ? kasan_check_read+0x11/0x20 [ 3196.048756][T17837] handle_mm_fault+0x43f/0xb30 [ 3196.064749][T17837] __do_page_fault+0x5ef/0xda0 [ 3196.064778][T17837] do_page_fault+0x71/0x581 [ 3196.074293][T17837] ? page_fault+0x8/0x30 [ 3196.074308][T17837] page_fault+0x1e/0x30 [ 3196.074319][T17837] RIP: 0023:0x804afea [ 3196.074333][T17837] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3196.074340][T17837] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3196.074352][T17837] RAX: 000000000845fde0 RBX: 0000000000000012 RCX: 000000000845fd80 [ 3196.074360][T17837] RDX: 000000000000000c RSI: 000000000030c096 RDI: 0000000000000000 [ 3196.074367][T17837] RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 [ 3196.074374][T17837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3196.074380][T17837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3196.159173][T17837] memory: usage 3464kB, limit 0kB, failcnt 2342 [ 3196.166059][T17837] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3196.174079][T17837] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3196.180958][T17837] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3196.202741][T17837] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17837,uid=0 [ 3196.224548][T17837] Memory cgroup out of memory: Killed process 17837 (syz-executor.0) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3196.278385][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3196.296028][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 00:29:29 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/121, 0x79}], 0x1) write(r0, &(0x7f0000000240)="8e5f1a7f32f91361", 0x8) 00:29:29 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xa900000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:29 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x46020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3196.325144][T17386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3196.332294][T17386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3196.370033][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3196.396717][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3196.406152][T17386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3196.413280][T17386] bridge0: port 2(bridge_slave_1) entered forwarding state 00:29:30 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0) [ 3196.504799][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 00:29:30 executing program 3: creat(&(0x7f0000000380)='./bus\x00', 0x0) r0 = gettid() openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x3c8, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x1b) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) futex(0x0, 0x8b, 0x0, 0x0, &(0x7f00000002c0)=0xfffffffffffffffd, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x10000) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[.\xf6\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+\x8d\xed\xa6\\\x1c\xc3\x97\x94\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4\xc4\x88C\xa2B\x8b\x81\v\xea\t\xf0\x8fw\a\f\x15\xe2\xd0q\xbb\r\x17`s\xec\x85>\xcf\xab9(\xf6.\x15\xcd2-\xf2\xc4\xd8\x00a\xd5\xd9\xb5Z\xd7\xb4\xac\x1d_+k\xd6\x8ag\xdceHE\xd5\x1c\x8a\xbd#\xcc\x82\xca\xc2(\xb6\xe1\x99p\x9b\xa3D\xd2\x91\x96\xef\x05\fv\x16\x14\xcc\xea\x9d\x11w\x1e\xb5VG\x9ad\x9a`=^h\x8c8\xc9\"\x1eO\xb5vk\xc9\xcfi\x90\xd7\xd3H\xa1\xb4\xda\v\x17\x95\xf7\x19\x99\x99\x92\xc3\xc0\x8a\x18\xc7\"g\xd7B\x8f\x85\x18\xf3\x02\xa7\xb6\x83\x92\xefY\xef\x85\x92\x10E\x18\xbc\xacy\xd6\xa7Wh\xcd\xd0\xfa\xcc\xde\xeb\xdf\xad\xfd\xb0\xee\xfb\xc2(\x8cj\xd0uj{4\xb2\xe1p\x88u6\x9a;\xaa\x9f+J\x9e\xe3\xcc\xc7O\xad\x84\x8c;\x92~,\x15\xb2\x97\f~\xa0W\x16\x8b\a\x88\xaa\xe4C\xaf\x90\xdf\x7f\xe51\x00/n\xb5f\x1a\x8c+\xea<\xe3N@\x9e\xec\xbe{\x90x\xc6\x95!\xea\x11\xda\xe1I\x1d\xcbY\xe1\x01\xd2d\xae\xd1(>\xa3\xa9\x93\x16\xc6G\x94|', 0x2761, 0x0) r3 = perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0xffff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, 0xc7cd, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0xd199, 0x9, 0x9, 0x0, 0x4, 0x5, 0x9, 0x0, 0x8000, 0x3f, 0x28, 0xff, 0x400, 0x6d1, 0x0, 0x3f, 0x80000000, 0x3, 0x400, 0x7, 0xe2aa, 0x0, 0x101, 0x0, @perf_config_ext={0x7, 0x8000}, 0x1, 0x0, 0x2e9e, 0x6, 0xfcd, 0x9, 0x9}, 0x0, 0x0, r1, 0x1) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) write$P9_RSYMLINK(r2, &(0x7f0000000100)={0x14, 0x11, 0x1, {0x40, 0x1, 0x4}}, 0x14) lsetxattr$security_ima(&(0x7f0000000000)='./bus\x00', &(0x7f00000000c0)='security.ima\x00', &(0x7f0000000180)=@ng={0x4, 0x10, "1ab0e13d4598c3469a7585228c295ff5ee81"}, 0x14, 0x0) ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) r4 = open(0x0, 0x2202, 0x0) ptrace$cont(0xffffffffffffffff, r0, 0x4, 0x6) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xc, 0x4002091, r4, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000340), &(0x7f0000000140)=0x14) 00:29:30 executing program 3: r0 = memfd_create(&(0x7f00000001c0)='#! ', 0x1) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='#!'], 0x2) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 00:29:30 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8, 0x8}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000000), 0x0}, 0x20) [ 3197.364066][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3197.427409][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3197.457392][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3197.579150][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3197.602928][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3197.614010][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3197.626994][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3197.794068][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3197.812225][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3197.823164][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3197.835987][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3197.875963][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3197.895541][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3198.001133][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3198.015831][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3198.103760][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3198.116792][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3198.128450][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3198.140139][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3198.178694][T17851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3198.216965][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3198.237222][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3198.326404][T17853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3198.541736][T17851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3198.587488][T17853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3198.787159][T17897] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3198.834325][T17897] CPU: 1 PID: 17897 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3198.842360][T17897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3198.852433][T17897] Call Trace: [ 3198.855745][T17897] dump_stack+0x172/0x1f0 [ 3198.860092][T17897] dump_header+0x10f/0xb6c [ 3198.864540][T17897] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3198.870361][T17897] ? ___ratelimit+0x60/0x595 [ 3198.874963][T17897] ? do_raw_spin_unlock+0x57/0x270 [ 3198.880103][T17897] oom_kill_process.cold+0x10/0x15 [ 3198.885235][T17897] out_of_memory+0x79a/0x1280 [ 3198.889928][T17897] ? __sched_text_start+0x8/0x8 [ 3198.894799][T17897] ? oom_killer_disable+0x280/0x280 [ 3198.900024][T17897] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3198.905593][T17897] ? memcg_event_wake+0x230/0x230 [ 3198.910639][T17897] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3198.916461][T17897] ? cgroup_file_notify+0x140/0x1b0 [ 3198.921673][T17897] memory_max_write+0x169/0x300 [ 3198.926570][T17897] ? mem_cgroup_write+0x360/0x360 [ 3198.931610][T17897] ? mem_cgroup_write+0x360/0x360 [ 3198.936658][T17897] cgroup_file_write+0x245/0x7a0 [ 3198.941617][T17897] ? mem_cgroup_write+0x360/0x360 [ 3198.946649][T17897] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3198.952309][T17897] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3198.957960][T17897] kernfs_fop_write+0x2ba/0x480 [ 3198.962825][T17897] __vfs_write+0x8d/0x110 [ 3198.967167][T17897] ? kernfs_fop_open+0xd90/0xd90 [ 3198.972142][T17897] vfs_write+0x20c/0x580 [ 3198.976422][T17897] ksys_write+0x14f/0x2d0 [ 3198.980770][T17897] ? __ia32_sys_read+0xb0/0xb0 [ 3198.985549][T17897] ? do_fast_syscall_32+0xd1/0xc98 [ 3198.990669][T17897] ? entry_SYSENTER_compat+0x70/0x7f [ 3198.995970][T17897] ? do_fast_syscall_32+0xd1/0xc98 [ 3199.001102][T17897] __ia32_sys_write+0x71/0xb0 [ 3199.005802][T17897] do_fast_syscall_32+0x281/0xc98 [ 3199.010838][T17897] entry_SYSENTER_compat+0x70/0x7f [ 3199.015951][T17897] RIP: 0023:0xf7f8a869 [ 3199.020027][T17897] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3199.020036][T17897] RSP: 002b:00000000f5d860cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3199.020051][T17897] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3199.020059][T17897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3199.020067][T17897] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3199.020083][T17897] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3199.077626][T17897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3199.174076][T17897] memory: usage 5120kB, limit 0kB, failcnt 1366 [ 3199.180978][T17897] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3199.213956][T17897] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3199.221623][T17897] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3199.271052][T17897] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17896,uid=0 [ 3199.381848][T17897] Memory cgroup out of memory: Killed process 17896 (syz-executor.4) total-vm:72320kB, anon-rss:132kB, file-rss:35580kB, shmem-rss:0kB [ 3199.409129][ T1044] oom_reaper: reaped process 17896 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:29:33 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:33 executing program 3: r0 = inotify_init1(0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) fcntl$setflags(r0, 0x2, 0x0) 00:29:33 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:33 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xa901000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) dup3(r2, r1, 0x0) 00:29:33 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x47000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3199.734890][T17851] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3199.758016][T17851] CPU: 1 PID: 17851 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3199.766045][T17851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3199.766051][T17851] Call Trace: [ 3199.766079][T17851] dump_stack+0x172/0x1f0 [ 3199.766112][T17851] dump_header+0x10f/0xb6c [ 3199.766129][T17851] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3199.766144][T17851] ? ___ratelimit+0x60/0x595 [ 3199.766159][T17851] ? do_raw_spin_unlock+0x57/0x270 [ 3199.766175][T17851] oom_kill_process.cold+0x10/0x15 [ 3199.766202][T17851] out_of_memory+0x79a/0x1280 [ 3199.813522][T17851] ? lock_downgrade+0x880/0x880 [ 3199.818384][T17851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3199.818405][T17851] ? oom_killer_disable+0x280/0x280 [ 3199.818420][T17851] ? find_held_lock+0x35/0x130 [ 3199.818446][T17851] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3199.818470][T17851] ? memcg_event_wake+0x230/0x230 [ 3199.845208][T17851] ? do_raw_spin_unlock+0x57/0x270 [ 3199.850340][T17851] ? _raw_spin_unlock+0x2d/0x50 [ 3199.855212][T17851] try_charge+0x102c/0x15c0 [ 3199.859730][T17851] ? find_held_lock+0x35/0x130 [ 3199.864512][T17851] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3199.870074][T17851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3199.876337][T17851] ? kasan_check_read+0x11/0x20 [ 3199.881205][T17851] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3199.886761][T17851] mem_cgroup_try_charge+0x24d/0x5e0 [ 3199.892059][T17851] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3199.897724][T17851] __handle_mm_fault+0x1e1f/0x3ec0 [ 3199.902850][T17851] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3199.908400][T17851] ? find_held_lock+0x35/0x130 [ 3199.913171][T17851] ? handle_mm_fault+0x322/0xb30 [ 3199.918132][T17851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3199.924384][T17851] ? kasan_check_read+0x11/0x20 [ 3199.929261][T17851] handle_mm_fault+0x43f/0xb30 [ 3199.934037][T17851] __do_page_fault+0x5ef/0xda0 [ 3199.938817][T17851] do_page_fault+0x71/0x581 [ 3199.943331][T17851] ? page_fault+0x8/0x30 [ 3199.947585][T17851] page_fault+0x1e/0x30 [ 3199.951744][T17851] RIP: 0023:0x804afea [ 3199.955729][T17851] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3199.975348][T17851] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3199.981434][T17851] RAX: 000000000845fde0 RBX: 0000000000000019 RCX: 000000000845fd80 [ 3199.989420][T17851] RDX: 000000000000000c RSI: 000000000030ce98 RDI: 0000000000000000 [ 3199.997426][T17851] RBP: 0000000000000019 R08: 0000000000000000 R09: 0000000000000000 [ 3200.005426][T17851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3200.013415][T17851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:29:33 executing program 3: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fcntl$notify(r0, 0x402, 0x28) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00\x14\x9d\xe7\x8b\xbbz\x98\x1e\xc8>i\x8f\x0f\xa5~\x88\xf4\xe9\xbc\xb0\xc0\xfd\xf7\x16_\x89\'V\x98\x05.\x80\xde0\xf1\xb6\xaaoz0\xf7m-J\x10+N\xd4\xf5\x12\xe2\x1b8\xf8\x9d\x12*\\\xad\xc6\xd2\xcc\xb3\x88j\xd9c\x0e\xac\xb9\xfb\x8a\x84\xb8\x0eVK\xf0\x12') syz_open_dev$video(&(0x7f0000000340)='/dev/video#\x00', 0x3, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f00000001c0)) r3 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00002aafe4)={0xa, 0x4e22, 0x0, @ipv4}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x400005, 0x84) ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0xb4d) connect$netlink(r2, &(0x7f0000000040)=@proc={0x10, 0x0, 0x0, 0x40}, 0xc) sendto$inet6(r4, &(0x7f0000000100)='F', 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4004700c, 0x345) r6 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r6, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r6, 0x20000003) r7 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r7, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) r8 = accept4(r6, &(0x7f0000000540)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x800) write$binfmt_elf64(r8, &(0x7f0000002080)=ANY=[@ANYBLOB="7f454c460904050907000000000000000300070007000000f8010000000000004000000000000000a303000000000000880000000500380001007f00010401000000000001000080030000000200000000000000ff7f000000000000010000000000001386ecd4ffffffffff0000000004000000aa0900000000000000000000000000000000000000000000090000000000000004000000000000000000000000050800b2b8e7c0207f8c15435c5f65b824f9482fce5a469e19cefe3db700dc0aba3b189fc1cba86b252746cf2a9f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000065de00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff4000000000000000000000000000000000000000000000000ff7f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4177202ebb80a00080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090ea000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043ee40e966c62f82e4fcdc96ed2d4f95616dc23050816251768870c4636f0fcdff6ffd8c3ceb70a69cb9f89a571a082ee88906646933aa7141d2527e536bf171b66a21206d2b413aa235b9d9ac4d4cd4489895ba945ef0ec4fa739ec46991a1cf4a433fab8d212c2a9f6cb8329fa4a5a0501640101114bb0675e44fcf6c1b99e503410cc4412932daf477d4ee629eae0ae0258f291979586f632ec335f48caada21fae1e97bc808b88a3b3858167e9cf21c575ea195fbc9b072bb9e808f7d137ec002b901bbe88241ec358b37a9e1ce1a1ff8a3df8f04c4fdea5ebf762a8ca7b84e2442df5dc8b333440a2e651250b87474852804317172cf25cd73cc18a47b0b47fc59c0258f222a5230a875d38c6b2401b10a2f9449e87155bec06bd8c7b72db2d7e440f6e4b4cf8511e1c0a83e549b0d2cb6d36e6c7eeed408c5832f464f9aacbad3c112b33ebeb3477c941aee9f3d911563c5ceb0b9325c8d3c63ecedc5e4c059a8eee4a9f11687789212d613fd15559017b85c6cd2f901cc8308ec6b2714e2c35445069c9f2bb64f15ec369c8d02b3c8080abecff11ac62c7e1294dabb1a07614af762e0de24bddb3f60c48ef50554590727ee8be9bf206cf3cdff6a7bd8e5cf4a27d58fac46bc044d87295643c9b755c3d4675814565a849cdd3964408024e9b2151947c756f166615fb875993c129a6d164947bad5e370ecc4b8efe5305bcd04b698a0e1f49bc94c8b9a5788ea725dc8d8419c5df0101000000000000f5c4c9977d584fe2f4ff28fbf3cfc3bd238f93ac089e1af931a36a52426cebbcfa063bd3636ab5f134042dab64abd9de4f4c6726eea204fcab79c9bb4a23c0855b80e76d3a0ea95f19ee478572aadc9595005b04c27955111068496aa818563f94cb7e42b0a7525871ed5d1c3396d3a44aa2568c7c0b5007f8ac5a33dc35f2c8140357af6d3e8300ed983114965fa243c5c609e177bf517dabe3e630fb31da2a9258e1a8e6b67298c293379413338f5f717cf442842496c629b3178d827136a4709ef2ad73aa2bf87f7254c52f000000000000000000000000000000008c72ae0bacea0e3f7466eb984e60a501cc9a46fc0d438273337501f56b37efb91eb4b543730970c5a8f560c7f56e46a1df2f5c6295808ad3468e329046c0150d43d4efab9f5e313dea7f08fe030a059cb7e5f22d47d3bc199eba9e925cd08743b7dd586d8f4aa66d4e73e083c068e07162c75f5260e0d3f89af62d51c1"], 0xb19) setsockopt$inet6_opts(r8, 0x29, 0x37, &(0x7f0000000140)=ANY=[@ANYBLOB="c195c2b0a447819d1dbde13c47f1bfbbe6ad6d05e814af606088140c95e52b5ee5ed681cbb45404e340247460f0c78bce9bb73414a2f9b9d4bbe281b40e8e1506df0e94640125053a922fd54e387f1625780df599cd9431764a44a8e1e420228745d07b735115a194568f7f5a62be1529f948b6b246f56f5892a93a7fc8594a15964738e2105a66370070dd50fcc524918f39dd745e2fc32b82af8d84d58ba05a954f2c40da19a7bda81a71fdc036a296004ee21d284412ddc97e26b7d636f0b4cac04a2f6595bb8fcfbff0950f699e7545c271d6b804080fc36b7d3c46cff80093e71898f8b9d154349144a7d8caddf74495436d2493096dead72e51f747f56c5f39c22668c82decc7fc1c90237b272ec2f876dd8cd5a9dfc236aef047e57e5cb14cf355f6435d99a71d73f45a5aed47351835e406ac8673a10a4a1ba218f2c8c26e7f2", @ANYRES16=r3, @ANYRES32=r8], 0x3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000a40)={0x1, &(0x7f0000000380)=[{}]}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000840)='/dev/qat_adf_ctl\x00', 0x44000, 0x0) [ 3200.046574][T17851] memory: usage 4816kB, limit 0kB, failcnt 1374 [ 3200.081488][T17851] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 00:29:33 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r1, 0x0, 0x7fffffff) [ 3200.103523][T17851] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3200.110721][T17851] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3200.223672][T17851] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17851,uid=0 [ 3200.299167][T17851] Memory cgroup out of memory: Killed process 17851 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB 00:29:33 executing program 3: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fcntl$notify(r0, 0x402, 0x28) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00\x14\x9d\xe7\x8b\xbbz\x98\x1e\xc8>i\x8f\x0f\xa5~\x88\xf4\xe9\xbc\xb0\xc0\xfd\xf7\x16_\x89\'V\x98\x05.\x80\xde0\xf1\xb6\xaaoz0\xf7m-J\x10+N\xd4\xf5\x12\xe2\x1b8\xf8\x9d\x12*\\\xad\xc6\xd2\xcc\xb3\x88j\xd9c\x0e\xac\xb9\xfb\x8a\x84\xb8\x0eVK\xf0\x12') syz_open_dev$video(&(0x7f0000000340)='/dev/video#\x00', 0x3, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f00000001c0)) r3 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00002aafe4)={0xa, 0x4e22, 0x0, @ipv4}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x400005, 0x84) ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0xb4d) connect$netlink(r2, &(0x7f0000000040)=@proc={0x10, 0x0, 0x0, 0x40}, 0xc) sendto$inet6(r4, &(0x7f0000000100)='F', 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4004700c, 0x345) r6 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r6, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r6, 0x20000003) r7 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r7, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) r8 = accept4(r6, &(0x7f0000000540)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x800) write$binfmt_elf64(r8, &(0x7f0000002080)=ANY=[@ANYBLOB="7f454c460904050907000000000000000300070007000000f8010000000000004000000000000000a303000000000000880000000500380001007f00010401000000000001000080030000000200000000000000ff7f000000000000010000000000001386ecd4ffffffffff0000000004000000aa0900000000000000000000000000000000000000000000090000000000000004000000000000000000000000050800b2b8e7c0207f8c15435c5f65b824f9482fce5a469e19cefe3db700dc0aba3b189fc1cba86b252746cf2a9f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000065de00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff4000000000000000000000000000000000000000000000000ff7f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4177202ebb80a00080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090ea000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043ee40e966c62f82e4fcdc96ed2d4f95616dc23050816251768870c4636f0fcdff6ffd8c3ceb70a69cb9f89a571a082ee88906646933aa7141d2527e536bf171b66a21206d2b413aa235b9d9ac4d4cd4489895ba945ef0ec4fa739ec46991a1cf4a433fab8d212c2a9f6cb8329fa4a5a0501640101114bb0675e44fcf6c1b99e503410cc4412932daf477d4ee629eae0ae0258f291979586f632ec335f48caada21fae1e97bc808b88a3b3858167e9cf21c575ea195fbc9b072bb9e808f7d137ec002b901bbe88241ec358b37a9e1ce1a1ff8a3df8f04c4fdea5ebf762a8ca7b84e2442df5dc8b333440a2e651250b87474852804317172cf25cd73cc18a47b0b47fc59c0258f222a5230a875d38c6b2401b10a2f9449e87155bec06bd8c7b72db2d7e440f6e4b4cf8511e1c0a83e549b0d2cb6d36e6c7eeed408c5832f464f9aacbad3c112b33ebeb3477c941aee9f3d911563c5ceb0b9325c8d3c63ecedc5e4c059a8eee4a9f11687789212d613fd15559017b85c6cd2f901cc8308ec6b2714e2c35445069c9f2bb64f15ec369c8d02b3c8080abecff11ac62c7e1294dabb1a07614af762e0de24bddb3f60c48ef50554590727ee8be9bf206cf3cdff6a7bd8e5cf4a27d58fac46bc044d87295643c9b755c3d4675814565a849cdd3964408024e9b2151947c756f166615fb875993c129a6d164947bad5e370ecc4b8efe5305bcd04b698a0e1f49bc94c8b9a5788ea725dc8d8419c5df0101000000000000f5c4c9977d584fe2f4ff28fbf3cfc3bd238f93ac089e1af931a36a52426cebbcfa063bd3636ab5f134042dab64abd9de4f4c6726eea204fcab79c9bb4a23c0855b80e76d3a0ea95f19ee478572aadc9595005b04c27955111068496aa818563f94cb7e42b0a7525871ed5d1c3396d3a44aa2568c7c0b5007f8ac5a33dc35f2c8140357af6d3e8300ed983114965fa243c5c609e177bf517dabe3e630fb31da2a9258e1a8e6b67298c293379413338f5f717cf442842496c629b3178d827136a4709ef2ad73aa2bf87f7254c52f000000000000000000000000000000008c72ae0bacea0e3f7466eb984e60a501cc9a46fc0d438273337501f56b37efb91eb4b543730970c5a8f560c7f56e46a1df2f5c6295808ad3468e329046c0150d43d4efab9f5e313dea7f08fe030a059cb7e5f22d47d3bc199eba9e925cd08743b7dd586d8f4aa66d4e73e083c068e07162c75f5260e0d3f89af62d51c1"], 0xb19) setsockopt$inet6_opts(r8, 0x29, 0x37, &(0x7f0000000140)=ANY=[@ANYBLOB="c195c2b0a447819d1dbde13c47f1bfbbe6ad6d05e814af606088140c95e52b5ee5ed681cbb45404e340247460f0c78bce9bb73414a2f9b9d4bbe281b40e8e1506df0e94640125053a922fd54e387f1625780df599cd9431764a44a8e1e420228745d07b735115a194568f7f5a62be1529f948b6b246f56f5892a93a7fc8594a15964738e2105a66370070dd50fcc524918f39dd745e2fc32b82af8d84d58ba05a954f2c40da19a7bda81a71fdc036a296004ee21d284412ddc97e26b7d636f0b4cac04a2f6595bb8fcfbff0950f699e7545c271d6b804080fc36b7d3c46cff80093e71898f8b9d154349144a7d8caddf74495436d2493096dead72e51f747f56c5f39c22668c82decc7fc1c90237b272ec2f876dd8cd5a9dfc236aef047e57e5cb14cf355f6435d99a71d73f45a5aed47351835e406ac8673a10a4a1ba218f2c8c26e7f2", @ANYRES16=r3, @ANYRES32=r8], 0x3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000a40)={0x1, &(0x7f0000000380)=[{}]}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000840)='/dev/qat_adf_ctl\x00', 0x44000, 0x0) [ 3200.352283][ T1044] oom_reaper: reaped process 17851 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:29:34 executing program 3: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fcntl$notify(r0, 0x402, 0x28) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00\x14\x9d\xe7\x8b\xbbz\x98\x1e\xc8>i\x8f\x0f\xa5~\x88\xf4\xe9\xbc\xb0\xc0\xfd\xf7\x16_\x89\'V\x98\x05.\x80\xde0\xf1\xb6\xaaoz0\xf7m-J\x10+N\xd4\xf5\x12\xe2\x1b8\xf8\x9d\x12*\\\xad\xc6\xd2\xcc\xb3\x88j\xd9c\x0e\xac\xb9\xfb\x8a\x84\xb8\x0eVK\xf0\x12') syz_open_dev$video(&(0x7f0000000340)='/dev/video#\x00', 0x3, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f00000001c0)) r3 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00002aafe4)={0xa, 0x4e22, 0x0, @ipv4}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x400005, 0x84) ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0xb4d) connect$netlink(r2, &(0x7f0000000040)=@proc={0x10, 0x0, 0x0, 0x40}, 0xc) sendto$inet6(r4, &(0x7f0000000100)='F', 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4004700c, 0x345) r6 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r6, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r6, 0x20000003) r7 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r7, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) r8 = accept4(r6, &(0x7f0000000540)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x800) write$binfmt_elf64(r8, &(0x7f0000002080)=ANY=[@ANYBLOB="7f454c460904050907000000000000000300070007000000f8010000000000004000000000000000a303000000000000880000000500380001007f00010401000000000001000080030000000200000000000000ff7f000000000000010000000000001386ecd4ffffffffff0000000004000000aa0900000000000000000000000000000000000000000000090000000000000004000000000000000000000000050800b2b8e7c0207f8c15435c5f65b824f9482fce5a469e19cefe3db700dc0aba3b189fc1cba86b252746cf2a9f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000065de00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff4000000000000000000000000000000000000000000000000ff7f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4177202ebb80a00080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090ea000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000043ee40e966c62f82e4fcdc96ed2d4f95616dc23050816251768870c4636f0fcdff6ffd8c3ceb70a69cb9f89a571a082ee88906646933aa7141d2527e536bf171b66a21206d2b413aa235b9d9ac4d4cd4489895ba945ef0ec4fa739ec46991a1cf4a433fab8d212c2a9f6cb8329fa4a5a0501640101114bb0675e44fcf6c1b99e503410cc4412932daf477d4ee629eae0ae0258f291979586f632ec335f48caada21fae1e97bc808b88a3b3858167e9cf21c575ea195fbc9b072bb9e808f7d137ec002b901bbe88241ec358b37a9e1ce1a1ff8a3df8f04c4fdea5ebf762a8ca7b84e2442df5dc8b333440a2e651250b87474852804317172cf25cd73cc18a47b0b47fc59c0258f222a5230a875d38c6b2401b10a2f9449e87155bec06bd8c7b72db2d7e440f6e4b4cf8511e1c0a83e549b0d2cb6d36e6c7eeed408c5832f464f9aacbad3c112b33ebeb3477c941aee9f3d911563c5ceb0b9325c8d3c63ecedc5e4c059a8eee4a9f11687789212d613fd15559017b85c6cd2f901cc8308ec6b2714e2c35445069c9f2bb64f15ec369c8d02b3c8080abecff11ac62c7e1294dabb1a07614af762e0de24bddb3f60c48ef50554590727ee8be9bf206cf3cdff6a7bd8e5cf4a27d58fac46bc044d87295643c9b755c3d4675814565a849cdd3964408024e9b2151947c756f166615fb875993c129a6d164947bad5e370ecc4b8efe5305bcd04b698a0e1f49bc94c8b9a5788ea725dc8d8419c5df0101000000000000f5c4c9977d584fe2f4ff28fbf3cfc3bd238f93ac089e1af931a36a52426cebbcfa063bd3636ab5f134042dab64abd9de4f4c6726eea204fcab79c9bb4a23c0855b80e76d3a0ea95f19ee478572aadc9595005b04c27955111068496aa818563f94cb7e42b0a7525871ed5d1c3396d3a44aa2568c7c0b5007f8ac5a33dc35f2c8140357af6d3e8300ed983114965fa243c5c609e177bf517dabe3e630fb31da2a9258e1a8e6b67298c293379413338f5f717cf442842496c629b3178d827136a4709ef2ad73aa2bf87f7254c52f000000000000000000000000000000008c72ae0bacea0e3f7466eb984e60a501cc9a46fc0d438273337501f56b37efb91eb4b543730970c5a8f560c7f56e46a1df2f5c6295808ad3468e329046c0150d43d4efab9f5e313dea7f08fe030a059cb7e5f22d47d3bc199eba9e925cd08743b7dd586d8f4aa66d4e73e083c068e07162c75f5260e0d3f89af62d51c1"], 0xb19) setsockopt$inet6_opts(r8, 0x29, 0x37, &(0x7f0000000140)=ANY=[@ANYBLOB="c195c2b0a447819d1dbde13c47f1bfbbe6ad6d05e814af606088140c95e52b5ee5ed681cbb45404e340247460f0c78bce9bb73414a2f9b9d4bbe281b40e8e1506df0e94640125053a922fd54e387f1625780df599cd9431764a44a8e1e420228745d07b735115a194568f7f5a62be1529f948b6b246f56f5892a93a7fc8594a15964738e2105a66370070dd50fcc524918f39dd745e2fc32b82af8d84d58ba05a954f2c40da19a7bda81a71fdc036a296004ee21d284412ddc97e26b7d636f0b4cac04a2f6595bb8fcfbff0950f699e7545c271d6b804080fc36b7d3c46cff80093e71898f8b9d154349144a7d8caddf74495436d2493096dead72e51f747f56c5f39c22668c82decc7fc1c90237b272ec2f876dd8cd5a9dfc236aef047e57e5cb14cf355f6435d99a71d73f45a5aed47351835e406ac8673a10a4a1ba218f2c8c26e7f2", @ANYRES16=r3, @ANYRES32=r8], 0x3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000a40)={0x1, &(0x7f0000000380)=[{}]}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000840)='/dev/qat_adf_ctl\x00', 0x44000, 0x0) 00:29:34 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x200, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file1\x00') r2 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x108) r3 = dup2(r1, r2) execve(&(0x7f00000001c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', 0x0, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={0x0}}, 0x0) [ 3200.957907][T17938] net_ratelimit: 129 callbacks suppressed [ 3200.957942][T17938] dccp_close: ABORT with 2841 bytes unread 00:29:34 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:34 executing program 3: r0 = socket(0x400000011, 0x802, 0x0) setsockopt(r0, 0x107, 0x1, &(0x7f0000d52ff0)="020000000200060000071a80000001cc", 0x10) 00:29:35 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) [ 3201.978481][T17966] IPVS: ftp: loaded support on port[0] = 21 [ 3202.332276][T17966] chnl_net:caif_netlink_parms(): no params data found [ 3202.441945][T17966] bridge0: port 1(bridge_slave_0) entered blocking state [ 3202.449333][T17966] bridge0: port 1(bridge_slave_0) entered disabled state [ 3202.461044][T17966] device bridge_slave_0 entered promiscuous mode [ 3202.472037][T17966] bridge0: port 2(bridge_slave_1) entered blocking state [ 3202.479879][T17966] bridge0: port 2(bridge_slave_1) entered disabled state [ 3202.491532][T17966] device bridge_slave_1 entered promiscuous mode [ 3202.626126][T17966] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3202.705829][T17966] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3202.787391][T17966] team0: Port device team_slave_0 added [ 3202.800215][T17966] team0: Port device team_slave_1 added [ 3202.909809][T17966] device hsr_slave_0 entered promiscuous mode [ 3202.986081][T17966] device hsr_slave_1 entered promiscuous mode [ 3203.151585][T17969] IPVS: ftp: loaded support on port[0] = 21 [ 3203.179854][T17966] bridge0: port 2(bridge_slave_1) entered blocking state [ 3203.187243][T17966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3203.194745][T17966] bridge0: port 1(bridge_slave_0) entered blocking state [ 3203.201851][T17966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3203.378666][T16597] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.389941][T16597] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.948203][T17969] chnl_net:caif_netlink_parms(): no params data found [ 3203.981277][T17966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3204.121569][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3204.133052][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3204.283901][T17966] 8021q: adding VLAN 0 to HW filter on device team0 [ 3204.291937][T17969] bridge0: port 1(bridge_slave_0) entered blocking state [ 3204.300224][T17969] bridge0: port 1(bridge_slave_0) entered disabled state [ 3204.311870][T17969] device bridge_slave_0 entered promiscuous mode [ 3204.462385][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3204.474372][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3204.484160][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3204.491241][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3204.501492][T17969] bridge0: port 2(bridge_slave_1) entered blocking state [ 3204.509159][T17969] bridge0: port 2(bridge_slave_1) entered disabled state [ 3204.520541][T17969] device bridge_slave_1 entered promiscuous mode [ 3204.615531][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3204.636566][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3204.646491][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3204.653661][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3204.672324][T17969] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3204.744783][T17969] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3204.761307][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3204.855695][T17969] team0: Port device team_slave_0 added [ 3204.864369][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3204.889718][T17969] team0: Port device team_slave_1 added [ 3204.954719][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3204.966446][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3205.008614][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3205.131145][T17969] device hsr_slave_0 entered promiscuous mode [ 3205.176060][T17969] device hsr_slave_1 entered promiscuous mode [ 3205.255594][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3205.267614][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3205.382519][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3205.394806][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3205.456875][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3205.468814][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3205.505767][T17966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3205.750436][T17966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3205.925478][T17972] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3205.944309][T17972] CPU: 0 PID: 17972 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3205.952330][T17972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3205.962480][T17972] Call Trace: [ 3205.965787][T17972] dump_stack+0x172/0x1f0 [ 3205.970135][T17972] dump_header+0x10f/0xb6c [ 3205.974569][T17972] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3205.974586][T17972] ? ___ratelimit+0x60/0x595 [ 3205.974602][T17972] ? do_raw_spin_unlock+0x57/0x270 [ 3205.974618][T17972] oom_kill_process.cold+0x10/0x15 [ 3205.974633][T17972] out_of_memory+0x79a/0x1280 [ 3205.974654][T17972] ? lock_downgrade+0x880/0x880 [ 3205.990159][T17972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.010978][T17972] ? oom_killer_disable+0x280/0x280 [ 3206.016179][T17972] ? find_held_lock+0x35/0x130 [ 3206.021053][T17972] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3206.026595][T17972] ? memcg_event_wake+0x230/0x230 [ 3206.031634][T17972] ? do_raw_spin_unlock+0x57/0x270 [ 3206.031654][T17972] ? _raw_spin_unlock+0x2d/0x50 [ 3206.041616][T17972] try_charge+0x102c/0x15c0 [ 3206.046137][T17972] ? find_held_lock+0x35/0x130 [ 3206.050914][T17972] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3206.056865][T17972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.063130][T17972] ? kasan_check_read+0x11/0x20 [ 3206.067997][T17972] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3206.073547][T17972] mem_cgroup_try_charge+0x24d/0x5e0 [ 3206.078843][T17972] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3206.084481][T17972] __handle_mm_fault+0x1e1f/0x3ec0 [ 3206.084501][T17972] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3206.084515][T17972] ? find_held_lock+0x35/0x130 [ 3206.084529][T17972] ? handle_mm_fault+0x322/0xb30 [ 3206.084551][T17972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.084569][T17972] ? kasan_check_read+0x11/0x20 [ 3206.084586][T17972] handle_mm_fault+0x43f/0xb30 [ 3206.084606][T17972] __do_page_fault+0x5ef/0xda0 [ 3206.084626][T17972] do_page_fault+0x71/0x581 [ 3206.084642][T17972] ? page_fault+0x8/0x30 [ 3206.084655][T17972] page_fault+0x1e/0x30 [ 3206.084667][T17972] RIP: 0023:0x8055172 [ 3206.084684][T17972] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3206.105006][T17972] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3206.105019][T17972] RAX: 00000000f5dc7b40 RBX: 0000000000020000 RCX: 00000000f5da7000 [ 3206.105026][T17972] RDX: 0000000000000003 RSI: 00000000f5dc7b40 RDI: 0000000000021000 [ 3206.105032][T17972] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3206.105040][T17972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3206.105046][T17972] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3206.106506][T17972] memory: usage 3676kB, limit 0kB, failcnt 2351 [ 3206.127966][T17972] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3206.139257][T17972] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3206.180571][T17969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3206.193948][T17972] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3206.260421][T17972] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17972,uid=0 [ 3206.276522][T17972] Memory cgroup out of memory: Killed process 17972 (syz-executor.0) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB [ 3206.291422][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3206.301547][ T1044] oom_reaper: reaped process 17972 (syz-executor.0), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3206.316932][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:29:39 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x24, &(0x7f00000002c0)=[@efer={0x2, 0x8100}], 0x1) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:29:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x5e, 0x3ff, 0x1, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000000), 0x0, 0x2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000040), 0x0}, 0x20) 00:29:39 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x47010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:39 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xa902000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3206.348869][T17966] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3206.385649][T17966] CPU: 0 PID: 17966 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3206.393676][T17966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3206.393682][T17966] Call Trace: [ 3206.393710][T17966] dump_stack+0x172/0x1f0 [ 3206.393729][T17966] dump_header+0x10f/0xb6c [ 3206.393744][T17966] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3206.393759][T17966] ? ___ratelimit+0x60/0x595 [ 3206.393773][T17966] ? do_raw_spin_unlock+0x57/0x270 [ 3206.393787][T17966] oom_kill_process.cold+0x10/0x15 [ 3206.393801][T17966] out_of_memory+0x79a/0x1280 [ 3206.393816][T17966] ? lock_downgrade+0x880/0x880 [ 3206.393830][T17966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.393846][T17966] ? oom_killer_disable+0x280/0x280 [ 3206.393857][T17966] ? find_held_lock+0x35/0x130 [ 3206.393880][T17966] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3206.393893][T17966] ? memcg_event_wake+0x230/0x230 [ 3206.393912][T17966] ? do_raw_spin_unlock+0x57/0x270 [ 3206.393926][T17966] ? _raw_spin_unlock+0x2d/0x50 [ 3206.393944][T17966] try_charge+0x102c/0x15c0 [ 3206.393955][T17966] ? find_held_lock+0x35/0x130 [ 3206.393974][T17966] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3206.393989][T17966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.394013][T17966] ? kasan_check_read+0x11/0x20 [ 3206.426498][T17966] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3206.426518][T17966] mem_cgroup_try_charge+0x24d/0x5e0 [ 3206.426537][T17966] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3206.426556][T17966] __handle_mm_fault+0x1e1f/0x3ec0 [ 3206.426576][T17966] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3206.426591][T17966] ? find_held_lock+0x35/0x130 [ 3206.426604][T17966] ? handle_mm_fault+0x322/0xb30 [ 3206.426627][T17966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.426645][T17966] ? kasan_check_read+0x11/0x20 [ 3206.426664][T17966] handle_mm_fault+0x43f/0xb30 [ 3206.426685][T17966] __do_page_fault+0x5ef/0xda0 [ 3206.566138][T17966] do_page_fault+0x71/0x581 [ 3206.570682][T17966] ? page_fault+0x8/0x30 [ 3206.575128][T17966] page_fault+0x1e/0x30 [ 3206.579311][T17966] RIP: 0023:0x804afea [ 3206.583312][T17966] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3206.602931][T17966] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3206.609004][T17966] RAX: 000000000845fde0 RBX: 0000000000000012 RCX: 000000000845fd80 [ 3206.609013][T17966] RDX: 000000000000000c RSI: 000000000030eaa0 RDI: 0000000000000000 [ 3206.609021][T17966] RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 [ 3206.609030][T17966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3206.609037][T17966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3206.660487][T17966] memory: usage 3408kB, limit 0kB, failcnt 2360 [ 3206.669443][T17969] 8021q: adding VLAN 0 to HW filter on device team0 [ 3206.669452][T17966] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3206.669466][T17966] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:29:40 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_subtree(r0, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0) [ 3206.699108][T17966] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3206.786145][T17966] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17966,uid=0 00:29:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = timerfd_create(0x0, 0x0) readv(r2, &(0x7f0000000440)=[{&(0x7f0000001680)=""/4096, 0x1000}], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x7) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x100000032, 0xffffffffffffffff, 0x0) tkill(r1, 0x1000000000016) [ 3206.844309][T17966] Memory cgroup out of memory: Killed process 17966 (syz-executor.0) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3206.895415][ T1044] oom_reaper: reaped process 17966 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:29:40 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_flowlabel\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 3207.246799][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3207.267565][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3207.277347][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3207.284521][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state 00:29:40 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000c40)=""/23, 0x17}], 0x1, 0x0, 0x0, 0x8}}], 0x1, 0x0, 0x0) sched_setaffinity(0x0, 0x181, &(0x7f0000000180)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/route\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0xffffffffffffffd1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, 0x0) 00:29:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 00:29:41 executing program 3: syz_emit_ethernet(0xe, &(0x7f0000000000)={@broadcast, @local, [], {@generic={0x88f5}}}, 0x0) [ 3207.727238][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3207.987138][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3208.013769][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3208.031612][T17386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3208.038780][T17386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3208.124399][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3208.169673][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3208.262699][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3208.279049][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3208.290486][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3208.370415][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3208.381870][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3208.515802][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3208.526608][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3208.549597][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3208.562822][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3208.684063][T17969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3208.800280][T17969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3208.965134][T18023] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3209.007901][T18023] CPU: 1 PID: 18023 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3209.015931][T18023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3209.031733][T18023] Call Trace: [ 3209.035050][T18023] dump_stack+0x172/0x1f0 [ 3209.039396][T18023] dump_header+0x10f/0xb6c [ 3209.043825][T18023] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3209.049637][T18023] ? ___ratelimit+0x60/0x595 [ 3209.054645][T18023] ? do_raw_spin_unlock+0x57/0x270 [ 3209.059766][T18023] oom_kill_process.cold+0x10/0x15 [ 3209.064892][T18023] out_of_memory+0x79a/0x1280 [ 3209.069576][T18023] ? lock_downgrade+0x880/0x880 [ 3209.074434][T18023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.080692][T18023] ? oom_killer_disable+0x280/0x280 [ 3209.085896][T18023] ? find_held_lock+0x35/0x130 [ 3209.090676][T18023] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3209.096245][T18023] ? memcg_event_wake+0x230/0x230 [ 3209.101286][T18023] ? do_raw_spin_unlock+0x57/0x270 [ 3209.106400][T18023] ? _raw_spin_unlock+0x2d/0x50 [ 3209.111261][T18023] try_charge+0x102c/0x15c0 [ 3209.115764][T18023] ? find_held_lock+0x35/0x130 [ 3209.120539][T18023] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3209.126093][T18023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.132353][T18023] ? kasan_check_read+0x11/0x20 [ 3209.137209][T18023] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3209.142760][T18023] mem_cgroup_try_charge+0x24d/0x5e0 [ 3209.148051][T18023] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3209.155331][T18023] __handle_mm_fault+0x1e1f/0x3ec0 [ 3209.160557][T18023] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3209.166135][T18023] ? find_held_lock+0x35/0x130 [ 3209.170881][T18023] ? handle_mm_fault+0x322/0xb30 [ 3209.175804][T18023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.182027][T18023] ? kasan_check_read+0x11/0x20 [ 3209.186864][T18023] handle_mm_fault+0x43f/0xb30 [ 3209.191609][T18023] __do_page_fault+0x5ef/0xda0 [ 3209.196356][T18023] do_page_fault+0x71/0x581 [ 3209.200841][T18023] ? page_fault+0x8/0x30 [ 3209.205062][T18023] page_fault+0x1e/0x30 [ 3209.209194][T18023] RIP: 0023:0x8055172 [ 3209.213153][T18023] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3209.232745][T18023] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3209.238825][T18023] RAX: 00000000f5d78b40 RBX: 0000000000020000 RCX: 00000000f5d58000 [ 3209.246774][T18023] RDX: 0000000000000003 RSI: 00000000f5d78b40 RDI: 0000000000021000 [ 3209.254728][T18023] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3209.262683][T18023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3209.270640][T18023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3209.291034][T18023] memory: usage 5028kB, limit 0kB, failcnt 1383 [ 3209.297528][T18023] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.305058][T18023] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.311956][T18023] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3209.333026][T18023] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18023,uid=0 00:29:42 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = timerfd_create(0x0, 0x0) readv(r2, &(0x7f0000000440)=[{&(0x7f0000001680)=""/4096, 0x1000}], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x7) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x100000032, 0xffffffffffffffff, 0x0) tkill(r1, 0x1000000000016) 00:29:42 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:42 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x47020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:42 executing program 3: [ 3209.348518][T18023] Memory cgroup out of memory: Killed process 18023 (syz-executor.4) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB [ 3209.365770][ T1044] oom_reaper: reaped process 18023 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB 00:29:42 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xaa00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3209.453703][T17969] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3209.495067][T17969] CPU: 0 PID: 17969 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3209.503137][T17969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3209.513203][T17969] Call Trace: [ 3209.513236][T17969] dump_stack+0x172/0x1f0 [ 3209.513255][T17969] dump_header+0x10f/0xb6c [ 3209.513270][T17969] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3209.513284][T17969] ? ___ratelimit+0x60/0x595 [ 3209.513300][T17969] ? do_raw_spin_unlock+0x57/0x270 00:29:43 executing program 5: 00:29:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x48, &(0x7f00000000c0)={0x4, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) close(r2) close(r1) [ 3209.513316][T17969] oom_kill_process.cold+0x10/0x15 [ 3209.513332][T17969] out_of_memory+0x79a/0x1280 [ 3209.513347][T17969] ? lock_downgrade+0x880/0x880 [ 3209.513362][T17969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.513376][T17969] ? oom_killer_disable+0x280/0x280 [ 3209.513387][T17969] ? find_held_lock+0x35/0x130 [ 3209.513412][T17969] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3209.513426][T17969] ? memcg_event_wake+0x230/0x230 [ 3209.513447][T17969] ? do_raw_spin_unlock+0x57/0x270 [ 3209.513462][T17969] ? _raw_spin_unlock+0x2d/0x50 [ 3209.513480][T17969] try_charge+0x102c/0x15c0 [ 3209.513492][T17969] ? find_held_lock+0x35/0x130 [ 3209.513511][T17969] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3209.513525][T17969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.513544][T17969] ? kasan_check_read+0x11/0x20 [ 3209.513561][T17969] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3209.513580][T17969] mem_cgroup_try_charge+0x24d/0x5e0 [ 3209.513602][T17969] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3209.513622][T17969] __handle_mm_fault+0x1e1f/0x3ec0 00:29:43 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) getpid() chdir(&(0x7f0000000600)='./file0\x00') lstat(&(0x7f00000001c0)='./bus\x00', 0x0) chown(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x40000, 0x0) open(&(0x7f0000000280)='./bus\x00', 0x4000, 0x18f) ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000440)) sched_setscheduler(0x0, 0x0, 0x0) r2 = syz_open_dev$evdev(0x0, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000800)=ANY=[], 0x0) ioctl$EVIOCGMASK(r2, 0x80104592, 0x0) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./bus\x00') fstat(r0, &(0x7f0000000200)) syz_genetlink_get_family_id$net_dm(0x0) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000805}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$eventfd(r3, &(0x7f0000000000)=0x3, 0x376416aa) mprotect(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0) getegid() stat(&(0x7f0000000500)='./bus\x00', &(0x7f0000000780)) getegid() ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000340)={0x4, 0xb50a, 0x3, 0x7f, 0x10, 0x6, 0x9, 0xffffffff, 0x1f, 0x1ff, 0x8, 0x5}) [ 3209.513643][T17969] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3209.513657][T17969] ? find_held_lock+0x35/0x130 [ 3209.513673][T17969] ? handle_mm_fault+0x322/0xb30 [ 3209.513696][T17969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.513713][T17969] ? kasan_check_read+0x11/0x20 [ 3209.513733][T17969] handle_mm_fault+0x43f/0xb30 [ 3209.513753][T17969] __do_page_fault+0x5ef/0xda0 [ 3209.513775][T17969] do_page_fault+0x71/0x581 [ 3209.513788][T17969] ? page_fault+0x8/0x30 [ 3209.513803][T17969] page_fault+0x1e/0x30 [ 3209.513816][T17969] RIP: 0023:0x804afea [ 3209.513832][T17969] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3209.513840][T17969] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3209.513852][T17969] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3209.513861][T17969] RDX: 000000000000000c RSI: 000000000030f67d RDI: 0000000000000000 [ 3209.513869][T17969] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3209.513877][T17969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3209.513885][T17969] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3209.593708][T17969] memory: usage 4760kB, limit 0kB, failcnt 1392 [ 3209.903668][T17969] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.916335][T17969] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.940554][T17969] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3210.020522][T17969] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17969,uid=0 [ 3210.095603][T17969] Memory cgroup out of memory: Killed process 17969 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3210.129172][ T1044] oom_reaper: reaped process 17969 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:29:44 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:44 executing program 3: r0 = open(&(0x7f0000000040)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f0000000080)='./file0\x00') acct(0x0) fcntl$setlease(r0, 0x400, 0x2) 00:29:44 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:44 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpu_exclusive\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x1) 00:29:44 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xaa01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3211.494810][T18072] IPVS: ftp: loaded support on port[0] = 21 [ 3212.685079][T18080] IPVS: ftp: loaded support on port[0] = 21 [ 3212.856700][T18072] chnl_net:caif_netlink_parms(): no params data found [ 3213.091810][T18072] bridge0: port 1(bridge_slave_0) entered blocking state [ 3213.099893][T18072] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.114800][T18072] device bridge_slave_0 entered promiscuous mode [ 3213.133080][T18072] bridge0: port 2(bridge_slave_1) entered blocking state [ 3213.144499][T18072] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.155290][T18072] device bridge_slave_1 entered promiscuous mode [ 3213.262593][T18072] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3213.282226][T18072] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3213.295744][T18080] chnl_net:caif_netlink_parms(): no params data found [ 3213.380975][T18072] team0: Port device team_slave_0 added [ 3213.467516][T18072] team0: Port device team_slave_1 added [ 3213.689511][T18072] device hsr_slave_0 entered promiscuous mode [ 3213.766469][T18072] device hsr_slave_1 entered promiscuous mode [ 3213.853947][T18080] bridge0: port 1(bridge_slave_0) entered blocking state [ 3213.861069][T18080] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.872940][T18080] device bridge_slave_0 entered promiscuous mode [ 3214.023652][T18080] bridge0: port 2(bridge_slave_1) entered blocking state [ 3214.030801][T18080] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.042824][T18080] device bridge_slave_1 entered promiscuous mode [ 3214.235385][T18080] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3214.320923][T18080] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3214.384543][T18080] team0: Port device team_slave_0 added [ 3214.448557][T18080] team0: Port device team_slave_1 added [ 3214.628935][T18080] device hsr_slave_0 entered promiscuous mode [ 3214.666982][T18080] device hsr_slave_1 entered promiscuous mode [ 3214.856055][T18072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3214.963037][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3214.972741][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3215.077314][T18072] 8021q: adding VLAN 0 to HW filter on device team0 [ 3215.171729][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3215.184258][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3215.195254][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3215.202343][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3215.309351][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3215.326538][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3215.338966][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3215.348733][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3215.355880][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3215.478319][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3215.575368][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3215.668427][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3215.686598][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3215.698407][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3215.709926][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3215.801034][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3215.875627][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3215.889042][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3215.925473][T18072] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3215.938922][T18072] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3215.955861][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3215.966713][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3216.079405][T18080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3216.177433][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3216.189253][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3216.277404][T18072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3216.291576][T18080] 8021q: adding VLAN 0 to HW filter on device team0 [ 3216.344025][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3216.376183][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3216.392971][ T7937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3216.400268][ T7937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3216.446004][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3216.464666][T18085] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3216.495955][T18085] CPU: 0 PID: 18085 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3216.504027][T18085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3216.514116][T18085] Call Trace: [ 3216.517440][T18085] dump_stack+0x172/0x1f0 [ 3216.521795][T18085] dump_header+0x10f/0xb6c [ 3216.526242][T18085] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3216.532080][T18085] ? ___ratelimit+0x60/0x595 [ 3216.536713][T18085] oom_kill_process.cold+0x10/0x15 [ 3216.541860][T18085] out_of_memory+0x79a/0x1280 [ 3216.546571][T18085] ? retint_kernel+0x2d/0x2d [ 3216.551194][T18085] ? oom_killer_disable+0x280/0x280 [ 3216.556435][T18085] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3216.562010][T18085] ? memcg_event_wake+0x230/0x230 [ 3216.567066][T18085] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3216.572909][T18085] ? cgroup_file_notify+0x140/0x1b0 [ 3216.578153][T18085] memory_max_write+0x169/0x300 [ 3216.583033][T18085] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3216.588528][T18085] ? mem_cgroup_write+0x360/0x360 [ 3216.593578][T18085] ? lock_acquire+0x16f/0x3f0 [ 3216.598276][T18085] ? kernfs_fop_write+0x227/0x480 [ 3216.603348][T18085] cgroup_file_write+0x245/0x7a0 [ 3216.608313][T18085] ? mem_cgroup_write+0x360/0x360 [ 3216.613363][T18085] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3216.619034][T18085] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3216.624693][T18085] kernfs_fop_write+0x2ba/0x480 [ 3216.629578][T18085] __vfs_write+0x8d/0x110 [ 3216.633926][T18085] ? kernfs_fop_open+0xd90/0xd90 [ 3216.638900][T18085] vfs_write+0x20c/0x580 [ 3216.643174][T18085] ksys_write+0x14f/0x2d0 [ 3216.647536][T18085] ? __ia32_sys_read+0xb0/0xb0 [ 3216.652330][T18085] ? do_fast_syscall_32+0xd1/0xc98 [ 3216.657472][T18085] ? entry_SYSENTER_compat+0x70/0x7f [ 3216.662787][T18085] ? do_fast_syscall_32+0xd1/0xc98 [ 3216.667937][T18085] __ia32_sys_write+0x71/0xb0 [ 3216.672649][T18085] do_fast_syscall_32+0x281/0xc98 [ 3216.677708][T18085] entry_SYSENTER_compat+0x70/0x7f [ 3216.682852][T18085] RIP: 0023:0xf7f29869 [ 3216.686939][T18085] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3216.706560][T18085] RSP: 002b:00000000f5d250cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3216.715003][T18085] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3216.723001][T18085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3216.731004][T18085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3216.739029][T18085] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3216.747377][T18085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3216.781201][T18085] memory: usage 3640kB, limit 0kB, failcnt 2369 [ 3216.788157][T18085] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3216.802154][T18085] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3216.815651][T18085] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3216.838132][T18085] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18084,uid=0 [ 3216.856128][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3216.865462][T18085] Memory cgroup out of memory: Killed process 18084 (syz-executor.0) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3216.879139][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3216.892215][ T1044] oom_reaper: reaped process 18084 (syz-executor.0), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3216.905169][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3216.912270][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3217.041936][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3217.068151][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:29:50 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:50 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x48000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:50 executing program 3: 00:29:50 executing program 5: 00:29:50 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xaa02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3217.165870][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3217.187744][T18072] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3217.212227][T18072] CPU: 0 PID: 18072 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3217.220260][T18072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3217.220267][T18072] Call Trace: [ 3217.220308][T18072] dump_stack+0x172/0x1f0 [ 3217.238008][T18072] dump_header+0x10f/0xb6c [ 3217.242443][T18072] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3217.246812][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3217.248293][T18072] ? ___ratelimit+0x60/0x595 00:29:50 executing program 5: [ 3217.261580][T18072] ? do_raw_spin_unlock+0x57/0x270 [ 3217.266723][T18072] oom_kill_process.cold+0x10/0x15 [ 3217.271899][T18072] out_of_memory+0x79a/0x1280 [ 3217.276628][T18072] ? lock_downgrade+0x880/0x880 [ 3217.281501][T18072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3217.287844][T18072] ? oom_killer_disable+0x280/0x280 [ 3217.287860][T18072] ? find_held_lock+0x35/0x130 [ 3217.287882][T18072] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3217.287896][T18072] ? memcg_event_wake+0x230/0x230 [ 3217.287915][T18072] ? do_raw_spin_unlock+0x57/0x270 00:29:50 executing program 3: [ 3217.287932][T18072] ? _raw_spin_unlock+0x2d/0x50 [ 3217.287948][T18072] try_charge+0x102c/0x15c0 [ 3217.287959][T18072] ? find_held_lock+0x35/0x130 [ 3217.287978][T18072] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3217.287996][T18072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3217.288015][T18072] ? kasan_check_read+0x11/0x20 [ 3217.288032][T18072] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3217.288050][T18072] mem_cgroup_try_charge+0x24d/0x5e0 [ 3217.288071][T18072] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3217.288093][T18072] __handle_mm_fault+0x1e1f/0x3ec0 [ 3217.288126][T18072] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3217.288141][T18072] ? find_held_lock+0x35/0x130 [ 3217.288157][T18072] ? handle_mm_fault+0x322/0xb30 [ 3217.288181][T18072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3217.288206][T18072] ? kasan_check_read+0x11/0x20 [ 3217.314197][T18072] handle_mm_fault+0x43f/0xb30 [ 3217.314220][T18072] __do_page_fault+0x5ef/0xda0 [ 3217.314240][T18072] do_page_fault+0x71/0x581 [ 3217.314256][T18072] ? page_fault+0x8/0x30 [ 3217.314270][T18072] page_fault+0x1e/0x30 [ 3217.314294][T18072] RIP: 0023:0x804afea [ 3217.323763][T18072] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3217.323772][T18072] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3217.323783][T18072] RAX: 000000000845fde0 RBX: 0000000000000011 RCX: 000000000845fd80 [ 3217.323790][T18072] RDX: 000000000000000c RSI: 00000000003113d6 RDI: 0000000000000000 00:29:51 executing program 5: 00:29:51 executing program 3: [ 3217.323797][T18072] RBP: 0000000000000011 R08: 0000000000000000 R09: 0000000000000000 [ 3217.323804][T18072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3217.323810][T18072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3217.583901][T18072] memory: usage 3372kB, limit 0kB, failcnt 2378 [ 3217.590708][T18072] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3217.603508][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3217.645004][T18072] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3217.666243][T18072] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3217.688565][T18072] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18072,uid=0 [ 3217.704589][T18072] Memory cgroup out of memory: Killed process 18072 (syz-executor.0) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3217.719738][ T1044] oom_reaper: reaped process 18072 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3218.443864][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3218.455857][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3218.576724][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3218.606491][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3218.617490][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3218.628421][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3218.710938][T18080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3218.931433][T18080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3219.068726][T18110] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3219.101724][T18110] CPU: 1 PID: 18110 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3219.109751][T18110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3219.109768][T18110] Call Trace: [ 3219.123592][T18110] dump_stack+0x172/0x1f0 [ 3219.127936][T18110] dump_header+0x10f/0xb6c [ 3219.132375][T18110] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3219.138192][T18110] ? ___ratelimit+0x60/0x595 [ 3219.142785][T18110] ? do_raw_spin_unlock+0x57/0x270 [ 3219.148022][T18110] oom_kill_process.cold+0x10/0x15 [ 3219.148038][T18110] out_of_memory+0x79a/0x1280 [ 3219.148053][T18110] ? lock_downgrade+0x880/0x880 [ 3219.148066][T18110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3219.148079][T18110] ? oom_killer_disable+0x280/0x280 [ 3219.148089][T18110] ? find_held_lock+0x35/0x130 [ 3219.148123][T18110] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3219.148140][T18110] ? memcg_event_wake+0x230/0x230 [ 3219.174172][T18110] ? do_raw_spin_unlock+0x57/0x270 [ 3219.184990][T18110] ? _raw_spin_unlock+0x2d/0x50 [ 3219.185010][T18110] try_charge+0x102c/0x15c0 [ 3219.185024][T18110] ? find_held_lock+0x35/0x130 [ 3219.185041][T18110] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3219.185059][T18110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3219.185078][T18110] ? kasan_check_read+0x11/0x20 [ 3219.185107][T18110] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3219.204662][T18110] mem_cgroup_try_charge+0x24d/0x5e0 [ 3219.215056][T18110] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3219.215076][T18110] __handle_mm_fault+0x1e1f/0x3ec0 [ 3219.215095][T18110] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3219.215120][T18110] ? find_held_lock+0x35/0x130 [ 3219.215140][T18110] ? handle_mm_fault+0x322/0xb30 [ 3219.237044][T18110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3219.247790][T18110] ? kasan_check_read+0x11/0x20 [ 3219.247811][T18110] handle_mm_fault+0x43f/0xb30 [ 3219.247828][T18110] __do_page_fault+0x5ef/0xda0 [ 3219.247845][T18110] do_page_fault+0x71/0x581 [ 3219.247860][T18110] ? page_fault+0x8/0x30 [ 3219.247872][T18110] page_fault+0x1e/0x30 [ 3219.247891][T18110] RIP: 0023:0x8055172 [ 3219.274226][T18110] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3219.284008][T18110] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3219.284023][T18110] RAX: 00000000f5d19b40 RBX: 0000000000020000 RCX: 00000000f5cf9000 [ 3219.284030][T18110] RDX: 0000000000000003 RSI: 00000000f5d19b40 RDI: 0000000000021000 [ 3219.284037][T18110] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3219.284043][T18110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 00:29:52 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:52 executing program 5: 00:29:52 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xab00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:52 executing program 3: 00:29:52 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3219.284049][T18110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3219.299764][T18110] memory: usage 4868kB, limit 0kB, failcnt 1401 [ 3219.299803][T18110] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3219.299838][T18110] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3219.299869][T18110] Memory cgroup stats for /syz4: cache:84KB rss:0KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB 00:29:52 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x48010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:53 executing program 3: [ 3219.300205][T18110] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18110,uid=0 [ 3219.300469][T18110] Memory cgroup out of memory: Killed process 18110 (syz-executor.4) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB [ 3219.304053][ T1044] oom_reaper: reaped process 18110 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB [ 3219.415124][T18080] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 00:29:53 executing program 5: [ 3219.628073][T18080] CPU: 1 PID: 18080 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3219.636131][T18080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3219.646212][T18080] Call Trace: [ 3219.649539][T18080] dump_stack+0x172/0x1f0 [ 3219.653897][T18080] dump_header+0x10f/0xb6c [ 3219.658334][T18080] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3219.664161][T18080] ? ___ratelimit+0x60/0x595 [ 3219.668772][T18080] ? do_raw_spin_unlock+0x57/0x270 [ 3219.673905][T18080] oom_kill_process.cold+0x10/0x15 [ 3219.679042][T18080] out_of_memory+0x79a/0x1280 [ 3219.683746][T18080] ? lock_downgrade+0x880/0x880 [ 3219.688615][T18080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3219.694870][T18080] ? oom_killer_disable+0x280/0x280 [ 3219.700076][T18080] ? find_held_lock+0x35/0x130 [ 3219.704869][T18080] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3219.710428][T18080] ? memcg_event_wake+0x230/0x230 [ 3219.715475][T18080] ? do_raw_spin_unlock+0x57/0x270 [ 3219.720603][T18080] ? _raw_spin_unlock+0x2d/0x50 [ 3219.725476][T18080] try_charge+0x102c/0x15c0 [ 3219.729992][T18080] ? find_held_lock+0x35/0x130 [ 3219.734774][T18080] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3219.740343][T18080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3219.746618][T18080] ? kasan_check_read+0x11/0x20 [ 3219.751487][T18080] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3219.757047][T18080] mem_cgroup_try_charge+0x24d/0x5e0 [ 3219.762362][T18080] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3219.768015][T18080] __handle_mm_fault+0x1e1f/0x3ec0 [ 3219.773153][T18080] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3219.778721][T18080] ? find_held_lock+0x35/0x130 [ 3219.783500][T18080] ? handle_mm_fault+0x322/0xb30 [ 3219.788456][T18080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3219.794720][T18080] ? kasan_check_read+0x11/0x20 [ 3219.799585][T18080] handle_mm_fault+0x43f/0xb30 [ 3219.804366][T18080] __do_page_fault+0x5ef/0xda0 [ 3219.809153][T18080] do_page_fault+0x71/0x581 [ 3219.813676][T18080] ? page_fault+0x8/0x30 [ 3219.817936][T18080] page_fault+0x1e/0x30 [ 3219.822109][T18080] RIP: 0023:0x804afea [ 3219.826114][T18080] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3219.845744][T18080] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3219.851830][T18080] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3219.859831][T18080] RDX: 000000000000000c RSI: 0000000000311e05 RDI: 0000000000000000 [ 3219.867830][T18080] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 00:29:53 executing program 5: 00:29:53 executing program 3: [ 3219.875824][T18080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3219.883818][T18080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3219.963548][T18080] memory: usage 4600kB, limit 0kB, failcnt 1410 [ 3219.972275][T18080] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 00:29:53 executing program 5: [ 3220.015643][T18080] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:29:53 executing program 3: [ 3220.049047][T18080] Memory cgroup stats for /syz4: cache:84KB rss:0KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3220.151692][T18080] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18080,uid=0 [ 3220.256421][T18080] Memory cgroup out of memory: Killed process 18080 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB 00:29:54 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:54 executing program 5: 00:29:54 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xab01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:54 executing program 3: [ 3221.484115][T18147] IPVS: ftp: loaded support on port[0] = 21 [ 3222.336827][T18147] chnl_net:caif_netlink_parms(): no params data found [ 3222.532172][T18147] bridge0: port 1(bridge_slave_0) entered blocking state [ 3222.541807][T18147] bridge0: port 1(bridge_slave_0) entered disabled state [ 3222.553196][T18147] device bridge_slave_0 entered promiscuous mode [ 3222.567475][T18147] bridge0: port 2(bridge_slave_1) entered blocking state [ 3222.575287][T18147] bridge0: port 2(bridge_slave_1) entered disabled state [ 3222.589446][T18147] device bridge_slave_1 entered promiscuous mode [ 3222.719206][T18147] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3222.735790][T18147] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3222.830754][T18147] team0: Port device team_slave_0 added [ 3222.942221][T18147] team0: Port device team_slave_1 added [ 3223.206386][T18147] device hsr_slave_0 entered promiscuous mode [ 3223.287145][T18147] device hsr_slave_1 entered promiscuous mode [ 3223.831370][T18147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3223.916715][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3223.927542][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3223.950621][T18147] 8021q: adding VLAN 0 to HW filter on device team0 [ 3223.972146][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3223.983222][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3223.994727][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3224.001820][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3224.088358][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3224.099095][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3224.110959][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3224.121389][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3224.128601][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3224.152952][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3224.250428][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3224.275727][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3224.287953][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3224.352964][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3224.379612][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3224.401198][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3224.495824][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3224.508550][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3224.530941][T18147] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3224.545886][T18147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3224.557511][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3224.569262][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3224.696957][T18147] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3224.928944][T18154] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3224.955296][T18154] CPU: 1 PID: 18154 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3224.963529][T18154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3224.974079][T18154] Call Trace: [ 3224.977705][T18154] dump_stack+0x172/0x1f0 [ 3224.985640][T18154] dump_header+0x10f/0xb6c [ 3224.994486][T18154] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3225.001505][T18154] ? ___ratelimit+0x60/0x595 [ 3225.006913][T18154] ? do_raw_spin_unlock+0x57/0x270 [ 3225.012601][T18154] oom_kill_process.cold+0x10/0x15 [ 3225.018218][T18154] out_of_memory+0x79a/0x1280 [ 3225.022940][T18154] ? lock_downgrade+0x880/0x880 [ 3225.028362][T18154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3225.036454][T18154] ? oom_killer_disable+0x280/0x280 [ 3225.041774][T18154] ? find_held_lock+0x35/0x130 [ 3225.049468][T18154] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3225.056166][T18154] ? memcg_event_wake+0x230/0x230 [ 3225.061232][T18154] ? do_raw_spin_unlock+0x57/0x270 [ 3225.066375][T18154] ? _raw_spin_unlock+0x2d/0x50 [ 3225.071261][T18154] try_charge+0x102c/0x15c0 [ 3225.075792][T18154] ? find_held_lock+0x35/0x130 [ 3225.080594][T18154] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3225.086177][T18154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3225.092455][T18154] ? kasan_check_read+0x11/0x20 [ 3225.097351][T18154] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3225.102942][T18154] mem_cgroup_try_charge+0x24d/0x5e0 [ 3225.108273][T18154] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3225.113945][T18154] __handle_mm_fault+0x1e1f/0x3ec0 [ 3225.119090][T18154] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3225.124655][T18154] ? find_held_lock+0x35/0x130 [ 3225.129487][T18154] ? handle_mm_fault+0x322/0xb30 [ 3225.134447][T18154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3225.140721][T18154] ? kasan_check_read+0x11/0x20 [ 3225.145615][T18154] handle_mm_fault+0x43f/0xb30 [ 3225.150391][T18154] __do_page_fault+0x5ef/0xda0 [ 3225.155166][T18154] do_page_fault+0x71/0x581 [ 3225.159766][T18154] ? page_fault+0x8/0x30 [ 3225.164019][T18154] page_fault+0x1e/0x30 [ 3225.168169][T18154] RIP: 0023:0x8055172 [ 3225.172233][T18154] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3225.192180][T18154] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3225.198295][T18154] RAX: 00000000f5d3ab40 RBX: 0000000000020000 RCX: 00000000f5d1a000 [ 3225.206264][T18154] RDX: 0000000000000003 RSI: 00000000f5d3ab40 RDI: 0000000000021000 [ 3225.214231][T18154] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3225.222194][T18154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3225.230157][T18154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3225.246833][T18154] memory: usage 3608kB, limit 0kB, failcnt 2387 [ 3225.253222][T18154] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3225.267198][T18154] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3225.275589][T18154] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3225.296672][T18154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18154,uid=0 [ 3225.312929][T18154] Memory cgroup out of memory: Killed process 18154 (syz-executor.0) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB 00:29:58 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:29:58 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x48020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:29:58 executing program 5: 00:29:58 executing program 3: 00:29:58 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:29:58 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xab02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3225.329464][ T1044] oom_reaper: reaped process 18154 (syz-executor.0), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB [ 3225.361636][T18147] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 00:29:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3) semctl$IPC_STAT(0x0, 0x0, 0xd, &(0x7f00000001c0)=""/14) 00:29:59 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000280)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) [ 3225.488308][T18147] CPU: 0 PID: 18147 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3225.496349][T18147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3225.506413][T18147] Call Trace: [ 3225.509726][T18147] dump_stack+0x172/0x1f0 [ 3225.514071][T18147] dump_header+0x10f/0xb6c [ 3225.518510][T18147] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3225.524321][T18147] ? ___ratelimit+0x60/0x595 [ 3225.528912][T18147] ? do_raw_spin_unlock+0x57/0x270 [ 3225.534030][T18147] oom_kill_process.cold+0x10/0x15 [ 3225.539149][T18147] out_of_memory+0x79a/0x1280 [ 3225.543834][T18147] ? lock_downgrade+0x880/0x880 [ 3225.548697][T18147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3225.554953][T18147] ? oom_killer_disable+0x280/0x280 [ 3225.560164][T18147] ? find_held_lock+0x35/0x130 [ 3225.564955][T18147] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3225.570545][T18147] ? memcg_event_wake+0x230/0x230 [ 3225.575591][T18147] ? do_raw_spin_unlock+0x57/0x270 [ 3225.580720][T18147] ? _raw_spin_unlock+0x2d/0x50 [ 3225.585595][T18147] try_charge+0x102c/0x15c0 [ 3225.590116][T18147] ? find_held_lock+0x35/0x130 [ 3225.594896][T18147] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3225.600454][T18147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3225.606712][T18147] ? kasan_check_read+0x11/0x20 [ 3225.611608][T18147] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3225.617170][T18147] mem_cgroup_try_charge+0x24d/0x5e0 [ 3225.622474][T18147] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3225.628131][T18147] __handle_mm_fault+0x1e1f/0x3ec0 [ 3225.633284][T18147] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3225.638839][T18147] ? find_held_lock+0x35/0x130 [ 3225.643611][T18147] ? handle_mm_fault+0x322/0xb30 [ 3225.648562][T18147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3225.654815][T18147] ? kasan_check_read+0x11/0x20 [ 3225.659679][T18147] handle_mm_fault+0x43f/0xb30 [ 3225.664453][T18147] __do_page_fault+0x5ef/0xda0 [ 3225.669229][T18147] do_page_fault+0x71/0x581 [ 3225.673737][T18147] ? page_fault+0x8/0x30 [ 3225.677990][T18147] page_fault+0x1e/0x30 [ 3225.682149][T18147] RIP: 0023:0x804afea [ 3225.686141][T18147] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3225.705761][T18147] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3225.711840][T18147] RAX: 000000000845fde0 RBX: 0000000000000011 RCX: 000000000845fd80 [ 3225.719822][T18147] RDX: 000000000000000c RSI: 00000000003134f2 RDI: 0000000000000000 [ 3225.727802][T18147] RBP: 0000000000000011 R08: 0000000000000000 R09: 0000000000000000 [ 3225.735785][T18147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3225.743772][T18147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:29:59 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/dev\x00') bind$alg(r0, &(0x7f0000bf6000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, 0x0, 0x800) 00:29:59 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3226.063724][T18147] memory: usage 3340kB, limit 0kB, failcnt 2396 [ 3226.071249][T18147] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3226.104979][T18147] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3226.118618][T18147] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3226.162588][T18147] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18147,uid=0 [ 3226.195635][T18147] Memory cgroup out of memory: Killed process 18147 (syz-executor.0) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB 00:29:59 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x10) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getpeername$packet(r2, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0xffffffffffffffff, 0x0, 0x0) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) clock_gettime(0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_emit_ethernet(0x1b1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x11) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) syncfs(r1) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, 0x0) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x6685) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x0, 0x0, 0xffffffffffffff06) setsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f00000001c0)=0x5ae67028, 0x3af) [ 3226.226271][ T1044] oom_reaper: reaped process 18147 (syz-executor.0), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB 00:29:59 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3226.368011][T18187] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 00:30:00 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:00 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:00 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x49000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:00 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xac00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3227.468641][T18209] IPVS: ftp: loaded support on port[0] = 21 [ 3228.495126][T18209] chnl_net:caif_netlink_parms(): no params data found [ 3228.694264][T18209] bridge0: port 1(bridge_slave_0) entered blocking state [ 3228.701505][T18209] bridge0: port 1(bridge_slave_0) entered disabled state [ 3228.715338][T18209] device bridge_slave_0 entered promiscuous mode [ 3228.782359][T18209] bridge0: port 2(bridge_slave_1) entered blocking state [ 3228.791961][T18209] bridge0: port 2(bridge_slave_1) entered disabled state [ 3228.804770][T18209] device bridge_slave_1 entered promiscuous mode [ 3228.915954][T18209] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3229.002311][T18209] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3229.041560][T18209] team0: Port device team_slave_0 added [ 3229.059168][T18209] team0: Port device team_slave_1 added [ 3229.199568][T18209] device hsr_slave_0 entered promiscuous mode [ 3229.245940][T18209] device hsr_slave_1 entered promiscuous mode [ 3229.399277][T18209] bridge0: port 2(bridge_slave_1) entered blocking state [ 3229.406473][T18209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3229.413954][T18209] bridge0: port 1(bridge_slave_0) entered blocking state [ 3229.421047][T18209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3229.557878][ T7937] bridge0: port 1(bridge_slave_0) entered disabled state [ 3229.568154][ T7937] bridge0: port 2(bridge_slave_1) entered disabled state [ 3229.954529][T18209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3230.066184][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3230.077377][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3230.205945][T18209] 8021q: adding VLAN 0 to HW filter on device team0 [ 3230.237526][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3230.249305][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3230.258687][ T5483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3230.265829][ T5483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3230.379528][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3230.391018][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3230.400987][ T8099] bridge0: port 2(bridge_slave_1) entered blocking state [ 3230.408329][ T8099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3230.434677][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3230.506503][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3230.538136][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3230.549920][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3230.644595][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3230.655999][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3230.667919][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3230.697600][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3230.709398][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3230.721119][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3230.732844][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3230.755474][T18209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3230.879481][T18209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3231.166082][T18215] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3231.235053][T18215] CPU: 0 PID: 18215 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3231.243098][T18215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3231.253205][T18215] Call Trace: [ 3231.256522][T18215] dump_stack+0x172/0x1f0 [ 3231.260867][T18215] dump_header+0x10f/0xb6c [ 3231.265302][T18215] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3231.271143][T18215] ? ___ratelimit+0x60/0x595 [ 3231.275752][T18215] ? do_raw_spin_unlock+0x57/0x270 [ 3231.280885][T18215] oom_kill_process.cold+0x10/0x15 [ 3231.286023][T18215] out_of_memory+0x79a/0x1280 [ 3231.290714][T18215] ? lock_downgrade+0x880/0x880 [ 3231.295595][T18215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.301853][T18215] ? oom_killer_disable+0x280/0x280 [ 3231.307060][T18215] ? find_held_lock+0x35/0x130 [ 3231.311848][T18215] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3231.317411][T18215] ? memcg_event_wake+0x230/0x230 [ 3231.322642][T18215] ? do_raw_spin_unlock+0x57/0x270 [ 3231.327771][T18215] ? _raw_spin_unlock+0x2d/0x50 [ 3231.332634][T18215] try_charge+0x102c/0x15c0 [ 3231.337154][T18215] ? find_held_lock+0x35/0x130 [ 3231.341943][T18215] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3231.347770][T18215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.354039][T18215] ? kasan_check_read+0x11/0x20 [ 3231.358926][T18215] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3231.364525][T18215] mem_cgroup_try_charge+0x24d/0x5e0 [ 3231.369839][T18215] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3231.375567][T18215] __handle_mm_fault+0x1e1f/0x3ec0 [ 3231.380676][T18215] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3231.386218][T18215] ? find_held_lock+0x35/0x130 [ 3231.390971][T18215] ? handle_mm_fault+0x322/0xb30 [ 3231.395942][T18215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.402171][T18215] ? kasan_check_read+0x11/0x20 [ 3231.407015][T18215] handle_mm_fault+0x43f/0xb30 [ 3231.411763][T18215] __do_page_fault+0x5ef/0xda0 [ 3231.416519][T18215] do_page_fault+0x71/0x581 [ 3231.421006][T18215] ? page_fault+0x8/0x30 [ 3231.425241][T18215] page_fault+0x1e/0x30 [ 3231.429378][T18215] RIP: 0023:0x8055172 [ 3231.433350][T18215] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3231.452961][T18215] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3231.459021][T18215] RAX: 00000000f5ceab40 RBX: 0000000000020000 RCX: 00000000f5cca000 [ 3231.466979][T18215] RDX: 0000000000000003 RSI: 00000000f5ceab40 RDI: 0000000000021000 [ 3231.474939][T18215] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3231.482906][T18215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3231.490889][T18215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3231.504504][T18215] memory: usage 4576kB, limit 0kB, failcnt 1419 [ 3231.511979][T18215] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.522200][T18215] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.529392][T18215] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3231.550189][T18215] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18215,uid=0 [ 3231.565695][T18215] Memory cgroup out of memory: Killed process 18215 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB 00:30:05 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:05 executing program 5: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:05 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:05 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x49010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:05 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:05 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xac01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3231.581953][ T1044] oom_reaper: reaped process 18215 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3231.649971][T18209] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3231.669878][T18209] CPU: 1 PID: 18209 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3231.677924][T18209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3231.677933][T18209] Call Trace: [ 3231.677968][T18209] dump_stack+0x172/0x1f0 [ 3231.677986][T18209] dump_header+0x10f/0xb6c [ 3231.678003][T18209] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3231.678016][T18209] ? ___ratelimit+0x60/0x595 [ 3231.678030][T18209] ? do_raw_spin_unlock+0x57/0x270 [ 3231.678045][T18209] oom_kill_process.cold+0x10/0x15 [ 3231.678061][T18209] out_of_memory+0x79a/0x1280 [ 3231.678076][T18209] ? lock_downgrade+0x880/0x880 [ 3231.678089][T18209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.678114][T18209] ? oom_killer_disable+0x280/0x280 [ 3231.678126][T18209] ? find_held_lock+0x35/0x130 [ 3231.678152][T18209] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3231.678165][T18209] ? memcg_event_wake+0x230/0x230 [ 3231.678187][T18209] ? do_raw_spin_unlock+0x57/0x270 [ 3231.678201][T18209] ? _raw_spin_unlock+0x2d/0x50 [ 3231.678219][T18209] try_charge+0x102c/0x15c0 [ 3231.678230][T18209] ? find_held_lock+0x35/0x130 [ 3231.678252][T18209] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3231.678269][T18209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.678290][T18209] ? kasan_check_read+0x11/0x20 [ 3231.678309][T18209] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3231.678328][T18209] mem_cgroup_try_charge+0x24d/0x5e0 [ 3231.678349][T18209] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3231.678371][T18209] __handle_mm_fault+0x1e1f/0x3ec0 [ 3231.678393][T18209] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3231.678406][T18209] ? find_held_lock+0x35/0x130 [ 3231.678423][T18209] ? handle_mm_fault+0x322/0xb30 [ 3231.678446][T18209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.678464][T18209] ? kasan_check_read+0x11/0x20 [ 3231.678484][T18209] handle_mm_fault+0x43f/0xb30 [ 3231.678504][T18209] __do_page_fault+0x5ef/0xda0 [ 3231.678526][T18209] do_page_fault+0x71/0x581 [ 3231.678540][T18209] ? page_fault+0x8/0x30 [ 3231.678555][T18209] page_fault+0x1e/0x30 [ 3231.678568][T18209] RIP: 0023:0x804afea [ 3231.678584][T18209] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3231.678592][T18209] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3231.678604][T18209] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3231.678613][T18209] RDX: 000000000000000c RSI: 0000000000314d3e RDI: 0000000000000000 [ 3231.678621][T18209] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3231.678630][T18209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3231.678637][T18209] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3231.691336][T18209] memory: usage 4316kB, limit 0kB, failcnt 1428 [ 3231.973622][T18209] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.981906][T18209] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.989782][T18209] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3232.027127][T18209] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18209,uid=0 00:30:05 executing program 3: write$evdev(0xffffffffffffffff, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3232.091993][T18209] Memory cgroup out of memory: Killed process 18209 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3232.149058][T18217] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3232.149449][ T1044] oom_reaper: reaped process 18209 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB [ 3232.197915][T18217] CPU: 0 PID: 18217 Comm: syz-executor.5 Not tainted 5.1.0-rc6+ #84 [ 3232.205953][T18217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3232.216025][T18217] Call Trace: [ 3232.219340][T18217] dump_stack+0x172/0x1f0 [ 3232.223677][T18217] dump_header+0x10f/0xb6c [ 3232.228111][T18217] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3232.233932][T18217] ? ___ratelimit+0x60/0x595 [ 3232.238535][T18217] ? do_raw_spin_unlock+0x57/0x270 [ 3232.243652][T18217] oom_kill_process.cold+0x10/0x15 [ 3232.248771][T18217] out_of_memory+0x79a/0x1280 [ 3232.253457][T18217] ? oom_killer_disable+0x280/0x280 [ 3232.258659][T18217] ? find_held_lock+0x35/0x130 [ 3232.263444][T18217] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3232.268996][T18217] ? memcg_event_wake+0x230/0x230 [ 3232.274031][T18217] ? do_raw_spin_unlock+0x57/0x270 [ 3232.279148][T18217] ? _raw_spin_unlock+0x2d/0x50 [ 3232.284014][T18217] try_charge+0x102c/0x15c0 [ 3232.288525][T18217] ? find_held_lock+0x35/0x130 [ 3232.293301][T18217] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3232.298853][T18217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3232.305099][T18217] ? kasan_check_read+0x11/0x20 [ 3232.309966][T18217] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3232.315516][T18217] mem_cgroup_try_charge+0x24d/0x5e0 [ 3232.320816][T18217] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3232.326460][T18217] __handle_mm_fault+0x1e1f/0x3ec0 [ 3232.331579][T18217] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3232.337137][T18217] ? find_held_lock+0x35/0x130 [ 3232.341903][T18217] ? handle_mm_fault+0x322/0xb30 [ 3232.346856][T18217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3232.353122][T18217] ? kasan_check_read+0x11/0x20 [ 3232.357985][T18217] handle_mm_fault+0x43f/0xb30 [ 3232.362758][T18217] __do_page_fault+0x5ef/0xda0 [ 3232.367535][T18217] do_page_fault+0x71/0x581 [ 3232.372050][T18217] ? page_fault+0x8/0x30 [ 3232.376292][T18217] page_fault+0x1e/0x30 [ 3232.380442][T18217] RIP: 0023:0x8055172 [ 3232.384424][T18217] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3232.404036][T18217] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3232.410135][T18217] RAX: 00000000f5d02b40 RBX: 0000000000020000 RCX: 00000000f5ce2000 [ 3232.418123][T18217] RDX: 0000000000000003 RSI: 00000000f5d02b40 RDI: 0000000000021000 [ 3232.426696][T18217] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3232.434680][T18217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 00:30:06 executing program 3: write$evdev(0xffffffffffffffff, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3232.442668][T18217] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3232.458430][T18217] memory: usage 41544kB, limit 0kB, failcnt 826 [ 3232.474091][T18217] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3232.494251][T18217] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3232.515979][T18217] Memory cgroup stats for /syz5: cache:52KB rss:452KB rss_huge:0KB shmem:52KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:400KB inactive_file:0KB active_file:0KB unevictable:0KB 00:30:06 executing program 3: write$evdev(0xffffffffffffffff, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3232.541057][T18217] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18003,uid=0 [ 3232.581585][T18217] Memory cgroup out of memory: Killed process 18003 (syz-executor.5) total-vm:72584kB, anon-rss:144kB, file-rss:35572kB, shmem-rss:0kB [ 3232.620217][T18219] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3232.660785][T18219] CPU: 0 PID: 18219 Comm: syz-executor.5 Not tainted 5.1.0-rc6+ #84 [ 3232.668822][T18219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3232.678929][T18219] Call Trace: [ 3232.682250][T18219] dump_stack+0x172/0x1f0 [ 3232.686599][T18219] dump_header+0x10f/0xb6c [ 3232.691037][T18219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3232.696861][T18219] ? ___ratelimit+0x60/0x595 [ 3232.696880][T18219] ? do_raw_spin_unlock+0x57/0x270 [ 3232.696902][T18219] oom_kill_process.cold+0x10/0x15 [ 3232.706727][T18219] out_of_memory+0x79a/0x1280 [ 3232.706747][T18219] ? retint_kernel+0x2d/0x2d [ 3232.706762][T18219] ? oom_killer_disable+0x280/0x280 [ 3232.706786][T18219] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3232.706799][T18219] ? memcg_event_wake+0x230/0x230 [ 3232.706827][T18219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3232.716633][T18219] ? cgroup_file_notify+0x140/0x1b0 [ 3232.716662][T18219] memory_max_write+0x169/0x300 [ 3232.752835][T18219] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3232.758319][T18219] ? mem_cgroup_write+0x360/0x360 [ 3232.763369][T18219] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3232.768857][T18219] cgroup_file_write+0x245/0x7a0 [ 3232.773824][T18219] ? mem_cgroup_write+0x360/0x360 [ 3232.778880][T18219] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3232.784549][T18219] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3232.790290][T18219] kernfs_fop_write+0x2ba/0x480 [ 3232.795167][T18219] __vfs_write+0x8d/0x110 [ 3232.799518][T18219] ? kernfs_fop_open+0xd90/0xd90 [ 3232.804486][T18219] vfs_write+0x20c/0x580 [ 3232.808757][T18219] ksys_write+0x14f/0x2d0 [ 3232.813117][T18219] ? __ia32_sys_read+0xb0/0xb0 [ 3232.817898][T18219] ? do_fast_syscall_32+0xd1/0xc98 [ 3232.823018][T18219] ? entry_SYSENTER_compat+0x70/0x7f [ 3232.828317][T18219] ? do_fast_syscall_32+0xd1/0xc98 [ 3232.833446][T18219] __ia32_sys_write+0x71/0xb0 [ 3232.838148][T18219] do_fast_syscall_32+0x281/0xc98 [ 3232.843190][T18219] entry_SYSENTER_compat+0x70/0x7f [ 3232.848317][T18219] RIP: 0023:0xf7f27869 [ 3232.852392][T18219] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3232.872012][T18219] RSP: 002b:00000000f5d230cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3232.880443][T18219] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3232.888433][T18219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3232.896421][T18219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 00:30:06 executing program 3: r0 = syz_open_dev$evdev(0x0, 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3232.904405][T18219] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3232.912391][T18219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3232.963580][T18219] memory: usage 41220kB, limit 0kB, failcnt 832 [ 3232.970096][T18219] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3232.981919][T18219] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3232.989975][T18219] Memory cgroup stats for /syz5: cache:52KB rss:308KB rss_huge:0KB shmem:52KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:272KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3233.012115][T18219] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17853,uid=0 [ 3233.028983][T18219] Memory cgroup out of memory: Killed process 17853 (syz-executor.5) total-vm:72056kB, anon-rss:104kB, file-rss:35556kB, shmem-rss:0kB [ 3233.047801][ T1044] oom_reaper: reaped process 17853 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:30:06 executing program 3: r0 = syz_open_dev$evdev(0x0, 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3233.078913][T18219] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3233.155697][T18219] CPU: 0 PID: 18219 Comm: syz-executor.5 Not tainted 5.1.0-rc6+ #84 [ 3233.163741][T18219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3233.173815][T18219] Call Trace: [ 3233.177141][T18219] dump_stack+0x172/0x1f0 [ 3233.181491][T18219] dump_header+0x10f/0xb6c [ 3233.185924][T18219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3233.191895][T18219] ? ___ratelimit+0x60/0x595 [ 3233.196509][T18219] oom_kill_process.cold+0x10/0x15 [ 3233.201646][T18219] out_of_memory+0x79a/0x1280 [ 3233.206352][T18219] ? cgroup_file_notify+0x140/0x1b0 [ 3233.211575][T18219] ? oom_killer_disable+0x280/0x280 [ 3233.216787][T18219] ? cgroup_file_notify+0x140/0x1b0 [ 3233.222018][T18219] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3233.227582][T18219] ? memcg_event_wake+0x230/0x230 [ 3233.232625][T18219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3233.238444][T18219] ? cgroup_file_notify+0x140/0x1b0 [ 3233.243661][T18219] memory_max_write+0x169/0x300 [ 3233.248520][T18219] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3233.253997][T18219] ? mem_cgroup_write+0x360/0x360 [ 3233.259042][T18219] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3233.264514][T18219] cgroup_file_write+0x245/0x7a0 [ 3233.269461][T18219] ? mem_cgroup_write+0x360/0x360 [ 3233.274504][T18219] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3233.280176][T18219] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3233.285834][T18219] kernfs_fop_write+0x2ba/0x480 [ 3233.290710][T18219] __vfs_write+0x8d/0x110 [ 3233.295052][T18219] ? kernfs_fop_open+0xd90/0xd90 [ 3233.300019][T18219] vfs_write+0x20c/0x580 [ 3233.304287][T18219] ksys_write+0x14f/0x2d0 [ 3233.308649][T18219] ? __ia32_sys_read+0xb0/0xb0 [ 3233.313434][T18219] ? do_fast_syscall_32+0xd1/0xc98 [ 3233.318566][T18219] ? entry_SYSENTER_compat+0x70/0x7f [ 3233.323964][T18219] ? do_fast_syscall_32+0xd1/0xc98 [ 3233.329125][T18219] __ia32_sys_write+0x71/0xb0 [ 3233.333833][T18219] do_fast_syscall_32+0x281/0xc98 [ 3233.338882][T18219] entry_SYSENTER_compat+0x70/0x7f [ 3233.344003][T18219] RIP: 0023:0xf7f27869 [ 3233.348078][T18219] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3233.367708][T18219] RSP: 002b:00000000f5d230cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3233.376154][T18219] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3233.384162][T18219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3233.392162][T18219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3233.400157][T18219] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3233.408156][T18219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:30:07 executing program 3: r0 = syz_open_dev$evdev(0x0, 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3233.467794][T18219] memory: usage 40792kB, limit 0kB, failcnt 857 [ 3233.475293][T18219] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3233.493068][T18219] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3233.514003][T18219] Memory cgroup stats for /syz5: cache:52KB rss:172KB rss_huge:0KB shmem:52KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:136KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3233.583657][T18219] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17903,uid=0 [ 3233.731748][T18251] IPVS: ftp: loaded support on port[0] = 21 00:30:09 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:09 executing program 5: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:09 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:09 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x49020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3236.142999][T18251] chnl_net:caif_netlink_parms(): no params data found [ 3236.199617][T18251] bridge0: port 1(bridge_slave_0) entered blocking state [ 3236.208427][T18251] bridge0: port 1(bridge_slave_0) entered disabled state [ 3236.219551][T18251] device bridge_slave_0 entered promiscuous mode [ 3236.281566][T18251] bridge0: port 2(bridge_slave_1) entered blocking state [ 3236.289874][T18251] bridge0: port 2(bridge_slave_1) entered disabled state [ 3236.301086][T18251] device bridge_slave_1 entered promiscuous mode [ 3236.395269][T18251] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3236.411276][T18251] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3236.443751][T18251] team0: Port device team_slave_0 added [ 3236.512300][T18251] team0: Port device team_slave_1 added [ 3236.579232][T18251] device hsr_slave_0 entered promiscuous mode [ 3236.626093][T18251] device hsr_slave_1 entered promiscuous mode [ 3237.153369][T18251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3237.242531][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3237.253028][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3237.273288][T18251] 8021q: adding VLAN 0 to HW filter on device team0 [ 3237.399372][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3237.426447][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3237.436495][T16597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3237.443640][T16597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3237.528772][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3237.556297][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3237.567847][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3237.577095][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3237.584228][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3237.594882][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3237.694188][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3237.719289][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3237.730828][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3237.893279][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3237.906981][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3237.919302][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3237.945141][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3237.956874][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3238.043882][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3238.055524][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3238.193924][T18251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3238.345718][T18251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3238.577541][T18264] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3238.592075][T18264] CPU: 0 PID: 18264 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3238.600087][T18264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3238.610184][T18264] Call Trace: [ 3238.613500][T18264] dump_stack+0x172/0x1f0 [ 3238.617844][T18264] dump_header+0x10f/0xb6c [ 3238.622263][T18264] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3238.628075][T18264] ? ___ratelimit+0x60/0x595 [ 3238.632678][T18264] ? do_raw_spin_unlock+0x57/0x270 [ 3238.638005][T18264] oom_kill_process.cold+0x10/0x15 [ 3238.643132][T18264] out_of_memory+0x79a/0x1280 [ 3238.647820][T18264] ? lock_downgrade+0x880/0x880 [ 3238.652803][T18264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3238.659064][T18264] ? oom_killer_disable+0x280/0x280 [ 3238.664295][T18264] ? find_held_lock+0x35/0x130 [ 3238.669093][T18264] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3238.674685][T18264] ? memcg_event_wake+0x230/0x230 [ 3238.679746][T18264] ? do_raw_spin_unlock+0x57/0x270 [ 3238.685051][T18264] ? _raw_spin_unlock+0x2d/0x50 [ 3238.689916][T18264] try_charge+0x102c/0x15c0 [ 3238.694424][T18264] ? find_held_lock+0x35/0x130 [ 3238.699218][T18264] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3238.704791][T18264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3238.711062][T18264] ? kasan_check_read+0x11/0x20 [ 3238.715949][T18264] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3238.721603][T18264] mem_cgroup_try_charge+0x24d/0x5e0 [ 3238.726906][T18264] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3238.732556][T18264] __handle_mm_fault+0x1e1f/0x3ec0 [ 3238.737685][T18264] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3238.743253][T18264] ? find_held_lock+0x35/0x130 [ 3238.748028][T18264] ? handle_mm_fault+0x322/0xb30 [ 3238.752979][T18264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3238.759276][T18264] ? kasan_check_read+0x11/0x20 [ 3238.764152][T18264] handle_mm_fault+0x43f/0xb30 [ 3238.768931][T18264] __do_page_fault+0x5ef/0xda0 [ 3238.773716][T18264] do_page_fault+0x71/0x581 [ 3238.778243][T18264] ? page_fault+0x8/0x30 [ 3238.782502][T18264] page_fault+0x1e/0x30 [ 3238.786698][T18264] RIP: 0023:0x8055172 [ 3238.790710][T18264] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3238.810334][T18264] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3238.816428][T18264] RAX: 00000000f5db3b40 RBX: 0000000000020000 RCX: 00000000f5d93000 [ 3238.824684][T18264] RDX: 0000000000000003 RSI: 00000000f5db3b40 RDI: 0000000000021000 [ 3238.832684][T18264] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3238.840683][T18264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3238.848682][T18264] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3238.871915][T18264] memory: usage 3564kB, limit 0kB, failcnt 2405 [ 3238.887121][T18264] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3238.909726][T18264] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:30:12 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:12 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xac02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3238.917322][T18264] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3238.938661][T18264] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18264,uid=0 [ 3238.955395][T18264] Memory cgroup out of memory: Killed process 18264 (syz-executor.0) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3238.972038][ T1044] oom_reaper: reaped process 18264 (syz-executor.0), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:30:12 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:12 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:12 executing program 5: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:12 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4a000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3239.007584][T18251] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3239.058042][T18251] CPU: 0 PID: 18251 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3239.066101][T18251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3239.076189][T18251] Call Trace: [ 3239.079527][T18251] dump_stack+0x172/0x1f0 [ 3239.083893][T18251] dump_header+0x10f/0xb6c [ 3239.088344][T18251] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3239.094178][T18251] ? ___ratelimit+0x60/0x595 [ 3239.099055][T18251] ? do_raw_spin_unlock+0x57/0x270 [ 3239.104206][T18251] oom_kill_process.cold+0x10/0x15 [ 3239.109346][T18251] out_of_memory+0x79a/0x1280 [ 3239.114087][T18251] ? lock_downgrade+0x880/0x880 [ 3239.118995][T18251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3239.125266][T18251] ? oom_killer_disable+0x280/0x280 [ 3239.130591][T18251] ? find_held_lock+0x35/0x130 [ 3239.135393][T18251] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3239.140978][T18251] ? memcg_event_wake+0x230/0x230 [ 3239.146030][T18251] ? do_raw_spin_unlock+0x57/0x270 [ 3239.151166][T18251] ? _raw_spin_unlock+0x2d/0x50 [ 3239.156059][T18251] try_charge+0x102c/0x15c0 [ 3239.160604][T18251] ? find_held_lock+0x35/0x130 [ 3239.165407][T18251] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3239.170986][T18251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3239.177266][T18251] ? kasan_check_read+0x11/0x20 [ 3239.182158][T18251] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3239.187749][T18251] mem_cgroup_try_charge+0x24d/0x5e0 [ 3239.193427][T18251] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3239.199098][T18251] __handle_mm_fault+0x1e1f/0x3ec0 [ 3239.204256][T18251] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3239.209832][T18251] ? find_held_lock+0x35/0x130 [ 3239.214637][T18251] ? handle_mm_fault+0x322/0xb30 [ 3239.219620][T18251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3239.225909][T18251] ? kasan_check_read+0x11/0x20 [ 3239.230798][T18251] handle_mm_fault+0x43f/0xb30 [ 3239.235596][T18251] __do_page_fault+0x5ef/0xda0 [ 3239.240395][T18251] do_page_fault+0x71/0x581 [ 3239.244931][T18251] ? page_fault+0x8/0x30 [ 3239.249190][T18251] page_fault+0x1e/0x30 [ 3239.253391][T18251] RIP: 0023:0x804afea [ 3239.257393][T18251] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3239.277368][T18251] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3239.283453][T18251] RAX: 000000000845fde0 RBX: 0000000000000011 RCX: 000000000845fd80 [ 3239.291445][T18251] RDX: 000000000000000c RSI: 0000000000316a19 RDI: 0000000000000000 [ 3239.299440][T18251] RBP: 0000000000000011 R08: 0000000000000000 R09: 0000000000000000 [ 3239.307438][T18251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3239.315433][T18251] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3239.332894][T18251] memory: usage 3288kB, limit 0kB, failcnt 2414 [ 3239.339437][T18251] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3239.347989][T18251] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3239.355920][T18251] Memory cgroup stats for /syz0: cache:76KB rss:32KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3239.389462][T18251] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18251,uid=0 00:30:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3239.463249][T18251] Memory cgroup out of memory: Killed process 18251 (syz-executor.0) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3239.525739][ T1044] oom_reaper: reaped process 18251 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:30:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x0) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x0) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x0) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:13 executing program 3: syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(0xffffffffffffffff, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:13 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:14 executing program 3: syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(0xffffffffffffffff, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) 00:30:14 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xad00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:14 executing program 3: syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(0xffffffffffffffff, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) [ 3240.792725][T18299] IPVS: ftp: loaded support on port[0] = 21 [ 3241.319305][T18308] IPVS: ftp: loaded support on port[0] = 21 [ 3242.277506][T18299] chnl_net:caif_netlink_parms(): no params data found [ 3242.460351][T18308] chnl_net:caif_netlink_parms(): no params data found [ 3242.501065][T18299] bridge0: port 1(bridge_slave_0) entered blocking state [ 3242.509892][T18299] bridge0: port 1(bridge_slave_0) entered disabled state [ 3242.522077][T18299] device bridge_slave_0 entered promiscuous mode [ 3242.543359][T18299] bridge0: port 2(bridge_slave_1) entered blocking state [ 3242.551069][T18299] bridge0: port 2(bridge_slave_1) entered disabled state [ 3242.563275][T18299] device bridge_slave_1 entered promiscuous mode [ 3242.660847][T18308] bridge0: port 1(bridge_slave_0) entered blocking state [ 3242.669552][T18308] bridge0: port 1(bridge_slave_0) entered disabled state [ 3242.681062][T18308] device bridge_slave_0 entered promiscuous mode [ 3242.700192][T18299] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3242.709936][T18308] bridge0: port 2(bridge_slave_1) entered blocking state [ 3242.718546][T18308] bridge0: port 2(bridge_slave_1) entered disabled state [ 3242.729902][T18308] device bridge_slave_1 entered promiscuous mode [ 3242.829254][T18299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3242.974050][T18308] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3242.990825][T18299] team0: Port device team_slave_0 added [ 3243.059738][T18308] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3243.075047][T18299] team0: Port device team_slave_1 added [ 3243.247314][T18308] team0: Port device team_slave_0 added [ 3243.340005][T18299] device hsr_slave_0 entered promiscuous mode [ 3243.406170][T18299] device hsr_slave_1 entered promiscuous mode [ 3243.485972][T18308] team0: Port device team_slave_1 added [ 3243.780225][T18308] device hsr_slave_0 entered promiscuous mode [ 3243.866388][T18308] device hsr_slave_1 entered promiscuous mode [ 3244.428262][T18299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3244.565442][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3244.576834][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3244.708514][T18299] 8021q: adding VLAN 0 to HW filter on device team0 [ 3244.752787][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3244.765939][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3244.775409][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3244.782508][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3244.822470][T18308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3244.831653][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3244.843244][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3244.866436][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3244.879793][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3244.886971][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3245.007634][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3245.051376][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3245.065628][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3245.076829][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3245.168951][T18308] 8021q: adding VLAN 0 to HW filter on device team0 [ 3245.204818][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3245.220038][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3245.336218][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3245.352682][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3245.369731][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3245.379730][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3245.386886][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3245.420652][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3245.432743][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3245.445385][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3245.455421][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3245.462514][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3245.472729][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3245.485318][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3245.565498][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3245.577832][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3245.588775][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3245.675279][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3245.688183][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3245.701471][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3245.722036][T18299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3245.827407][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3245.840291][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3245.874483][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3245.976068][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3246.000421][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3246.045902][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3246.057287][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3246.177068][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3246.189411][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3246.311643][T18308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3246.328743][T18299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3246.517589][T18317] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3246.543659][T18317] CPU: 0 PID: 18317 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3246.551697][T18317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3246.561783][T18317] Call Trace: [ 3246.565101][T18317] dump_stack+0x172/0x1f0 [ 3246.569461][T18317] dump_header+0x10f/0xb6c [ 3246.571708][T18308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3246.574072][T18317] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3246.574089][T18317] ? ___ratelimit+0x60/0x595 [ 3246.574114][T18317] ? do_raw_spin_unlock+0x57/0x270 [ 3246.574132][T18317] oom_kill_process.cold+0x10/0x15 [ 3246.574146][T18317] out_of_memory+0x79a/0x1280 [ 3246.574164][T18317] ? __sched_text_start+0x8/0x8 [ 3246.574180][T18317] ? oom_killer_disable+0x280/0x280 [ 3246.574209][T18317] ? cgroup_file_notify+0x140/0x1b0 [ 3246.586790][T18317] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3246.586805][T18317] ? memcg_event_wake+0x230/0x230 [ 3246.586825][T18317] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3246.586842][T18317] ? cgroup_file_notify+0x140/0x1b0 [ 3246.586857][T18317] memory_max_write+0x169/0x300 [ 3246.586870][T18317] ? kernfs_fop_write+0x204/0x480 [ 3246.586890][T18317] ? mem_cgroup_write+0x360/0x360 [ 3246.658020][T18317] ? lock_acquire+0x16f/0x3f0 [ 3246.662721][T18317] ? kernfs_fop_write+0x227/0x480 [ 3246.667779][T18317] cgroup_file_write+0x245/0x7a0 [ 3246.672749][T18317] ? mem_cgroup_write+0x360/0x360 [ 3246.677799][T18317] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3246.683467][T18317] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3246.689131][T18317] kernfs_fop_write+0x2ba/0x480 [ 3246.694008][T18317] __vfs_write+0x8d/0x110 [ 3246.698351][T18317] ? kernfs_fop_open+0xd90/0xd90 [ 3246.703311][T18317] vfs_write+0x20c/0x580 [ 3246.707578][T18317] ksys_write+0x14f/0x2d0 [ 3246.711931][T18317] ? __ia32_sys_read+0xb0/0xb0 [ 3246.716725][T18317] ? do_fast_syscall_32+0xd1/0xc98 [ 3246.721868][T18317] ? entry_SYSENTER_compat+0x70/0x7f [ 3246.727182][T18317] ? do_fast_syscall_32+0xd1/0xc98 [ 3246.732336][T18317] __ia32_sys_write+0x71/0xb0 [ 3246.737070][T18317] do_fast_syscall_32+0x281/0xc98 [ 3246.742149][T18317] entry_SYSENTER_compat+0x70/0x7f [ 3246.747304][T18317] RIP: 0023:0xf7f80869 [ 3246.751397][T18317] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3246.771018][T18317] RSP: 002b:00000000f5d5b0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3246.779458][T18317] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3246.787540][T18317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3246.795532][T18317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3246.803530][T18317] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3246.811528][T18317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3246.824126][T18317] memory: usage 4596kB, limit 0kB, failcnt 1429 [ 3246.830685][T18317] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3246.839616][T18317] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3246.847155][T18317] Memory cgroup stats for /syz4: cache:84KB rss:112KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3246.868674][T18317] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18315,uid=0 [ 3246.884901][T18317] Memory cgroup out of memory: Killed process 18315 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3246.906423][ T1044] oom_reaper: reaped process 18315 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:30:20 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) [ 3246.997127][T18299] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3247.013590][T18299] CPU: 0 PID: 18299 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3247.021618][T18299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3247.021638][T18299] Call Trace: [ 3247.035032][T18299] dump_stack+0x172/0x1f0 [ 3247.039379][T18299] dump_header+0x10f/0xb6c [ 3247.043820][T18299] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3247.050624][T18299] ? ___ratelimit+0x60/0x595 [ 3247.056757][T18299] ? do_raw_spin_unlock+0x57/0x270 [ 3247.061885][T18299] oom_kill_process.cold+0x10/0x15 [ 3247.061913][T18299] out_of_memory+0x79a/0x1280 [ 3247.072000][T18299] ? lock_downgrade+0x880/0x880 [ 3247.072024][T18299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3247.083144][T18299] ? oom_killer_disable+0x280/0x280 [ 3247.083161][T18299] ? find_held_lock+0x35/0x130 [ 3247.083185][T18299] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3247.098969][T18299] ? memcg_event_wake+0x230/0x230 [ 3247.104004][T18299] ? do_raw_spin_unlock+0x57/0x270 [ 3247.104022][T18299] ? _raw_spin_unlock+0x2d/0x50 [ 3247.104038][T18299] try_charge+0x102c/0x15c0 [ 3247.104049][T18299] ? find_held_lock+0x35/0x130 [ 3247.104068][T18299] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3247.104084][T18299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3247.104104][T18299] ? kasan_check_read+0x11/0x20 [ 3247.104131][T18299] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3247.104149][T18299] mem_cgroup_try_charge+0x24d/0x5e0 [ 3247.104169][T18299] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3247.123405][T18299] __handle_mm_fault+0x1e1f/0x3ec0 [ 3247.135192][T18299] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3247.150857][T18299] ? find_held_lock+0x35/0x130 [ 3247.150879][T18299] ? handle_mm_fault+0x322/0xb30 [ 3247.150902][T18299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3247.171981][T18299] ? kasan_check_read+0x11/0x20 [ 3247.172007][T18299] handle_mm_fault+0x43f/0xb30 [ 3247.188102][T18299] __do_page_fault+0x5ef/0xda0 [ 3247.197665][T18299] do_page_fault+0x71/0x581 [ 3247.202181][T18299] ? page_fault+0x8/0x30 [ 3247.206438][T18299] page_fault+0x1e/0x30 [ 3247.206452][T18299] RIP: 0023:0x804afea [ 3247.206471][T18299] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3247.234290][T18299] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3247.234306][T18299] RAX: 000000000845fde0 RBX: 0000000000000019 RCX: 000000000845fd80 [ 3247.234313][T18299] RDX: 000000000000000c RSI: 0000000000318945 RDI: 0000000000000000 [ 3247.234320][T18299] RBP: 0000000000000019 R08: 0000000000000000 R09: 0000000000000000 [ 3247.234326][T18299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3247.234332][T18299] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3247.257128][T18299] memory: usage 4304kB, limit 0kB, failcnt 1437 [ 3247.289863][T18299] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3247.297980][T18299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3247.305946][T18299] Memory cgroup stats for /syz4: cache:84KB rss:0KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3247.327049][T18299] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18299,uid=0 [ 3247.343389][T18299] Memory cgroup out of memory: Killed process 18299 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3247.359098][ T1044] oom_reaper: reaped process 18299 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB [ 3247.370421][T18318] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3247.393778][T18318] CPU: 1 PID: 18318 Comm: syz-executor.5 Not tainted 5.1.0-rc6+ #84 [ 3247.401805][T18318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3247.411898][T18318] Call Trace: [ 3247.415211][T18318] dump_stack+0x172/0x1f0 [ 3247.419555][T18318] dump_header+0x10f/0xb6c [ 3247.423989][T18318] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3247.429819][T18318] ? ___ratelimit+0x60/0x595 [ 3247.434598][T18318] ? do_raw_spin_unlock+0x57/0x270 [ 3247.439766][T18318] oom_kill_process.cold+0x10/0x15 [ 3247.444923][T18318] out_of_memory+0x79a/0x1280 [ 3247.449628][T18318] ? oom_killer_disable+0x280/0x280 [ 3247.454834][T18318] ? find_held_lock+0x35/0x130 [ 3247.459646][T18318] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3247.465205][T18318] ? memcg_event_wake+0x230/0x230 [ 3247.470253][T18318] ? do_raw_spin_unlock+0x57/0x270 [ 3247.475376][T18318] ? _raw_spin_unlock+0x2d/0x50 [ 3247.480241][T18318] try_charge+0x102c/0x15c0 [ 3247.484754][T18318] ? find_held_lock+0x35/0x130 [ 3247.489538][T18318] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3247.495102][T18318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3247.501371][T18318] ? kasan_check_read+0x11/0x20 [ 3247.506247][T18318] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3247.511810][T18318] mem_cgroup_try_charge+0x24d/0x5e0 [ 3247.517126][T18318] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3247.522863][T18318] __handle_mm_fault+0x1e1f/0x3ec0 [ 3247.527993][T18318] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3247.533552][T18318] ? find_held_lock+0x35/0x130 [ 3247.538329][T18318] ? handle_mm_fault+0x322/0xb30 [ 3247.543290][T18318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3247.549552][T18318] ? kasan_check_read+0x11/0x20 [ 3247.554435][T18318] handle_mm_fault+0x43f/0xb30 [ 3247.559220][T18318] __do_page_fault+0x5ef/0xda0 [ 3247.564005][T18318] do_page_fault+0x71/0x581 [ 3247.568524][T18318] ? page_fault+0x8/0x30 [ 3247.572821][T18318] page_fault+0x1e/0x30 [ 3247.579638][T18318] RIP: 0023:0x8055172 [ 3247.583912][T18318] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3247.608694][T18318] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3247.614780][T18318] RAX: 00000000f5d04b40 RBX: 0000000000020000 RCX: 00000000f5ce4000 [ 3247.622786][T18318] RDX: 0000000000000003 RSI: 00000000f5d04b40 RDI: 0000000000021000 [ 3247.630761][T18318] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3247.638737][T18318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3247.646729][T18318] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3247.684099][T18318] memory: usage 37588kB, limit 0kB, failcnt 865 [ 3247.693707][T18318] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3247.703631][T18318] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3247.710522][T18318] Memory cgroup stats for /syz5: cache:52KB rss:172KB rss_huge:0KB shmem:52KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3247.740417][T18318] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18318,uid=0 [ 3247.757474][T18318] Memory cgroup out of memory: Killed process 18318 (syz-executor.5) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB [ 3247.772490][ T1044] oom_reaper: reaped process 18318 (syz-executor.5), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB 00:30:21 executing program 5: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xac02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:21 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:21 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, 0x0, 0x0) 00:30:21 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4a010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:21 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xad01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3248.018003][T18308] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3248.068735][T18308] CPU: 0 PID: 18308 Comm: syz-executor.5 Not tainted 5.1.0-rc6+ #84 [ 3248.076782][T18308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3248.086894][T18308] Call Trace: [ 3248.090228][T18308] dump_stack+0x172/0x1f0 [ 3248.094690][T18308] dump_header+0x10f/0xb6c [ 3248.099507][T18308] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3248.105341][T18308] ? ___ratelimit+0x60/0x595 [ 3248.109965][T18308] ? do_raw_spin_unlock+0x57/0x270 [ 3248.115092][T18308] oom_kill_process.cold+0x10/0x15 [ 3248.120238][T18308] out_of_memory+0x79a/0x1280 [ 3248.124928][T18308] ? lock_downgrade+0x880/0x880 [ 3248.129789][T18308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3248.136052][T18308] ? oom_killer_disable+0x280/0x280 [ 3248.141264][T18308] ? find_held_lock+0x35/0x130 [ 3248.146054][T18308] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3248.151634][T18308] ? memcg_event_wake+0x230/0x230 [ 3248.156679][T18308] ? do_raw_spin_unlock+0x57/0x270 [ 3248.161894][T18308] ? _raw_spin_unlock+0x2d/0x50 [ 3248.166790][T18308] try_charge+0x102c/0x15c0 [ 3248.171303][T18308] ? find_held_lock+0x35/0x130 [ 3248.176090][T18308] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3248.181676][T18308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3248.188585][T18308] ? kasan_check_read+0x11/0x20 [ 3248.193454][T18308] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3248.199015][T18308] mem_cgroup_try_charge+0x24d/0x5e0 [ 3248.204416][T18308] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3248.210068][T18308] __handle_mm_fault+0x1e1f/0x3ec0 [ 3248.215225][T18308] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3248.220781][T18308] ? find_held_lock+0x35/0x130 [ 3248.225559][T18308] ? handle_mm_fault+0x322/0xb30 [ 3248.230516][T18308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3248.236779][T18308] ? kasan_check_read+0x11/0x20 [ 3248.241643][T18308] handle_mm_fault+0x43f/0xb30 [ 3248.246419][T18308] __do_page_fault+0x5ef/0xda0 [ 3248.251205][T18308] do_page_fault+0x71/0x581 [ 3248.255720][T18308] ? page_fault+0x8/0x30 [ 3248.259970][T18308] page_fault+0x1e/0x30 [ 3248.264137][T18308] RIP: 0023:0x804afea [ 3248.268132][T18308] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3248.287885][T18308] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3248.293965][T18308] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3248.301953][T18308] RDX: 000000000000000c RSI: 0000000000318b15 RDI: 0000000000000000 [ 3248.309948][T18308] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3248.317944][T18308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3248.325934][T18308] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:30:21 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, 0x0, 0x0) [ 3248.513587][T18308] memory: usage 37120kB, limit 0kB, failcnt 874 [ 3248.521356][T18308] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3248.562334][T18308] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3248.578527][T18308] Memory cgroup stats for /syz5: cache:52KB rss:172KB rss_huge:0KB shmem:52KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB 00:30:22 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, 0x0, 0x0) [ 3248.623245][T18308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18308,uid=0 [ 3248.651860][T18308] Memory cgroup out of memory: Killed process 18308 (syz-executor.5) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3248.672264][ T1044] oom_reaper: reaped process 18308 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:30:22 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000), 0x0) 00:30:22 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:22 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000), 0x0) 00:30:22 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000), 0x0) 00:30:22 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:23 executing program 5: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xac02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3249.836324][T18351] IPVS: ftp: loaded support on port[0] = 21 [ 3250.181235][T18351] chnl_net:caif_netlink_parms(): no params data found [ 3250.332372][T18351] bridge0: port 1(bridge_slave_0) entered blocking state [ 3250.342418][T18351] bridge0: port 1(bridge_slave_0) entered disabled state [ 3250.355931][T18351] device bridge_slave_0 entered promiscuous mode [ 3250.493074][T18351] bridge0: port 2(bridge_slave_1) entered blocking state [ 3250.502489][T18351] bridge0: port 2(bridge_slave_1) entered disabled state [ 3250.516715][T18351] device bridge_slave_1 entered promiscuous mode [ 3250.666469][T18351] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3250.729249][T18356] IPVS: ftp: loaded support on port[0] = 21 [ 3250.754550][T18351] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3250.941282][T18351] team0: Port device team_slave_0 added [ 3250.969632][T18351] team0: Port device team_slave_1 added [ 3251.309576][T18351] device hsr_slave_0 entered promiscuous mode [ 3251.360958][T18351] device hsr_slave_1 entered promiscuous mode [ 3251.708617][T18356] chnl_net:caif_netlink_parms(): no params data found [ 3251.940617][T18356] bridge0: port 1(bridge_slave_0) entered blocking state [ 3251.949179][T18356] bridge0: port 1(bridge_slave_0) entered disabled state [ 3251.961185][T18356] device bridge_slave_0 entered promiscuous mode [ 3252.015322][T18356] bridge0: port 2(bridge_slave_1) entered blocking state [ 3252.028173][T18356] bridge0: port 2(bridge_slave_1) entered disabled state [ 3252.040017][T18356] device bridge_slave_1 entered promiscuous mode [ 3252.187621][T18356] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3252.227990][T18356] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3252.255737][T18351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3252.340914][T18356] team0: Port device team_slave_0 added [ 3252.353134][T18356] team0: Port device team_slave_1 added [ 3252.446566][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3252.456597][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3252.491285][T18351] 8021q: adding VLAN 0 to HW filter on device team0 [ 3252.578531][T18356] device hsr_slave_0 entered promiscuous mode [ 3252.656473][T18356] device hsr_slave_1 entered promiscuous mode [ 3252.787953][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3252.799140][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3252.826043][T11937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3252.833758][T11937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3252.875524][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3252.886875][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3252.898767][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3252.909303][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3252.916487][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3253.010727][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3253.056834][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3253.143793][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3253.157243][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3253.205517][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3253.217201][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3253.230403][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3253.353327][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3253.370599][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3253.464709][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3253.477744][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3253.616336][T18351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3253.815978][T18351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3253.945408][T18356] 8021q: adding VLAN 0 to HW filter on device bond0 00:30:27 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:27 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x0, 0x5a, 0x2}], 0x7200) 00:30:27 executing program 5: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xac02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:27 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4a020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:27 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xad02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:27 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x0, 0x5a, 0x2}], 0x7200) 00:30:27 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:28 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x0, 0x5a, 0x2}], 0x7200) 00:30:28 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:28 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x0, 0x2}], 0x7200) [ 3255.069361][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3255.084551][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3255.208953][T18356] 8021q: adding VLAN 0 to HW filter on device team0 [ 3255.325106][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3255.347834][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3255.359242][T11937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3255.366457][T11937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3255.427635][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3255.461430][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3255.474915][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3255.485334][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3255.492554][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3255.568408][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3255.595361][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3255.630404][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3255.644068][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3255.656372][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3255.677566][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3255.744942][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3255.835973][T18398] IPVS: ftp: loaded support on port[0] = 21 [ 3255.889661][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3255.917142][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3255.941653][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3255.966533][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3256.057509][T18356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3256.430198][T18356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3256.773107][T18402] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3256.819219][T18402] CPU: 1 PID: 18402 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3256.836596][T18402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3256.853920][T18402] Call Trace: [ 3256.862485][T18402] dump_stack+0x172/0x1f0 [ 3256.872945][T18402] dump_header+0x10f/0xb6c [ 3256.872968][T18402] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3256.872985][T18402] ? ___ratelimit+0x60/0x595 [ 3256.872999][T18402] oom_kill_process.cold+0x10/0x15 [ 3256.873014][T18402] out_of_memory+0x79a/0x1280 [ 3256.873025][T18402] ? retint_kernel+0x2d/0x2d [ 3256.873043][T18402] ? oom_killer_disable+0x280/0x280 [ 3256.873079][T18402] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3256.917211][T18402] ? memcg_event_wake+0x230/0x230 [ 3256.933681][T18402] ? cgroup_file_notify+0x140/0x1b0 [ 3256.933710][T18402] memory_max_write+0x169/0x300 [ 3256.933730][T18402] ? mem_cgroup_write+0x360/0x360 [ 3256.933746][T18402] ? lock_acquire+0x16f/0x3f0 [ 3256.933770][T18402] ? kernfs_fop_write+0x227/0x480 [ 3256.974555][T18402] cgroup_file_write+0x245/0x7a0 [ 3256.990838][T18402] ? mem_cgroup_write+0x360/0x360 [ 3256.998655][T18402] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3257.004881][T18402] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3257.004898][T18402] kernfs_fop_write+0x2ba/0x480 [ 3257.004920][T18402] __vfs_write+0x8d/0x110 [ 3257.004931][T18402] ? kernfs_fop_open+0xd90/0xd90 [ 3257.004960][T18402] vfs_write+0x20c/0x580 [ 3257.037666][T18402] ksys_write+0x14f/0x2d0 [ 3257.069782][T18402] ? __ia32_sys_read+0xb0/0xb0 [ 3257.083270][T18402] ? do_fast_syscall_32+0xd1/0xc98 [ 3257.088413][T18402] ? entry_SYSENTER_compat+0x70/0x7f [ 3257.088432][T18402] ? do_fast_syscall_32+0xd1/0xc98 [ 3257.088454][T18402] __ia32_sys_write+0x71/0xb0 [ 3257.088471][T18402] do_fast_syscall_32+0x281/0xc98 [ 3257.088495][T18402] entry_SYSENTER_compat+0x70/0x7f [ 3257.099026][T18402] RIP: 0023:0xf7fc8869 [ 3257.109030][T18402] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3257.118249][T18402] RSP: 002b:00000000f5dc40cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3257.146428][T18402] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3257.146438][T18402] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3257.146445][T18402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3257.146453][T18402] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3257.146459][T18402] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3257.200283][T18398] chnl_net:caif_netlink_parms(): no params data found [ 3257.223853][T18402] memory: usage 6664kB, limit 0kB, failcnt 1438 [ 3257.230385][T18402] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3257.243058][T18402] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3257.290910][T18402] Memory cgroup stats for /syz4: cache:84KB rss:2064KB rss_huge:2048KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:2164KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3257.336370][T18402] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18401,uid=0 [ 3257.353265][T18402] Memory cgroup out of memory: Killed process 18401 (syz-executor.4) total-vm:72320kB, anon-rss:2132kB, file-rss:34816kB, shmem-rss:0kB [ 3257.374228][ T1044] oom_reaper: reaped process 18401 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB [ 3257.420290][T18398] bridge0: port 1(bridge_slave_0) entered blocking state [ 3257.428852][T18398] bridge0: port 1(bridge_slave_0) entered disabled state 00:30:31 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:31 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:31 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x0, 0x2}], 0x7200) 00:30:31 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xae00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3257.461303][T18398] device bridge_slave_0 entered promiscuous mode [ 3257.480525][T18356] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3257.520993][T18356] CPU: 0 PID: 18356 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3257.529060][T18356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3257.539167][T18356] Call Trace: [ 3257.542865][T18356] dump_stack+0x172/0x1f0 [ 3257.547252][T18356] dump_header+0x10f/0xb6c [ 3257.551720][T18356] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3257.557572][T18356] ? ___ratelimit+0x60/0x595 [ 3257.562210][T18356] ? do_raw_spin_unlock+0x57/0x270 [ 3257.567355][T18356] oom_kill_process.cold+0x10/0x15 [ 3257.572499][T18356] out_of_memory+0x79a/0x1280 [ 3257.572520][T18356] ? lock_downgrade+0x880/0x880 [ 3257.572536][T18356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3257.572552][T18356] ? oom_killer_disable+0x280/0x280 [ 3257.572565][T18356] ? find_held_lock+0x35/0x130 [ 3257.572591][T18356] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3257.572605][T18356] ? memcg_event_wake+0x230/0x230 [ 3257.572629][T18356] ? do_raw_spin_unlock+0x57/0x270 [ 3257.588420][T18356] ? _raw_spin_unlock+0x2d/0x50 [ 3257.588447][T18356] try_charge+0x102c/0x15c0 [ 3257.608986][T18356] ? find_held_lock+0x35/0x130 [ 3257.609015][T18356] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3257.609034][T18356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3257.609061][T18356] ? kasan_check_read+0x11/0x20 [ 3257.644975][T18356] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3257.650560][T18356] mem_cgroup_try_charge+0x24d/0x5e0 [ 3257.650582][T18356] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3257.650603][T18356] __handle_mm_fault+0x1e1f/0x3ec0 [ 3257.650624][T18356] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3257.650648][T18356] ? find_held_lock+0x35/0x130 [ 3257.677151][T18356] ? handle_mm_fault+0x322/0xb30 [ 3257.682133][T18356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3257.682157][T18356] ? kasan_check_read+0x11/0x20 [ 3257.682179][T18356] handle_mm_fault+0x43f/0xb30 [ 3257.682206][T18356] __do_page_fault+0x5ef/0xda0 [ 3257.682228][T18356] do_page_fault+0x71/0x581 [ 3257.707494][T18356] ? page_fault+0x8/0x30 [ 3257.711780][T18356] page_fault+0x1e/0x30 [ 3257.715961][T18356] RIP: 0023:0x804afea [ 3257.719961][T18356] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3257.739592][T18356] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3257.745767][T18356] RAX: 000000000845fde0 RBX: 0000000000000019 RCX: 000000000845fd80 [ 3257.753758][T18356] RDX: 000000000000000c RSI: 000000000031b118 RDI: 0000000000000000 [ 3257.753768][T18356] RBP: 0000000000000019 R08: 0000000000000000 R09: 0000000000000000 [ 3257.753775][T18356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3257.753782][T18356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3257.771640][T18356] memory: usage 4316kB, limit 0kB, failcnt 1450 [ 3257.796505][T18398] bridge0: port 2(bridge_slave_1) entered blocking state [ 3257.804912][T18398] bridge0: port 2(bridge_slave_1) entered disabled state [ 3257.813590][T18356] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3257.821581][T18356] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3257.847102][T18398] device bridge_slave_1 entered promiscuous mode [ 3257.863880][T18356] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3257.929717][T18356] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18356,uid=0 [ 3257.979328][T18356] Memory cgroup out of memory: Killed process 18356 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3258.033755][ T1044] oom_reaper: reaped process 18356 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB [ 3258.760076][T18398] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3259.039558][T18398] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3259.192034][T18398] team0: Port device team_slave_0 added [ 3259.214882][T18398] team0: Port device team_slave_1 added [ 3259.390504][T18398] device hsr_slave_0 entered promiscuous mode [ 3259.506442][T18398] device hsr_slave_1 entered promiscuous mode [ 3260.033943][T18398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3260.149674][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3260.161062][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3260.183030][T18398] 8021q: adding VLAN 0 to HW filter on device team0 [ 3260.275628][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3260.286996][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3260.296977][ T5483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3260.304140][ T5483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3260.412562][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3260.424347][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3260.436442][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3260.446306][ T5481] bridge0: port 2(bridge_slave_1) entered blocking state [ 3260.453394][ T5481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3260.516457][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3260.546818][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3260.572622][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3260.585769][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3260.657913][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3260.668790][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3260.680908][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3260.706239][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3260.718501][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3260.838247][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3260.849692][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3260.880658][T18398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3261.033041][T18398] 8021q: adding VLAN 0 to HW filter on device batadv0 00:30:35 executing program 5: socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0xffbf076c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffec6, &(0x7f0000000300)=0x8000009) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 00:30:35 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4b000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:35 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:35 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x0, 0x2}], 0x7200) 00:30:35 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xae01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:35 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:35 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:36 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a}], 0x7200) 00:30:36 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:36 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a}], 0x7200) 00:30:36 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:36 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a}], 0x7200) 00:30:36 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:30:36 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4b010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:36 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:36 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') sendfile(0xffffffffffffffff, r0, 0x0, 0x0) sendto$isdn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net//yz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x807a00, 0x0) r1 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000180), 0x12) 00:30:37 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xae02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3264.154180][T18482] IPVS: ftp: loaded support on port[0] = 21 [ 3265.181055][T18482] chnl_net:caif_netlink_parms(): no params data found [ 3265.290029][T18482] bridge0: port 1(bridge_slave_0) entered blocking state [ 3265.298755][T18482] bridge0: port 1(bridge_slave_0) entered disabled state [ 3265.310498][T18482] device bridge_slave_0 entered promiscuous mode [ 3265.322434][T18482] bridge0: port 2(bridge_slave_1) entered blocking state [ 3265.330343][T18482] bridge0: port 2(bridge_slave_1) entered disabled state [ 3265.342018][T18482] device bridge_slave_1 entered promiscuous mode [ 3265.451256][T18482] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3265.537903][T18482] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3265.572817][T18482] team0: Port device team_slave_0 added [ 3265.648488][T18482] team0: Port device team_slave_1 added [ 3265.790044][T18482] device hsr_slave_0 entered promiscuous mode [ 3265.846585][T18482] device hsr_slave_1 entered promiscuous mode [ 3266.021334][T18482] bridge0: port 2(bridge_slave_1) entered blocking state [ 3266.028602][T18482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3266.036193][T18482] bridge0: port 1(bridge_slave_0) entered blocking state [ 3266.043328][T18482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3266.158654][ T7937] bridge0: port 1(bridge_slave_0) entered disabled state [ 3266.169017][ T7937] bridge0: port 2(bridge_slave_1) entered disabled state [ 3266.447277][T18482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3266.574674][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3266.585460][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3266.611452][T18482] 8021q: adding VLAN 0 to HW filter on device team0 [ 3266.694545][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3266.706484][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3266.715972][ T4660] bridge0: port 1(bridge_slave_0) entered blocking state [ 3266.723091][ T4660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3266.748894][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3266.760976][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3266.770556][ T8099] bridge0: port 2(bridge_slave_1) entered blocking state [ 3266.777739][ T8099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3266.878698][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3266.912923][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3266.986475][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3267.000236][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3267.089818][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3267.120970][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3267.134318][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3267.145863][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3267.157822][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3267.230071][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3267.241886][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3267.339465][T18482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3267.485207][T18482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3267.641777][T18490] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3267.652364][T18490] CPU: 1 PID: 18490 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3267.660386][T18490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3267.670475][T18490] Call Trace: [ 3267.673805][T18490] dump_stack+0x172/0x1f0 [ 3267.678171][T18490] dump_header+0x10f/0xb6c [ 3267.682618][T18490] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3267.688736][T18490] ? ___ratelimit+0x60/0x595 [ 3267.693383][T18490] ? do_raw_spin_unlock+0x57/0x270 [ 3267.698543][T18490] oom_kill_process.cold+0x10/0x15 [ 3267.703699][T18490] out_of_memory+0x79a/0x1280 [ 3267.708437][T18490] ? __sched_text_start+0x8/0x8 [ 3267.713332][T18490] ? oom_killer_disable+0x280/0x280 [ 3267.718570][T18490] ? cgroup_file_notify+0x140/0x1b0 [ 3267.723816][T18490] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3267.729406][T18490] ? memcg_event_wake+0x230/0x230 [ 3267.734484][T18490] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3267.740353][T18490] ? cgroup_file_notify+0x140/0x1b0 [ 3267.745602][T18490] memory_max_write+0x169/0x300 [ 3267.750489][T18490] ? kernfs_fop_write+0x204/0x480 [ 3267.755575][T18490] ? mem_cgroup_write+0x360/0x360 [ 3267.760731][T18490] ? lock_acquire+0x16f/0x3f0 [ 3267.765446][T18490] ? kernfs_fop_write+0x227/0x480 [ 3267.770514][T18490] cgroup_file_write+0x245/0x7a0 [ 3267.775518][T18490] ? mem_cgroup_write+0x360/0x360 [ 3267.780591][T18490] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3267.786289][T18490] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3267.791961][T18490] kernfs_fop_write+0x2ba/0x480 [ 3267.796865][T18490] __vfs_write+0x8d/0x110 [ 3267.801226][T18490] ? kernfs_fop_open+0xd90/0xd90 [ 3267.806204][T18490] vfs_write+0x20c/0x580 [ 3267.810510][T18490] ksys_write+0x14f/0x2d0 [ 3267.814886][T18490] ? __ia32_sys_read+0xb0/0xb0 [ 3267.819698][T18490] ? do_fast_syscall_32+0xd1/0xc98 [ 3267.824849][T18490] ? entry_SYSENTER_compat+0x70/0x7f [ 3267.830171][T18490] ? do_fast_syscall_32+0xd1/0xc98 [ 3267.835321][T18490] __ia32_sys_write+0x71/0xb0 [ 3267.840030][T18490] do_fast_syscall_32+0x281/0xc98 [ 3267.845096][T18490] entry_SYSENTER_compat+0x70/0x7f [ 3267.850244][T18490] RIP: 0023:0xf7f1a869 [ 3267.854335][T18490] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3267.873959][T18490] RSP: 002b:00000000f5cf50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3267.882420][T18490] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3267.890424][T18490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3267.898513][T18490] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3267.906514][T18490] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3267.914516][T18490] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3267.945102][T18490] memory: usage 4588kB, limit 0kB, failcnt 1459 [ 3267.951621][T18490] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3267.960404][T18490] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3267.968103][T18490] Memory cgroup stats for /syz4: cache:84KB rss:168KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:124KB inactive_file:0KB active_file:0KB unevictable:0KB 00:30:41 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:41 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:30:41 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:41 executing program 3: open(&(0x7f0000000040)='./file0\x00', 0x8040, 0x0) acct(&(0x7f00000000c0)='./file0\x00') fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) 00:30:41 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4b020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:41 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xaf00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3267.989622][T18490] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18488,uid=0 [ 3268.008562][T18490] Memory cgroup out of memory: Killed process 18488 (syz-executor.4) total-vm:72452kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3268.026003][ T1044] oom_reaper: reaped process 18488 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3268.081965][T18482] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3268.166420][T18482] CPU: 1 PID: 18482 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3268.174664][T18482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3268.185674][T18482] Call Trace: [ 3268.189000][T18482] dump_stack+0x172/0x1f0 [ 3268.193365][T18482] dump_header+0x10f/0xb6c [ 3268.197829][T18482] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3268.203665][T18482] ? ___ratelimit+0x60/0x595 [ 3268.208283][T18482] ? do_raw_spin_unlock+0x57/0x270 [ 3268.213420][T18482] oom_kill_process.cold+0x10/0x15 [ 3268.218569][T18482] out_of_memory+0x79a/0x1280 [ 3268.223276][T18482] ? lock_downgrade+0x880/0x880 [ 3268.228177][T18482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3268.234456][T18482] ? oom_killer_disable+0x280/0x280 [ 3268.239688][T18482] ? find_held_lock+0x35/0x130 [ 3268.244495][T18482] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3268.250073][T18482] ? memcg_event_wake+0x230/0x230 [ 3268.255151][T18482] ? do_raw_spin_unlock+0x57/0x270 [ 3268.260294][T18482] ? _raw_spin_unlock+0x2d/0x50 [ 3268.265180][T18482] try_charge+0x102c/0x15c0 [ 3268.269722][T18482] ? find_held_lock+0x35/0x130 [ 3268.274521][T18482] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3268.280095][T18482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3268.286387][T18482] ? kasan_check_read+0x11/0x20 [ 3268.292720][T18482] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3268.298311][T18482] mem_cgroup_try_charge+0x24d/0x5e0 [ 3268.303645][T18482] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3268.309330][T18482] __handle_mm_fault+0x1e1f/0x3ec0 00:30:41 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3268.314506][T18482] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3268.320091][T18482] ? find_held_lock+0x35/0x130 [ 3268.324901][T18482] ? handle_mm_fault+0x322/0xb30 [ 3268.329890][T18482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3268.336185][T18482] ? kasan_check_read+0x11/0x20 [ 3268.341079][T18482] handle_mm_fault+0x43f/0xb30 [ 3268.345900][T18482] __do_page_fault+0x5ef/0xda0 [ 3268.350713][T18482] do_page_fault+0x71/0x581 [ 3268.355260][T18482] ? page_fault+0x8/0x30 [ 3268.359534][T18482] page_fault+0x1e/0x30 [ 3268.363724][T18482] RIP: 0023:0x804afea [ 3268.367744][T18482] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3268.387380][T18482] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3268.393477][T18482] RAX: 000000000845fde0 RBX: 0000000000000016 RCX: 000000000845fd80 [ 3268.401508][T18482] RDX: 000000000000000c RSI: 000000000031dbed RDI: 0000000000000000 [ 3268.409506][T18482] RBP: 0000000000000016 R08: 0000000000000000 R09: 0000000000000000 00:30:42 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3268.417504][T18482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3268.425504][T18482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:30:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x32, 0x0, 0x0) close(r2) close(r1) 00:30:42 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:42 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3268.729078][T18482] memory: usage 4284kB, limit 0kB, failcnt 1468 [ 3268.764315][T18482] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 00:30:42 executing program 5: syz_emit_ethernet(0x0, 0x0, 0x0) [ 3268.795612][T18482] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3268.806255][T18482] Memory cgroup stats for /syz4: cache:84KB rss:168KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3268.875436][T18482] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18482,uid=0 [ 3268.927299][T18482] Memory cgroup out of memory: Killed process 18482 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3268.983852][ T1044] oom_reaper: reaped process 18482 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:30:43 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:43 executing program 5: syz_emit_ethernet(0x0, 0x0, 0x0) 00:30:43 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:43 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x200000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001600)="2e000000130081c5e4050cecdb4cb9040a485e4325000000000000000000f9000600b0ebb06ac40006001400f9ff", 0x2e}], 0x1}, 0x0) 00:30:43 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4c000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:43 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xaf01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:43 executing program 5: syz_emit_ethernet(0x0, 0x0, 0x0) 00:30:43 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:43 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000200)={r4, 0x401, 0x2, r4}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r3, 0x0, 0x2, r4}) 00:30:43 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f"}, 0x0) 00:30:43 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:43 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f"}, 0x0) 00:30:43 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:43 executing program 5: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f"}, 0x0) 00:30:44 executing program 5: 00:30:44 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4c010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:44 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xaf02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:44 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:44 executing program 5: [ 3271.847633][T18597] IPVS: ftp: loaded support on port[0] = 21 [ 3272.611086][T18597] chnl_net:caif_netlink_parms(): no params data found [ 3272.729291][T18597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3272.737613][T18597] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.748810][T18597] device bridge_slave_0 entered promiscuous mode [ 3272.759548][T18597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3272.767315][T18597] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.778433][T18597] device bridge_slave_1 entered promiscuous mode [ 3272.817713][T18597] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3272.834752][T18597] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3272.921788][T18597] team0: Port device team_slave_0 added [ 3272.935222][T18597] team0: Port device team_slave_1 added [ 3273.149796][T18597] device hsr_slave_0 entered promiscuous mode [ 3273.276469][T18597] device hsr_slave_1 entered promiscuous mode [ 3273.536551][T18597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3273.543738][T18597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3273.551313][T18597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3273.558551][T18597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3273.636358][ T4660] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.646569][ T4660] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.960209][T18597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3273.993919][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3274.003012][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3274.026860][T18597] 8021q: adding VLAN 0 to HW filter on device team0 [ 3274.248484][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3274.259979][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3274.269947][ T7937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3274.277125][ T7937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3274.306451][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3274.321424][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3274.331319][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3274.338464][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3274.413899][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3274.444874][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3274.525900][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3274.538293][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3274.565310][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3274.584482][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3274.597092][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3274.696530][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3274.726768][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3274.753690][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3274.768937][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3274.863287][T18597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3274.995586][T18597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3275.147367][T18603] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3275.167889][T18603] CPU: 0 PID: 18603 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3275.178339][T18603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3275.188431][T18603] Call Trace: [ 3275.191739][T18603] dump_stack+0x172/0x1f0 [ 3275.196081][T18603] dump_header+0x10f/0xb6c [ 3275.200523][T18603] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3275.206356][T18603] ? ___ratelimit+0x60/0x595 [ 3275.210950][T18603] ? do_raw_spin_unlock+0x57/0x270 [ 3275.216071][T18603] oom_kill_process.cold+0x10/0x15 [ 3275.221186][T18603] out_of_memory+0x79a/0x1280 [ 3275.225872][T18603] ? lock_downgrade+0x880/0x880 [ 3275.230862][T18603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.237108][T18603] ? oom_killer_disable+0x280/0x280 [ 3275.242336][T18603] ? find_held_lock+0x35/0x130 [ 3275.247201][T18603] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3275.252767][T18603] ? memcg_event_wake+0x230/0x230 [ 3275.257888][T18603] ? do_raw_spin_unlock+0x57/0x270 [ 3275.263008][T18603] ? _raw_spin_unlock+0x2d/0x50 [ 3275.267869][T18603] try_charge+0x102c/0x15c0 [ 3275.272370][T18603] ? find_held_lock+0x35/0x130 [ 3275.277155][T18603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3275.282796][T18603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.289045][T18603] ? kasan_check_read+0x11/0x20 [ 3275.293904][T18603] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3275.299461][T18603] mem_cgroup_try_charge+0x24d/0x5e0 [ 3275.306167][T18603] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3275.311979][T18603] __handle_mm_fault+0x1e1f/0x3ec0 [ 3275.317128][T18603] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3275.322694][T18603] ? find_held_lock+0x35/0x130 [ 3275.327462][T18603] ? handle_mm_fault+0x322/0xb30 [ 3275.332498][T18603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.338748][T18603] ? kasan_check_read+0x11/0x20 [ 3275.343607][T18603] handle_mm_fault+0x43f/0xb30 [ 3275.348467][T18603] __do_page_fault+0x5ef/0xda0 [ 3275.353325][T18603] do_page_fault+0x71/0x581 [ 3275.357838][T18603] ? page_fault+0x8/0x30 [ 3275.362099][T18603] page_fault+0x1e/0x30 [ 3275.366792][T18603] RIP: 0023:0x8055172 [ 3275.371050][T18603] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3275.390746][T18603] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3275.396919][T18603] RAX: 00000000f5db1b40 RBX: 0000000000020000 RCX: 00000000f5d91000 [ 3275.404978][T18603] RDX: 0000000000000003 RSI: 00000000f5db1b40 RDI: 0000000000021000 [ 3275.412955][T18603] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3275.421030][T18603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3275.429001][T18603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3275.453600][T18603] memory: usage 4544kB, limit 0kB, failcnt 1477 [ 3275.460063][T18603] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3275.467777][T18603] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3275.474810][T18603] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3275.495635][T18603] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18603,uid=0 [ 3275.514076][T18603] Memory cgroup out of memory: Killed process 18603 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB 00:30:49 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:49 executing program 3: 00:30:49 executing program 5: 00:30:49 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:49 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4c020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:49 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb000000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3275.538340][ T1044] oom_reaper: reaped process 18603 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB 00:30:49 executing program 5: 00:30:49 executing program 3: [ 3275.629698][T18597] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3275.733730][T18597] CPU: 0 PID: 18597 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3275.741770][T18597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3275.752086][T18597] Call Trace: [ 3275.755552][T18597] dump_stack+0x172/0x1f0 [ 3275.755575][T18597] dump_header+0x10f/0xb6c [ 3275.755604][T18597] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3275.770247][T18597] ? ___ratelimit+0x60/0x595 [ 3275.774863][T18597] ? do_raw_spin_unlock+0x57/0x270 [ 3275.780422][T18597] oom_kill_process.cold+0x10/0x15 [ 3275.785715][T18597] out_of_memory+0x79a/0x1280 [ 3275.790490][T18597] ? lock_downgrade+0x880/0x880 [ 3275.795356][T18597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.795373][T18597] ? oom_killer_disable+0x280/0x280 [ 3275.795385][T18597] ? find_held_lock+0x35/0x130 [ 3275.795410][T18597] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3275.795425][T18597] ? memcg_event_wake+0x230/0x230 [ 3275.795443][T18597] ? do_raw_spin_unlock+0x57/0x270 [ 3275.795461][T18597] ? _raw_spin_unlock+0x2d/0x50 [ 3275.795479][T18597] try_charge+0x102c/0x15c0 [ 3275.795491][T18597] ? find_held_lock+0x35/0x130 [ 3275.795522][T18597] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3275.812311][T18597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.812334][T18597] ? kasan_check_read+0x11/0x20 [ 3275.812356][T18597] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3275.812374][T18597] mem_cgroup_try_charge+0x24d/0x5e0 [ 3275.812395][T18597] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3275.812424][T18597] __handle_mm_fault+0x1e1f/0x3ec0 00:30:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfec66e070") sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffdb3, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0xa, 0x4}]}, 0x30}}, 0x0) [ 3275.848974][T18597] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3275.848992][T18597] ? find_held_lock+0x35/0x130 [ 3275.849008][T18597] ? handle_mm_fault+0x322/0xb30 [ 3275.849035][T18597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.849061][T18597] ? kasan_check_read+0x11/0x20 [ 3275.909489][T18597] handle_mm_fault+0x43f/0xb30 [ 3275.914280][T18597] __do_page_fault+0x5ef/0xda0 [ 3275.919057][T18597] do_page_fault+0x71/0x581 [ 3275.923569][T18597] ? page_fault+0x8/0x30 [ 3275.927815][T18597] page_fault+0x1e/0x30 00:30:49 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3275.932010][T18597] RIP: 0023:0x804afea [ 3275.935999][T18597] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3275.955609][T18597] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3275.961683][T18597] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3275.969661][T18597] RDX: 000000000000000c RSI: 000000000031f911 RDI: 0000000000000000 [ 3275.977660][T18597] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3275.985764][T18597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3275.993740][T18597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:30:49 executing program 3: msgrcv(0x0, &(0x7f0000000080)={0x0, ""/79}, 0x3c4, 0x0, 0xa423ad40a879dde5) [ 3276.115713][T18597] memory: usage 4280kB, limit 0kB, failcnt 1486 [ 3276.127742][T18597] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3276.138617][T18597] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3276.145700][T18597] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB 00:30:49 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3276.167176][T18597] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18597,uid=0 [ 3276.186612][T18597] Memory cgroup out of memory: Killed process 18597 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3276.227044][ T1044] oom_reaper: reaped process 18597 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB [ 3276.503930][T18622] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 00:30:50 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000300)=0x8, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) getsockopt$sock_timeval(r0, 0x1, 0x14, 0x0, &(0x7f0000000040)) close(r0) 00:30:50 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:50 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") shutdown(r0, 0x2) 00:30:50 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4d000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3277.046126][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 00:30:50 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb001000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:50 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") shutdown(r0, 0x2) 00:30:50 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="88212a060c0832dbea6e5dc356e4c716ee01a241a20c590409c15aab7df5482b0b61c419eec86889c5461b8f02770d9a76c28871119fc708054dc5b84556eb51fd", 0x41) 00:30:50 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:50 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xae02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:50 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4d010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:51 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") shutdown(r0, 0x2) 00:30:51 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:51 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:51 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:51 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:51 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") shutdown(r0, 0x2) 00:30:52 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb002000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:52 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:52 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) close(r1) socket$inet_udplite(0x2, 0x2, 0x88) shutdown(r0, 0x2) 00:30:52 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) 00:30:52 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4d020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:52 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:52 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) close(r1) shutdown(r0, 0x2) [ 3279.752871][T18726] IPVS: ftp: loaded support on port[0] = 21 [ 3280.580675][T18726] chnl_net:caif_netlink_parms(): no params data found [ 3280.679527][T18726] bridge0: port 1(bridge_slave_0) entered blocking state [ 3280.687914][T18726] bridge0: port 1(bridge_slave_0) entered disabled state [ 3280.699177][T18726] device bridge_slave_0 entered promiscuous mode [ 3280.709882][T18726] bridge0: port 2(bridge_slave_1) entered blocking state [ 3280.719717][T18726] bridge0: port 2(bridge_slave_1) entered disabled state [ 3280.731447][T18726] device bridge_slave_1 entered promiscuous mode [ 3280.847528][T18726] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3280.912356][T18726] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3280.948125][T18726] team0: Port device team_slave_0 added [ 3280.960733][T18726] team0: Port device team_slave_1 added [ 3281.069454][T18726] device hsr_slave_0 entered promiscuous mode [ 3281.177020][T18726] device hsr_slave_1 entered promiscuous mode [ 3281.411293][T18726] bridge0: port 2(bridge_slave_1) entered blocking state [ 3281.418508][T18726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3281.426067][T18726] bridge0: port 1(bridge_slave_0) entered blocking state [ 3281.433281][T18726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3281.548497][ T4660] bridge0: port 1(bridge_slave_0) entered disabled state [ 3281.558465][ T4660] bridge0: port 2(bridge_slave_1) entered disabled state [ 3281.880056][T18726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3281.915133][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3281.925193][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3282.014023][T18726] 8021q: adding VLAN 0 to HW filter on device team0 [ 3282.035266][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3282.046024][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3282.056733][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3282.063874][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3282.144466][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3282.156203][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3282.166389][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3282.173529][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3282.211694][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3282.300956][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3282.327219][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3282.338480][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3282.412648][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3282.449493][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3282.464097][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3282.474930][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3282.496446][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3282.579747][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3282.597311][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3282.611418][T18726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3282.781492][T18726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3282.956355][T18738] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3282.971617][T18738] CPU: 0 PID: 18738 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3282.979630][T18738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3282.989696][T18738] Call Trace: [ 3282.993008][T18738] dump_stack+0x172/0x1f0 [ 3282.997353][T18738] dump_header+0x10f/0xb6c [ 3283.001777][T18738] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3283.007612][T18738] ? ___ratelimit+0x60/0x595 [ 3283.012246][T18738] ? do_raw_spin_unlock+0x57/0x270 [ 3283.017400][T18738] oom_kill_process.cold+0x10/0x15 [ 3283.022551][T18738] out_of_memory+0x79a/0x1280 [ 3283.027704][T18738] ? lock_downgrade+0x880/0x880 [ 3283.032578][T18738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.038861][T18738] ? oom_killer_disable+0x280/0x280 [ 3283.044177][T18738] ? find_held_lock+0x35/0x130 [ 3283.048982][T18738] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3283.056106][T18738] ? memcg_event_wake+0x230/0x230 [ 3283.061166][T18738] ? do_raw_spin_unlock+0x57/0x270 [ 3283.066293][T18738] ? _raw_spin_unlock+0x2d/0x50 [ 3283.071162][T18738] try_charge+0x102c/0x15c0 [ 3283.075695][T18738] ? find_held_lock+0x35/0x130 [ 3283.080481][T18738] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3283.086140][T18738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.092426][T18738] ? kasan_check_read+0x11/0x20 [ 3283.097299][T18738] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3283.102864][T18738] mem_cgroup_try_charge+0x24d/0x5e0 [ 3283.108182][T18738] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3283.113838][T18738] __handle_mm_fault+0x1e1f/0x3ec0 [ 3283.118968][T18738] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3283.124525][T18738] ? find_held_lock+0x35/0x130 [ 3283.129559][T18738] ? handle_mm_fault+0x322/0xb30 [ 3283.134530][T18738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.140801][T18738] ? kasan_check_read+0x11/0x20 [ 3283.145666][T18738] handle_mm_fault+0x43f/0xb30 [ 3283.150529][T18738] __do_page_fault+0x5ef/0xda0 [ 3283.155393][T18738] do_page_fault+0x71/0x581 [ 3283.159906][T18738] ? page_fault+0x8/0x30 [ 3283.164166][T18738] page_fault+0x1e/0x30 [ 3283.168323][T18738] RIP: 0023:0x8055172 [ 3283.172332][T18738] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3283.191955][T18738] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3283.198036][T18738] RAX: 00000000f5d3ab40 RBX: 0000000000020000 RCX: 00000000f5d1a000 [ 3283.206018][T18738] RDX: 0000000000000003 RSI: 00000000f5d3ab40 RDI: 0000000000021000 [ 3283.214001][T18738] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3283.221982][T18738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3283.229964][T18738] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3283.249888][T18738] memory: usage 4524kB, limit 0kB, failcnt 1495 [ 3283.257406][T18738] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3283.265832][T18738] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3283.272818][T18738] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB 00:30:56 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:56 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:56 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x8013, r0, 0x8000080000000) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x101000, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000000c0)={0x0, 0x0, 0x401}) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x100) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000140)={r2, 0x0, r3}) 00:30:56 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:30:56 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4e000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:56 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb100000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3283.298651][T18738] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18738,uid=0 [ 3283.316416][T18738] Memory cgroup out of memory: Killed process 18738 (syz-executor.4) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB [ 3283.334134][ T1044] oom_reaper: reaped process 18738 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB 00:30:56 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xa801, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3283.410514][T18726] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3283.472938][T18726] CPU: 0 PID: 18726 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3283.480984][T18726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3283.491056][T18726] Call Trace: [ 3283.494369][T18726] dump_stack+0x172/0x1f0 [ 3283.498717][T18726] dump_header+0x10f/0xb6c [ 3283.503157][T18726] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3283.508990][T18726] ? ___ratelimit+0x60/0x595 [ 3283.513593][T18726] ? do_raw_spin_unlock+0x57/0x270 [ 3283.518717][T18726] oom_kill_process.cold+0x10/0x15 [ 3283.523837][T18726] out_of_memory+0x79a/0x1280 [ 3283.523857][T18726] ? lock_downgrade+0x880/0x880 [ 3283.523873][T18726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.523886][T18726] ? oom_killer_disable+0x280/0x280 [ 3283.523897][T18726] ? find_held_lock+0x35/0x130 [ 3283.523920][T18726] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3283.523932][T18726] ? memcg_event_wake+0x230/0x230 [ 3283.523951][T18726] ? do_raw_spin_unlock+0x57/0x270 [ 3283.523969][T18726] ? _raw_spin_unlock+0x2d/0x50 [ 3283.523988][T18726] try_charge+0x102c/0x15c0 [ 3283.533500][T18726] ? find_held_lock+0x35/0x130 [ 3283.533522][T18726] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3283.533537][T18726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.533555][T18726] ? kasan_check_read+0x11/0x20 [ 3283.533571][T18726] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3283.533587][T18726] mem_cgroup_try_charge+0x24d/0x5e0 [ 3283.533606][T18726] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3283.533624][T18726] __handle_mm_fault+0x1e1f/0x3ec0 [ 3283.533643][T18726] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3283.533661][T18726] ? find_held_lock+0x35/0x130 [ 3283.628146][T18726] ? handle_mm_fault+0x322/0xb30 [ 3283.633225][T18726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.639487][T18726] ? kasan_check_read+0x11/0x20 [ 3283.644357][T18726] handle_mm_fault+0x43f/0xb30 [ 3283.649250][T18726] __do_page_fault+0x5ef/0xda0 [ 3283.654028][T18726] do_page_fault+0x71/0x581 [ 3283.658548][T18726] ? page_fault+0x8/0x30 [ 3283.662798][T18726] page_fault+0x1e/0x30 [ 3283.666988][T18726] RIP: 0023:0x804afea 00:30:57 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) shutdown(r0, 0x2) [ 3283.670972][T18726] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3283.690614][T18726] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3283.696687][T18726] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3283.704669][T18726] RDX: 000000000000000c RSI: 000000000032177e RDI: 0000000000000000 [ 3283.712678][T18726] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 00:30:57 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:57 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) shutdown(r0, 0x2) [ 3283.720776][T18726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3283.728773][T18726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3283.783388][T18726] memory: usage 4260kB, limit 0kB, failcnt 1504 [ 3283.807933][T18726] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 00:30:57 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3283.838614][T18726] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3283.856865][T18726] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB 00:30:57 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) shutdown(r0, 0x2) [ 3283.943130][T18726] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18726,uid=0 [ 3284.009834][T18726] Memory cgroup out of memory: Killed process 18726 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3284.042836][ T1044] oom_reaper: reaped process 18726 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB 00:30:58 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:58 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:30:58 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:58 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:58 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4e010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:58 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb101000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:30:58 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:30:58 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x1, 0x2) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x7b) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x8013, r0, 0x8000080000000) 00:30:58 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:58 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:30:58 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:58 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:30:58 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x2a, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) 00:30:59 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:59 executing program 5: r0 = socket(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x10}, {r0, 0x4000}, {0xffffffffffffffff, 0x1109}, {0xffffffffffffffff, 0x4004}, {0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {}], 0x9, 0x5193) shutdown(r0, 0x2) 00:30:59 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:30:59 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4e020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:00 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb102000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:00 executing program 5: r0 = socket(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x10}, {r0, 0x4000}, {0xffffffffffffffff, 0x1109}, {0xffffffffffffffff, 0x4004}, {0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:00 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:00 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x2a00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3287.245839][T18852] IPVS: ftp: loaded support on port[0] = 21 [ 3288.376196][T18852] chnl_net:caif_netlink_parms(): no params data found [ 3288.501445][T18852] bridge0: port 1(bridge_slave_0) entered blocking state [ 3288.509972][T18852] bridge0: port 1(bridge_slave_0) entered disabled state [ 3288.521804][T18852] device bridge_slave_0 entered promiscuous mode [ 3288.534592][T18852] bridge0: port 2(bridge_slave_1) entered blocking state [ 3288.541836][T18852] bridge0: port 2(bridge_slave_1) entered disabled state [ 3288.559655][T18852] device bridge_slave_1 entered promiscuous mode [ 3288.699522][T18852] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3288.726980][T18852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3288.831910][T18852] team0: Port device team_slave_0 added [ 3288.845772][T18852] team0: Port device team_slave_1 added [ 3288.970352][T18852] device hsr_slave_0 entered promiscuous mode [ 3289.026335][T18852] device hsr_slave_1 entered promiscuous mode [ 3289.644945][T18852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3289.721736][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3289.733385][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3289.758552][T18852] 8021q: adding VLAN 0 to HW filter on device team0 [ 3289.831815][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3289.843228][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3289.853218][T11937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3289.860397][T11937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3289.885391][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3289.896542][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3289.907693][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3289.919569][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3289.926740][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3289.997547][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3290.023022][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3290.049870][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3290.061760][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3290.124139][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3290.133999][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3290.145626][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3290.261737][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3290.272973][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3290.293811][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3290.305047][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3290.478433][T18852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3290.638653][T18852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3290.771356][T18861] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3290.782513][T18861] CPU: 1 PID: 18861 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3290.790874][T18861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3290.800949][T18861] Call Trace: [ 3290.804279][T18861] dump_stack+0x172/0x1f0 [ 3290.808632][T18861] dump_header+0x10f/0xb6c [ 3290.813064][T18861] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3290.818899][T18861] ? ___ratelimit+0x60/0x595 [ 3290.823502][T18861] ? do_raw_spin_unlock+0x57/0x270 [ 3290.828630][T18861] oom_kill_process.cold+0x10/0x15 [ 3290.833754][T18861] out_of_memory+0x79a/0x1280 [ 3290.838474][T18861] ? __sched_text_start+0x8/0x8 [ 3290.843335][T18861] ? oom_killer_disable+0x280/0x280 [ 3290.848550][T18861] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3290.854103][T18861] ? memcg_event_wake+0x230/0x230 [ 3290.859167][T18861] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3290.864996][T18861] ? cgroup_file_notify+0x140/0x1b0 [ 3290.870230][T18861] memory_max_write+0x169/0x300 [ 3290.875091][T18861] ? kernfs_fop_write+0x204/0x480 [ 3290.880143][T18861] ? mem_cgroup_write+0x360/0x360 [ 3290.885184][T18861] ? lock_acquire+0x16f/0x3f0 [ 3290.889869][T18861] ? kernfs_fop_write+0x227/0x480 [ 3290.894918][T18861] cgroup_file_write+0x245/0x7a0 [ 3290.899873][T18861] ? mem_cgroup_write+0x360/0x360 [ 3290.904911][T18861] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3290.910583][T18861] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3290.916266][T18861] kernfs_fop_write+0x2ba/0x480 [ 3290.921235][T18861] __vfs_write+0x8d/0x110 [ 3290.925553][T18861] ? kernfs_fop_open+0xd90/0xd90 [ 3290.930511][T18861] vfs_write+0x20c/0x580 [ 3290.934746][T18861] ksys_write+0x14f/0x2d0 [ 3290.939079][T18861] ? __ia32_sys_read+0xb0/0xb0 [ 3290.943843][T18861] ? do_fast_syscall_32+0xd1/0xc98 [ 3290.948942][T18861] ? entry_SYSENTER_compat+0x70/0x7f [ 3290.954240][T18861] ? do_fast_syscall_32+0xd1/0xc98 [ 3290.959366][T18861] __ia32_sys_write+0x71/0xb0 [ 3290.964039][T18861] do_fast_syscall_32+0x281/0xc98 [ 3290.969077][T18861] entry_SYSENTER_compat+0x70/0x7f [ 3290.974179][T18861] RIP: 0023:0xf7f34869 [ 3290.978339][T18861] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3291.000432][T18861] RSP: 002b:00000000f5d300cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3291.008848][T18861] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3291.016819][T18861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3291.024794][T18861] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3291.037087][T18861] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3291.045113][T18861] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3291.206064][T18861] memory: usage 4500kB, limit 0kB, failcnt 1513 [ 3291.212815][T18861] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3291.231657][T18861] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3291.240444][T18861] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:72KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3291.262999][T18861] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18860,uid=0 [ 3291.292739][T18861] Memory cgroup out of memory: Killed process 18860 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3291.316540][ T1044] oom_reaper: reaped process 18860 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:31:05 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:05 executing program 5: r0 = socket(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x10}, {r0, 0x4000}, {0xffffffffffffffff, 0x1109}, {0xffffffffffffffff, 0x4004}, {0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:05 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:05 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x2a, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) 00:31:05 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4f000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:05 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb200000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3291.557699][T18852] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3291.573080][T18852] CPU: 0 PID: 18852 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3291.587481][T18852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3291.604696][T18852] Call Trace: [ 3291.610448][T18852] dump_stack+0x172/0x1f0 [ 3291.614789][T18852] dump_header+0x10f/0xb6c [ 3291.614807][T18852] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3291.614822][T18852] ? ___ratelimit+0x60/0x595 [ 3291.614838][T18852] ? do_raw_spin_unlock+0x57/0x270 [ 3291.614854][T18852] oom_kill_process.cold+0x10/0x15 [ 3291.614869][T18852] out_of_memory+0x79a/0x1280 [ 3291.614886][T18852] ? lock_downgrade+0x880/0x880 [ 3291.614903][T18852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3291.614917][T18852] ? oom_killer_disable+0x280/0x280 [ 3291.614927][T18852] ? find_held_lock+0x35/0x130 [ 3291.614952][T18852] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3291.614965][T18852] ? memcg_event_wake+0x230/0x230 [ 3291.614985][T18852] ? do_raw_spin_unlock+0x57/0x270 [ 3291.615000][T18852] ? _raw_spin_unlock+0x2d/0x50 [ 3291.615017][T18852] try_charge+0x102c/0x15c0 00:31:05 executing program 5: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r0, 0x10}, {0xffffffffffffffff, 0x4000}, {r0, 0x1109}, {r0, 0x4004}, {r0, 0x80}, {r0, 0x20}, {0xffffffffffffffff, 0x1000}, {0xffffffffffffffff, 0x1000}, {r0}], 0x9, 0x5193) shutdown(0xffffffffffffffff, 0x2) [ 3291.615029][T18852] ? find_held_lock+0x35/0x130 [ 3291.615051][T18852] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3291.615067][T18852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3291.615087][T18852] ? kasan_check_read+0x11/0x20 [ 3291.615102][T18852] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3291.615129][T18852] mem_cgroup_try_charge+0x24d/0x5e0 [ 3291.615151][T18852] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3291.615175][T18852] __handle_mm_fault+0x1e1f/0x3ec0 [ 3291.652379][T18852] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3291.652398][T18852] ? find_held_lock+0x35/0x130 [ 3291.652427][T18852] ? handle_mm_fault+0x322/0xb30 [ 3291.717111][T18852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3291.717143][T18852] ? kasan_check_read+0x11/0x20 [ 3291.717163][T18852] handle_mm_fault+0x43f/0xb30 [ 3291.717182][T18852] __do_page_fault+0x5ef/0xda0 [ 3291.717202][T18852] do_page_fault+0x71/0x581 [ 3291.717223][T18852] ? page_fault+0x8/0x30 [ 3291.717236][T18852] page_fault+0x1e/0x30 [ 3291.717248][T18852] RIP: 0023:0x804afea [ 3291.717265][T18852] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3291.717272][T18852] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3291.717284][T18852] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3291.717292][T18852] RDX: 000000000000000c RSI: 0000000000323621 RDI: 0000000000000000 [ 3291.717301][T18852] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3291.717308][T18852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3291.717316][T18852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3291.813671][T18852] memory: usage 4236kB, limit 0kB, failcnt 1522 00:31:05 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3291.821352][T18852] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3291.854725][T18852] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:31:05 executing program 3: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:05 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3292.143520][T18852] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3292.197562][T18852] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18852,uid=0 [ 3292.367368][T18852] Memory cgroup out of memory: Killed process 18852 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB 00:31:06 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3292.429529][ T1044] oom_reaper: reaped process 18852 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:31:06 executing program 5: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r0, 0x10}, {0xffffffffffffffff, 0x4000}, {r0, 0x1109}, {r0, 0x4004}, {r0, 0x80}, {r0, 0x20}, {0xffffffffffffffff, 0x1000}, {0xffffffffffffffff, 0x1000}, {r0}], 0x9, 0x5193) shutdown(0xffffffffffffffff, 0x2) [ 3292.724556][T18888] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3292.753849][T18888] CPU: 1 PID: 18888 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #84 [ 3292.761896][T18888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3292.771979][T18888] Call Trace: [ 3292.775316][T18888] dump_stack+0x172/0x1f0 [ 3292.779680][T18888] dump_header+0x10f/0xb6c [ 3292.784141][T18888] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3292.789982][T18888] ? ___ratelimit+0x60/0x595 [ 3292.794594][T18888] ? do_raw_spin_unlock+0x57/0x270 [ 3292.799745][T18888] oom_kill_process.cold+0x10/0x15 [ 3292.804914][T18888] out_of_memory+0x79a/0x1280 [ 3292.809615][T18888] ? __sched_text_start+0x8/0x8 [ 3292.814525][T18888] ? oom_killer_disable+0x280/0x280 [ 3292.819752][T18888] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3292.825311][T18888] ? memcg_event_wake+0x230/0x230 [ 3292.830359][T18888] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3292.836188][T18888] ? cgroup_file_notify+0x140/0x1b0 [ 3292.841499][T18888] memory_max_write+0x169/0x300 [ 3292.846367][T18888] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3292.851853][T18888] ? mem_cgroup_write+0x360/0x360 [ 3292.856901][T18888] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3292.862380][T18888] cgroup_file_write+0x245/0x7a0 [ 3292.867357][T18888] ? mem_cgroup_write+0x360/0x360 [ 3292.872395][T18888] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3292.878044][T18888] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3292.883690][T18888] kernfs_fop_write+0x2ba/0x480 [ 3292.888569][T18888] __vfs_write+0x8d/0x110 [ 3292.892903][T18888] ? kernfs_fop_open+0xd90/0xd90 [ 3292.897857][T18888] vfs_write+0x20c/0x580 [ 3292.902116][T18888] ksys_write+0x14f/0x2d0 [ 3292.906467][T18888] ? __ia32_sys_read+0xb0/0xb0 [ 3292.911243][T18888] ? do_fast_syscall_32+0xd1/0xc98 [ 3292.916364][T18888] ? entry_SYSENTER_compat+0x70/0x7f [ 3292.921660][T18888] ? do_fast_syscall_32+0xd1/0xc98 [ 3292.926793][T18888] __ia32_sys_write+0x71/0xb0 [ 3292.931486][T18888] do_fast_syscall_32+0x281/0xc98 [ 3292.936525][T18888] entry_SYSENTER_compat+0x70/0x7f [ 3292.941650][T18888] RIP: 0023:0xf7f1f869 [ 3292.945728][T18888] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3292.965363][T18888] RSP: 002b:00000000f5d1b0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3292.973790][T18888] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3292.981768][T18888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3292.989753][T18888] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3292.997738][T18888] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3293.005797][T18888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3293.093761][T18888] memory: usage 7780kB, limit 0kB, failcnt 371 [ 3293.104808][T18888] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3293.128030][T18888] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3293.293720][T18888] Memory cgroup stats for /syz3: cache:148KB rss:560KB rss_huge:0KB shmem:208KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:732KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3293.332521][T18888] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17826,uid=0 [ 3293.372418][T18888] Memory cgroup out of memory: Killed process 17826 (syz-executor.3) total-vm:72056kB, anon-rss:100kB, file-rss:35556kB, shmem-rss:0kB 00:31:07 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:07 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:07 executing program 5: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r0, 0x10}, {0xffffffffffffffff, 0x4000}, {r0, 0x1109}, {r0, 0x4004}, {r0, 0x80}, {r0, 0x20}, {0xffffffffffffffff, 0x1000}, {0xffffffffffffffff, 0x1000}, {r0}], 0x9, 0x5193) shutdown(0xffffffffffffffff, 0x2) 00:31:07 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4f010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:07 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:09 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb201000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:09 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:09 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:09 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x4f020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:09 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x2a, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) 00:31:09 executing program 5: r0 = socket(0x0, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:09 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:09 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:09 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x2a, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) 00:31:09 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:10 executing program 5: r0 = socket(0x0, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:10 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:10 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb202000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:10 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3297.643898][T18968] IPVS: ftp: loaded support on port[0] = 21 [ 3298.043732][T18972] IPVS: ftp: loaded support on port[0] = 21 [ 3298.411597][T18968] chnl_net:caif_netlink_parms(): no params data found [ 3298.569409][T18972] chnl_net:caif_netlink_parms(): no params data found [ 3298.628726][T18968] bridge0: port 1(bridge_slave_0) entered blocking state [ 3298.637872][T18968] bridge0: port 1(bridge_slave_0) entered disabled state [ 3298.649870][T18968] device bridge_slave_0 entered promiscuous mode [ 3298.742401][T18968] bridge0: port 2(bridge_slave_1) entered blocking state [ 3298.750499][T18968] bridge0: port 2(bridge_slave_1) entered disabled state [ 3298.761453][T18968] device bridge_slave_1 entered promiscuous mode [ 3298.791146][T18972] bridge0: port 1(bridge_slave_0) entered blocking state [ 3298.799334][T18972] bridge0: port 1(bridge_slave_0) entered disabled state [ 3298.810271][T18972] device bridge_slave_0 entered promiscuous mode [ 3298.820717][T18972] bridge0: port 2(bridge_slave_1) entered blocking state [ 3298.828441][T18972] bridge0: port 2(bridge_slave_1) entered disabled state [ 3298.840291][T18972] device bridge_slave_1 entered promiscuous mode [ 3298.936453][T18968] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3298.965014][T18968] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3298.984882][T18972] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3299.073003][T18972] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3299.098046][T18968] team0: Port device team_slave_0 added [ 3299.162082][T18968] team0: Port device team_slave_1 added [ 3299.189176][T18972] team0: Port device team_slave_0 added [ 3299.257253][T18972] team0: Port device team_slave_1 added [ 3299.409192][T18968] device hsr_slave_0 entered promiscuous mode [ 3299.516912][T18968] device hsr_slave_1 entered promiscuous mode [ 3299.749283][T18972] device hsr_slave_0 entered promiscuous mode [ 3299.806539][T18972] device hsr_slave_1 entered promiscuous mode [ 3300.457577][T18968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3300.521429][T18972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3300.610598][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3300.621341][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3300.739923][T18968] 8021q: adding VLAN 0 to HW filter on device team0 [ 3300.749772][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3300.762104][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3300.844957][T18972] 8021q: adding VLAN 0 to HW filter on device team0 [ 3300.852845][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3300.863999][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3300.873084][T17386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3300.880260][T17386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3300.973061][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3300.983873][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3300.997582][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3301.007470][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3301.014620][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3301.041437][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3301.054565][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3301.064548][ T4660] bridge0: port 1(bridge_slave_0) entered blocking state [ 3301.071630][ T4660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3301.154054][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3301.168232][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3301.182103][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3301.194867][ T4660] bridge0: port 2(bridge_slave_1) entered blocking state [ 3301.202580][ T4660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3301.215469][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3301.351541][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3301.366249][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3301.457451][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3301.471065][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3301.483297][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3301.572956][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3301.609283][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3301.620983][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3301.632067][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3301.644135][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3301.739741][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3301.751902][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3301.770080][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3301.788035][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3301.800049][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3301.888643][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3301.898836][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3301.910870][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3301.925463][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3302.015407][T18972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3302.026509][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3302.037359][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3302.135562][T18968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3302.267202][T18972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3302.403177][T18968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3302.699112][T18981] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3302.736564][T18981] CPU: 1 PID: 18981 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3302.744597][T18981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3302.754700][T18981] Call Trace: [ 3302.758014][T18981] dump_stack+0x172/0x1f0 [ 3302.762355][T18981] dump_header+0x10f/0xb6c [ 3302.766781][T18981] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3302.772598][T18981] ? ___ratelimit+0x60/0x595 [ 3302.777198][T18981] ? do_raw_spin_unlock+0x57/0x270 [ 3302.782317][T18981] oom_kill_process.cold+0x10/0x15 [ 3302.787435][T18981] out_of_memory+0x79a/0x1280 [ 3302.792146][T18981] ? lock_downgrade+0x880/0x880 [ 3302.797000][T18981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3302.803248][T18981] ? oom_killer_disable+0x280/0x280 [ 3302.808448][T18981] ? find_held_lock+0x35/0x130 [ 3302.813224][T18981] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3302.818784][T18981] ? memcg_event_wake+0x230/0x230 [ 3302.823821][T18981] ? do_raw_spin_unlock+0x57/0x270 [ 3302.828939][T18981] ? _raw_spin_unlock+0x2d/0x50 [ 3302.833796][T18981] try_charge+0x102c/0x15c0 [ 3302.838306][T18981] ? find_held_lock+0x35/0x130 [ 3302.843083][T18981] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3302.848652][T18981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3302.854913][T18981] ? kasan_check_read+0x11/0x20 [ 3302.859807][T18981] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3302.865365][T18981] mem_cgroup_try_charge+0x24d/0x5e0 [ 3302.870666][T18981] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3302.876753][T18981] __handle_mm_fault+0x1e1f/0x3ec0 [ 3302.881879][T18981] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3302.887455][T18981] ? find_held_lock+0x35/0x130 [ 3302.892235][T18981] ? handle_mm_fault+0x322/0xb30 [ 3302.897213][T18981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3302.903472][T18981] ? kasan_check_read+0x11/0x20 [ 3302.908336][T18981] handle_mm_fault+0x43f/0xb30 [ 3302.913111][T18981] __do_page_fault+0x5ef/0xda0 [ 3302.917934][T18981] do_page_fault+0x71/0x581 [ 3302.922532][T18981] ? page_fault+0x8/0x30 [ 3302.926781][T18981] page_fault+0x1e/0x30 [ 3302.930960][T18981] RIP: 0023:0x8055172 [ 3302.934966][T18981] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3302.954672][T18981] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3302.960839][T18981] RAX: 00000000f5d52b40 RBX: 0000000000020000 RCX: 00000000f5d32000 [ 3302.968827][T18981] RDX: 0000000000000003 RSI: 00000000f5d52b40 RDI: 0000000000021000 [ 3302.976810][T18981] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3302.984877][T18981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3302.992875][T18981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3303.006591][T18981] memory: usage 4492kB, limit 0kB, failcnt 1531 [ 3303.015175][T18981] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3303.029344][T18981] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3303.038269][T18981] Memory cgroup stats for /syz4: cache:84KB rss:168KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3303.133617][T18981] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18981,uid=0 [ 3303.166750][T18981] Memory cgroup out of memory: Killed process 18981 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB 00:31:16 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) [ 3303.201335][ T1044] oom_reaper: reaped process 18981 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB 00:31:16 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb300000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:16 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x50000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:16 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:16 executing program 5: r0 = socket(0x0, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) [ 3303.288843][T18968] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3303.343349][T18968] CPU: 0 PID: 18968 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3303.351406][T18968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3303.351414][T18968] Call Trace: [ 3303.351447][T18968] dump_stack+0x172/0x1f0 [ 3303.351474][T18968] dump_header+0x10f/0xb6c [ 3303.373631][T18968] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3303.379457][T18968] ? ___ratelimit+0x60/0x595 [ 3303.384064][T18968] ? do_raw_spin_unlock+0x57/0x270 [ 3303.389200][T18968] oom_kill_process.cold+0x10/0x15 [ 3303.394343][T18968] out_of_memory+0x79a/0x1280 [ 3303.399039][T18968] ? lock_downgrade+0x880/0x880 [ 3303.403904][T18968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3303.410194][T18968] ? oom_killer_disable+0x280/0x280 [ 3303.415433][T18968] ? find_held_lock+0x35/0x130 [ 3303.420220][T18968] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3303.420244][T18968] ? memcg_event_wake+0x230/0x230 [ 3303.430828][T18968] ? do_raw_spin_unlock+0x57/0x270 [ 3303.435951][T18968] ? _raw_spin_unlock+0x2d/0x50 [ 3303.440818][T18968] try_charge+0x102c/0x15c0 [ 3303.445335][T18968] ? find_held_lock+0x35/0x130 [ 3303.450132][T18968] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3303.455692][T18968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3303.455713][T18968] ? kasan_check_read+0x11/0x20 [ 3303.455732][T18968] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3303.455747][T18968] mem_cgroup_try_charge+0x24d/0x5e0 [ 3303.455767][T18968] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3303.455785][T18968] __handle_mm_fault+0x1e1f/0x3ec0 [ 3303.455808][T18968] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3303.488415][T18968] ? find_held_lock+0x35/0x130 [ 3303.488437][T18968] ? handle_mm_fault+0x322/0xb30 [ 3303.488462][T18968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3303.488483][T18968] ? kasan_check_read+0x11/0x20 [ 3303.514803][T18968] handle_mm_fault+0x43f/0xb30 [ 3303.519581][T18968] __do_page_fault+0x5ef/0xda0 [ 3303.524372][T18968] do_page_fault+0x71/0x581 [ 3303.528884][T18968] ? page_fault+0x8/0x30 [ 3303.533144][T18968] page_fault+0x1e/0x30 [ 3303.537309][T18968] RIP: 0023:0x804afea [ 3303.541293][T18968] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3303.560937][T18968] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3303.567021][T18968] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3303.575008][T18968] RDX: 000000000000000c RSI: 0000000000326469 RDI: 0000000000000000 [ 3303.583000][T18968] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3303.590985][T18968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3303.598968][T18968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3303.684520][T18968] memory: usage 4228kB, limit 0kB, failcnt 1540 [ 3303.690971][T18968] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3303.709382][T18968] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:31:17 executing program 3: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:17 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3303.732543][T18968] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3303.835550][T18968] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18968,uid=0 00:31:17 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:17 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x2602000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3303.964384][T18968] Memory cgroup out of memory: Killed process 18968 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3304.019850][ T1044] oom_reaper: reaped process 18968 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:31:17 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:17 executing program 5: r0 = socket(0x2, 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:17 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:18 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:18 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb301000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:18 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:18 executing program 5: r0 = socket(0x2, 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:18 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x80040800000000, 0x8013, r0, 0x8000080000000) 00:31:18 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x50010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:18 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:19 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:19 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4000000, 0x8013, r0, 0x8000080000000) 00:31:19 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:19 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x2a, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) 00:31:19 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:19 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:20 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb302000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:20 executing program 5: r0 = socket(0x2, 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:20 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:20 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x50020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:20 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0105303, 0x0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80000, 0x100) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x75, 0x0, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x8, 0x10}, 0xc) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x2a, 0x23, 0x4, 0x19, 0x6, 0x2, 0x5, 0x3f}}) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c) r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x957, 0x80000) ioctl$CAPI_INSTALLED(r3, 0x80024322) listen(r1, 0x200000000002) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getegid() getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), &(0x7f0000000300)=0x10) ioctl$TCSETAW(r3, 0x5407, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x3) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) dup(0xffffffffffffffff) lseek(r1, 0x2d, 0x0) r5 = fcntl$getown(r0, 0x9) fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x3, 0x2, 0x8, 0x0, r5}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e21, 0x4, @empty, 0x5}, {0xa, 0x4e23, 0x1, @local, 0x9}, 0x100000001, [0x77, 0x6, 0x7fff, 0x33, 0x8, 0x271, 0x9, 0x80]}, 0x5c) [ 3307.769907][T19097] IPVS: ftp: loaded support on port[0] = 21 [ 3308.508524][T19097] chnl_net:caif_netlink_parms(): no params data found [ 3308.621901][T19097] bridge0: port 1(bridge_slave_0) entered blocking state [ 3308.630287][T19097] bridge0: port 1(bridge_slave_0) entered disabled state [ 3308.646004][T19097] device bridge_slave_0 entered promiscuous mode [ 3308.732182][T19097] bridge0: port 2(bridge_slave_1) entered blocking state [ 3308.740660][T19097] bridge0: port 2(bridge_slave_1) entered disabled state [ 3308.752196][T19097] device bridge_slave_1 entered promiscuous mode [ 3308.853853][T19097] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3308.871620][T19097] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3309.011927][T19097] team0: Port device team_slave_0 added [ 3309.071233][T19097] team0: Port device team_slave_1 added [ 3309.169918][T19097] device hsr_slave_0 entered promiscuous mode [ 3309.226468][T19097] device hsr_slave_1 entered promiscuous mode [ 3309.437551][T19097] bridge0: port 2(bridge_slave_1) entered blocking state [ 3309.444853][T19097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3309.452337][T19097] bridge0: port 1(bridge_slave_0) entered blocking state [ 3309.459795][T19097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3309.558691][T16597] bridge0: port 1(bridge_slave_0) entered disabled state [ 3309.569525][T16597] bridge0: port 2(bridge_slave_1) entered disabled state [ 3309.936803][T19097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3310.041919][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3310.053387][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3310.089319][T19097] 8021q: adding VLAN 0 to HW filter on device team0 [ 3310.153337][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3310.168415][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3310.178663][T16597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3310.185987][T16597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3310.269868][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3310.282251][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3310.292326][T17386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3310.299511][T17386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3310.327506][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3310.396464][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3310.421450][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3310.437121][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3310.531559][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3310.543047][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3310.556020][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3310.633316][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3310.646871][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3310.675261][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3310.687641][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3310.759413][T19097] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3310.926820][T19097] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3311.128564][T19105] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3311.149285][T19105] CPU: 1 PID: 19105 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3311.157358][T19105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3311.167777][T19105] Call Trace: [ 3311.171163][T19105] dump_stack+0x172/0x1f0 [ 3311.175656][T19105] dump_header+0x10f/0xb6c [ 3311.180160][T19105] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3311.186153][T19105] ? ___ratelimit+0x60/0x595 [ 3311.190887][T19105] ? do_raw_spin_unlock+0x57/0x270 [ 3311.196180][T19105] oom_kill_process.cold+0x10/0x15 [ 3311.201566][T19105] out_of_memory+0x79a/0x1280 [ 3311.206302][T19105] ? lock_downgrade+0x880/0x880 [ 3311.211225][T19105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3311.217530][T19105] ? oom_killer_disable+0x280/0x280 [ 3311.222953][T19105] ? find_held_lock+0x35/0x130 [ 3311.227879][T19105] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3311.233593][T19105] ? memcg_event_wake+0x230/0x230 [ 3311.238689][T19105] ? do_raw_spin_unlock+0x57/0x270 [ 3311.243863][T19105] ? _raw_spin_unlock+0x2d/0x50 [ 3311.248777][T19105] try_charge+0x102c/0x15c0 [ 3311.253331][T19105] ? find_held_lock+0x35/0x130 [ 3311.258309][T19105] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3311.263915][T19105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3311.270250][T19105] ? kasan_check_read+0x11/0x20 [ 3311.275203][T19105] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3311.280909][T19105] mem_cgroup_try_charge+0x24d/0x5e0 [ 3311.286264][T19105] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3311.291959][T19105] __handle_mm_fault+0x1e1f/0x3ec0 [ 3311.297183][T19105] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3311.302786][T19105] ? find_held_lock+0x35/0x130 [ 3311.307695][T19105] ? handle_mm_fault+0x322/0xb30 [ 3311.312704][T19105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3311.319013][T19105] ? kasan_check_read+0x11/0x20 [ 3311.323970][T19105] handle_mm_fault+0x43f/0xb30 [ 3311.328962][T19105] __do_page_fault+0x5ef/0xda0 [ 3311.333786][T19105] do_page_fault+0x71/0x581 [ 3311.338335][T19105] ? page_fault+0x8/0x30 [ 3311.342628][T19105] page_fault+0x1e/0x30 [ 3311.346878][T19105] RIP: 0023:0x8055172 [ 3311.351074][T19105] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3311.370808][T19105] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3311.376925][T19105] RAX: 00000000f5d37b40 RBX: 0000000000020000 RCX: 00000000f5d17000 [ 3311.384992][T19105] RDX: 0000000000000003 RSI: 00000000f5d37b40 RDI: 0000000000021000 [ 3311.393100][T19105] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3311.401182][T19105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3311.409214][T19105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3311.440978][T19105] memory: usage 4484kB, limit 0kB, failcnt 1549 [ 3311.450469][T19105] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3311.458553][T19105] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3311.466107][T19105] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3311.487093][T19105] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19105,uid=0 [ 3311.518285][T19105] Memory cgroup out of memory: Killed process 19105 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB 00:31:25 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:25 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:25 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:25 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb301000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:25 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x51000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:25 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb400000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3311.542084][ T1044] oom_reaper: reaped process 19105 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3311.580512][T19097] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3311.644329][T19097] CPU: 1 PID: 19097 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3311.652394][T19097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3311.662571][T19097] Call Trace: [ 3311.665922][T19097] dump_stack+0x172/0x1f0 [ 3311.670310][T19097] dump_header+0x10f/0xb6c [ 3311.674781][T19097] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3311.680651][T19097] ? ___ratelimit+0x60/0x595 [ 3311.685378][T19097] ? do_raw_spin_unlock+0x57/0x270 00:31:25 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x0) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3311.690544][T19097] oom_kill_process.cold+0x10/0x15 [ 3311.695704][T19097] out_of_memory+0x79a/0x1280 [ 3311.700436][T19097] ? lock_downgrade+0x880/0x880 [ 3311.705334][T19097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3311.711617][T19097] ? oom_killer_disable+0x280/0x280 [ 3311.711634][T19097] ? find_held_lock+0x35/0x130 [ 3311.711661][T19097] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3311.711676][T19097] ? memcg_event_wake+0x230/0x230 [ 3311.711700][T19097] ? do_raw_spin_unlock+0x57/0x270 [ 3311.727266][T19097] ? _raw_spin_unlock+0x2d/0x50 [ 3311.727294][T19097] try_charge+0x102c/0x15c0 [ 3311.746820][T19097] ? find_held_lock+0x35/0x130 [ 3311.751626][T19097] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3311.757210][T19097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3311.763494][T19097] ? kasan_check_read+0x11/0x20 [ 3311.768388][T19097] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3311.773973][T19097] mem_cgroup_try_charge+0x24d/0x5e0 [ 3311.779296][T19097] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3311.784966][T19097] __handle_mm_fault+0x1e1f/0x3ec0 [ 3311.790119][T19097] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3311.795721][T19097] ? find_held_lock+0x35/0x130 [ 3311.800551][T19097] ? handle_mm_fault+0x322/0xb30 [ 3311.805555][T19097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3311.811835][T19097] ? kasan_check_read+0x11/0x20 [ 3311.816738][T19097] handle_mm_fault+0x43f/0xb30 [ 3311.821541][T19097] __do_page_fault+0x5ef/0xda0 [ 3311.826348][T19097] do_page_fault+0x71/0x581 [ 3311.830880][T19097] ? page_fault+0x8/0x30 [ 3311.835162][T19097] page_fault+0x1e/0x30 [ 3311.839343][T19097] RIP: 0023:0x804afea 00:31:25 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) [ 3311.843343][T19097] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3311.862973][T19097] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3311.869070][T19097] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3311.877063][T19097] RDX: 000000000000000c RSI: 000000000032859d RDI: 0000000000000000 [ 3311.885094][T19097] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3311.885118][T19097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3311.901147][T19097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:31:25 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x0) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:25 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) [ 3312.040846][T19097] memory: usage 4216kB, limit 0kB, failcnt 1558 [ 3312.049194][T19097] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.057751][T19097] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.065438][T19097] Memory cgroup stats for /syz4: cache:84KB rss:36KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3312.089212][T19097] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19097,uid=0 [ 3312.124442][T19097] Memory cgroup out of memory: Killed process 19097 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB 00:31:25 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x0) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3312.148338][ T1044] oom_reaper: reaped process 19097 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB 00:31:25 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:26 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:26 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:26 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:26 executing program 3 (fault-call:0 fault-nth:0): syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3313.293696][T19156] FAULT_INJECTION: forcing a failure. [ 3313.293696][T19156] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3313.333582][T19156] CPU: 0 PID: 19156 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #84 [ 3313.341668][T19156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3313.351759][T19156] Call Trace: [ 3313.355087][T19156] dump_stack+0x172/0x1f0 [ 3313.359464][T19156] should_fail.cold+0xa/0x15 [ 3313.364090][T19156] ? ima_match_policy+0x9ef/0x13c0 [ 3313.369265][T19156] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3313.375141][T19156] should_fail_alloc_page+0x50/0x60 [ 3313.380474][T19156] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3313.385992][T19156] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3313.392409][T19156] ? tun_build_skb.isra.0+0x1fc/0x1300 [ 3313.398810][T19156] ? tun_build_skb.isra.0+0x1fc/0x1300 [ 3313.412011][T19156] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3313.412032][T19156] alloc_pages_current+0x107/0x210 [ 3313.412048][T19156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3313.412070][T19156] skb_page_frag_refill+0x277/0x460 [ 3313.412092][T19156] tun_build_skb.isra.0+0x281/0x1300 [ 3313.412107][T19156] ? __lock_acquire+0x548/0x3fb0 [ 3313.412135][T19156] ? tun_xdp_act.isra.0+0x8a0/0x8a0 [ 3313.412169][T19156] ? aa_file_perm+0x40b/0xeb0 [ 3313.424455][T19156] ? find_held_lock+0x35/0x130 [ 3313.424481][T19156] tun_get_user+0x8d4/0x3fb0 [ 3313.424513][T19156] ? tun_build_skb.isra.0+0x1300/0x1300 [ 3313.424527][T19156] ? tun_get+0x171/0x290 [ 3313.424549][T19156] ? lock_downgrade+0x880/0x880 [ 3313.424566][T19156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3313.424595][T19156] ? kasan_check_read+0x11/0x20 [ 3313.440651][T19156] tun_chr_write_iter+0xbd/0x156 [ 3313.440676][T19156] do_iter_readv_writev+0x5e1/0x8e0 [ 3313.440695][T19156] ? vfs_dedupe_file_range+0x780/0x780 [ 3313.440714][T19156] ? apparmor_file_permission+0x25/0x30 [ 3313.440743][T19156] ? rw_verify_area+0x118/0x360 [ 3313.451471][T19156] do_iter_write+0x184/0x610 [ 3313.451497][T19156] ? iov_iter_get_pages+0xfc0/0xfc0 [ 3313.451520][T19156] ? __fget+0x35a/0x550 [ 3313.466421][T19156] compat_writev+0x1f6/0x3a0 [ 3313.466443][T19156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3313.466458][T19156] ? do_pwritev+0x280/0x280 [ 3313.466484][T19156] ? ksys_dup3+0x3e0/0x3e0 [ 3313.466505][T19156] ? wait_for_completion+0x440/0x440 [ 3313.466525][T19156] ? __fget_light+0x1a9/0x230 [ 3313.466545][T19156] do_compat_writev+0xf5/0x1f0 [ 3313.466567][T19156] ? compat_writev+0x3a0/0x3a0 [ 3313.481638][T19156] ? do_fast_syscall_32+0xd1/0xc98 [ 3313.481664][T19156] ? entry_SYSENTER_compat+0x70/0x7f [ 3313.496975][T19156] ? do_fast_syscall_32+0xd1/0xc98 [ 3313.497002][T19156] __ia32_compat_sys_writev+0x74/0xb0 [ 3313.497023][T19156] do_fast_syscall_32+0x281/0xc98 [ 3313.506811][T19156] entry_SYSENTER_compat+0x70/0x7f [ 3313.506829][T19156] RIP: 0023:0xf7f45869 [ 3313.523000][T19156] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3313.523010][T19156] RSP: 002b:00000000f5d41054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092 [ 3313.523025][T19156] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5d410a4 [ 3313.523033][T19156] RDX: 0000000000000001 RSI: 00000000080ebb84 RDI: 0000000000000003 [ 3313.523049][T19156] RBP: 00000000f5d41168 R08: 0000000000000000 R09: 0000000000000000 [ 3313.532471][T19156] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3313.532480][T19156] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:31:27 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x51010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:27 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:27 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:27 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:27 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb401000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:27 executing program 3 (fault-call:0 fault-nth:1): syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:27 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:27 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:27 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) [ 3314.226740][T19186] FAULT_INJECTION: forcing a failure. [ 3314.226740][T19186] name failslab, interval 1, probability 0, space 0, times 0 [ 3314.263877][T19186] CPU: 0 PID: 19186 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #84 [ 3314.271918][T19186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3314.281989][T19186] Call Trace: [ 3314.285316][T19186] dump_stack+0x172/0x1f0 [ 3314.289676][T19186] should_fail.cold+0xa/0x15 [ 3314.294291][T19186] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3314.300137][T19186] ? __might_fault+0x12b/0x1e0 [ 3314.304932][T19186] __should_failslab+0x121/0x190 [ 3314.309892][T19186] should_failslab+0x9/0x14 [ 3314.314415][T19186] kmem_cache_alloc+0x47/0x6f0 [ 3314.319211][T19186] ? kasan_check_write+0x14/0x20 [ 3314.324179][T19186] ? copyin+0xb5/0x100 [ 3314.328275][T19186] __build_skb+0x3e/0x310 [ 3314.332625][T19186] build_skb+0x21/0x190 [ 3314.336805][T19186] tun_build_skb.isra.0+0xbb2/0x1300 [ 3314.342117][T19186] ? tun_xdp_act.isra.0+0x8a0/0x8a0 [ 3314.347349][T19186] ? aa_file_perm+0x40b/0xeb0 [ 3314.352044][T19186] ? find_held_lock+0x35/0x130 [ 3314.356863][T19186] tun_get_user+0x8d4/0x3fb0 [ 3314.361481][T19186] ? tun_build_skb.isra.0+0x1300/0x1300 [ 3314.367048][T19186] ? tun_get+0x171/0x290 [ 3314.371325][T19186] ? lock_downgrade+0x880/0x880 [ 3314.376192][T19186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3314.382464][T19186] ? kasan_check_read+0x11/0x20 [ 3314.387340][T19186] tun_chr_write_iter+0xbd/0x156 [ 3314.392320][T19186] do_iter_readv_writev+0x5e1/0x8e0 [ 3314.397551][T19186] ? vfs_dedupe_file_range+0x780/0x780 [ 3314.403057][T19186] ? apparmor_file_permission+0x25/0x30 [ 3314.408658][T19186] ? rw_verify_area+0x118/0x360 [ 3314.413531][T19186] do_iter_write+0x184/0x610 [ 3314.418143][T19186] ? iov_iter_get_pages+0xfc0/0xfc0 [ 3314.423358][T19186] ? __fget+0x35a/0x550 [ 3314.427629][T19186] compat_writev+0x1f6/0x3a0 [ 3314.432249][T19186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3314.438518][T19186] ? do_pwritev+0x280/0x280 [ 3314.443063][T19186] ? ksys_dup3+0x3e0/0x3e0 [ 3314.447501][T19186] ? wait_for_completion+0x440/0x440 [ 3314.453098][T19186] ? __fget_light+0x1a9/0x230 [ 3314.458511][T19186] do_compat_writev+0xf5/0x1f0 [ 3314.463303][T19186] ? compat_writev+0x3a0/0x3a0 [ 3314.470643][T19186] ? do_fast_syscall_32+0xd1/0xc98 [ 3314.475798][T19186] ? entry_SYSENTER_compat+0x70/0x7f [ 3314.481100][T19186] ? do_fast_syscall_32+0xd1/0xc98 [ 3314.486267][T19186] __ia32_compat_sys_writev+0x74/0xb0 [ 3314.491669][T19186] do_fast_syscall_32+0x281/0xc98 [ 3314.496723][T19186] entry_SYSENTER_compat+0x70/0x7f [ 3314.501887][T19186] RIP: 0023:0xf7f45869 [ 3314.505966][T19186] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 00:31:27 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:28 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:28 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3314.525673][T19186] RSP: 002b:00000000f5d41054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092 [ 3314.534109][T19186] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5d410a4 [ 3314.542107][T19186] RDX: 0000000000000001 RSI: 00000000080ebb84 RDI: 0000000000000003 [ 3314.550113][T19186] RBP: 00000000f5d41168 R08: 0000000000000000 R09: 0000000000000000 [ 3314.558117][T19186] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3314.566120][T19186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:31:28 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:28 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}, {r1}], 0x9, 0x5193) shutdown(r0, 0x2) 00:31:28 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x51020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3315.748479][T19217] IPVS: ftp: loaded support on port[0] = 21 [ 3316.046456][T19217] chnl_net:caif_netlink_parms(): no params data found [ 3316.197990][T19217] bridge0: port 1(bridge_slave_0) entered blocking state [ 3316.207056][T19217] bridge0: port 1(bridge_slave_0) entered disabled state [ 3316.236802][T19217] device bridge_slave_0 entered promiscuous mode [ 3316.247863][T19217] bridge0: port 2(bridge_slave_1) entered blocking state [ 3316.255988][T19217] bridge0: port 2(bridge_slave_1) entered disabled state [ 3316.267261][T19217] device bridge_slave_1 entered promiscuous mode [ 3316.356283][T19217] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3316.372543][T19217] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3316.448279][T19217] team0: Port device team_slave_0 added [ 3316.459466][T19217] team0: Port device team_slave_1 added [ 3316.621316][T19217] device hsr_slave_0 entered promiscuous mode [ 3316.676317][T19217] device hsr_slave_1 entered promiscuous mode [ 3316.880416][T19217] bridge0: port 2(bridge_slave_1) entered blocking state [ 3316.887599][T19217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3316.895117][T19217] bridge0: port 1(bridge_slave_0) entered blocking state [ 3316.902223][T19217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3317.035194][ T4660] bridge0: port 1(bridge_slave_0) entered disabled state [ 3317.054464][ T4660] bridge0: port 2(bridge_slave_1) entered disabled state [ 3317.279222][T19217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3317.370870][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3317.381959][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3317.408947][T19217] 8021q: adding VLAN 0 to HW filter on device team0 [ 3317.435543][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3317.447658][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3317.458438][ T7937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3317.465640][ T7937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3317.537570][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3317.554997][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3317.565512][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3317.572660][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3317.595772][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3317.722534][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3317.749141][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3317.760913][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3317.862173][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3317.889584][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3317.901702][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3318.032742][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3318.043087][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3318.054208][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3318.065576][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3318.112572][T19217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3318.374583][T19217] 8021q: adding VLAN 0 to HW filter on device batadv0 00:31:32 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:32 executing program 3 (fault-call:0 fault-nth:2): syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:32 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb402000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:32 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(0x0, 0x0, 0x5193) shutdown(r0, 0x2) 00:31:32 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:32 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x52000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:32 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:32 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:32 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:32 executing program 3: syz_emit_ethernet(0xd, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:32 executing program 3: syz_emit_ethernet(0x3a5, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:32 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:32 executing program 3: syz_emit_ethernet(0xfdef, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3318.937416][T19245] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3318.983935][T19245] CPU: 1 PID: 19245 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3319.005018][T19245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3319.015279][T19245] Call Trace: [ 3319.027071][T19245] dump_stack+0x172/0x1f0 [ 3319.031571][T19245] dump_header+0x10f/0xb6c [ 3319.036029][T19245] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3319.042047][T19245] ? ___ratelimit+0x60/0x595 [ 3319.053795][T19245] ? do_raw_spin_unlock+0x57/0x270 [ 3319.059203][T19245] oom_kill_process.cold+0x10/0x15 [ 3319.064361][T19245] out_of_memory+0x79a/0x1280 [ 3319.069970][T19245] ? lock_downgrade+0x880/0x880 [ 3319.075391][T19245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3319.086990][T19245] ? oom_killer_disable+0x280/0x280 [ 3319.092401][T19245] ? find_held_lock+0x35/0x130 [ 3319.100204][T19245] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3319.105900][T19245] ? memcg_event_wake+0x230/0x230 [ 3319.117017][T19245] ? do_raw_spin_unlock+0x57/0x270 [ 3319.127271][T19245] ? _raw_spin_unlock+0x2d/0x50 00:31:32 executing program 3: syz_emit_ethernet(0x200003a5, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3319.132458][T19245] try_charge+0x102c/0x15c0 [ 3319.137603][T19245] ? find_held_lock+0x35/0x130 [ 3319.142569][T19245] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3319.148851][T19245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3319.157781][T19245] ? kasan_check_read+0x11/0x20 [ 3319.164155][T19245] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3319.171746][T19245] mem_cgroup_try_charge+0x24d/0x5e0 [ 3319.177061][T19245] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3319.182829][T19245] __handle_mm_fault+0x1e1f/0x3ec0 [ 3319.187981][T19245] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3319.200136][T19245] ? find_held_lock+0x35/0x130 [ 3319.204938][T19245] ? handle_mm_fault+0x322/0xb30 [ 3319.210038][T19245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3319.216554][T19245] ? kasan_check_read+0x11/0x20 [ 3319.221436][T19245] handle_mm_fault+0x43f/0xb30 [ 3319.226219][T19245] __do_page_fault+0x5ef/0xda0 [ 3319.226243][T19245] do_page_fault+0x71/0x581 [ 3319.226260][T19245] ? page_fault+0x8/0x30 [ 3319.226279][T19245] page_fault+0x1e/0x30 [ 3319.235524][T19245] RIP: 0023:0x8055172 [ 3319.235539][T19245] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3319.235546][T19245] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3319.235556][T19245] RAX: 00000000f5d3ab40 RBX: 0000000000020000 RCX: 00000000f5d1a000 [ 3319.235564][T19245] RDX: 0000000000000003 RSI: 00000000f5d3ab40 RDI: 0000000000021000 [ 3319.235571][T19245] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3319.235578][T19245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3319.235585][T19245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3319.399621][T19245] memory: usage 4552kB, limit 0kB, failcnt 1567 [ 3319.406412][T19245] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.415179][T19245] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.422138][T19245] Memory cgroup stats for /syz4: cache:84KB rss:168KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3319.444439][T19245] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19245,uid=0 [ 3319.460510][T19245] Memory cgroup out of memory: Killed process 19245 (syz-executor.4) total-vm:72320kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 3319.477011][ T1044] oom_reaper: reaped process 19245 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3319.534656][T19217] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 3319.554367][T19217] CPU: 0 PID: 19217 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3319.562389][T19217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3319.562396][T19217] Call Trace: [ 3319.562424][T19217] dump_stack+0x172/0x1f0 [ 3319.562447][T19217] dump_header+0x10f/0xb6c [ 3319.580136][T19217] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3319.580156][T19217] ? ___ratelimit+0x60/0x595 [ 3319.580179][T19217] ? do_raw_spin_unlock+0x57/0x270 [ 3319.590506][T19217] oom_kill_process.cold+0x10/0x15 [ 3319.590524][T19217] out_of_memory+0x79a/0x1280 [ 3319.590542][T19217] ? lock_downgrade+0x880/0x880 [ 3319.590556][T19217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3319.590576][T19217] ? oom_killer_disable+0x280/0x280 [ 3319.600283][T19217] ? find_held_lock+0x35/0x130 [ 3319.600311][T19217] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3319.600329][T19217] ? memcg_event_wake+0x230/0x230 [ 3319.610116][T19217] ? do_raw_spin_unlock+0x57/0x270 [ 3319.610143][T19217] ? _raw_spin_unlock+0x2d/0x50 [ 3319.610163][T19217] try_charge+0x102c/0x15c0 [ 3319.610186][T19217] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3319.621269][T19217] ? should_fail+0x1de/0x852 [ 3319.621295][T19217] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3319.621317][T19217] ? rcu_read_lock_sched_held+0x110/0x130 [ 3319.631264][T19217] ? __alloc_pages_nodemask+0x599/0x7e0 [ 3319.631289][T19217] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3319.631311][T19217] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3319.641860][T19217] ? cache_grow_begin+0x594/0x860 [ 3319.641878][T19217] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3319.641899][T19217] ? trace_hardirqs_on+0x67/0x230 [ 3319.651844][T19217] cache_grow_begin+0x5c0/0x860 [ 3319.651862][T19217] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3319.651877][T19217] ? __cpuset_node_allowed+0x136/0x540 [ 3319.651896][T19217] fallback_alloc+0x1fd/0x2d0 [ 3319.662632][T19217] ____cache_alloc_node+0x1be/0x1e0 [ 3319.662648][T19217] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3319.662667][T19217] kmem_cache_alloc+0x1e8/0x6f0 [ 3319.672792][T19217] ? __save_stack_trace+0x99/0x100 [ 3319.672814][T19217] __alloc_file+0x27/0x300 [ 3319.672829][T19217] alloc_empty_file+0x72/0x170 [ 3319.672849][T19217] path_openat+0xef/0x46e0 [ 3319.684098][T19217] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3319.684110][T19217] ? kasan_slab_alloc+0xf/0x20 [ 3319.684123][T19217] ? kmem_cache_alloc+0x11a/0x6f0 [ 3319.684146][T19217] ? getname_flags+0xd6/0x5b0 [ 3319.684162][T19217] ? getname+0x1a/0x20 [ 3319.694889][T19217] ? do_sys_open+0x2c9/0x5d0 [ 3319.694902][T19217] ? __ia32_compat_sys_open+0x79/0xb0 [ 3319.694917][T19217] ? do_fast_syscall_32+0x281/0xc98 [ 3319.694932][T19217] ? entry_SYSENTER_compat+0x70/0x7f [ 3319.694965][T19217] ? __lock_acquire+0x548/0x3fb0 [ 3319.705261][T19217] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 3319.705285][T19217] ? __alloc_fd+0x44d/0x560 [ 3319.705301][T19217] do_filp_open+0x1a1/0x280 [ 3319.705316][T19217] ? may_open_dev+0x100/0x100 [ 3319.705335][T19217] ? lock_downgrade+0x880/0x880 [ 3319.705359][T19217] ? kasan_check_read+0x11/0x20 [ 3319.715253][T19217] ? do_raw_spin_unlock+0x57/0x270 [ 3319.715271][T19217] ? _raw_spin_unlock+0x2d/0x50 [ 3319.715285][T19217] ? __alloc_fd+0x44d/0x560 [ 3319.715310][T19217] do_sys_open+0x3fe/0x5d0 [ 3319.715328][T19217] ? filp_open+0x80/0x80 [ 3319.727022][T19217] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3319.727036][T19217] ? do_fast_syscall_32+0xd1/0xc98 [ 3319.727051][T19217] ? entry_SYSENTER_compat+0x70/0x7f [ 3319.727063][T19217] ? do_fast_syscall_32+0xd1/0xc98 [ 3319.727083][T19217] __ia32_compat_sys_open+0x79/0xb0 [ 3319.727103][T19217] do_fast_syscall_32+0x281/0xc98 [ 3319.737017][T19217] entry_SYSENTER_compat+0x70/0x7f [ 3319.737030][T19217] RIP: 0023:0xf7f5f869 [ 3319.737046][T19217] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3319.737052][T19217] RSP: 002b:000000000845fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 3319.737065][T19217] RAX: ffffffffffffffda RBX: 000000000845fe20 RCX: 0000000000000002 [ 3319.737073][T19217] RDX: 0000000000000000 RSI: 000000000032a3d0 RDI: 000000000845fde0 [ 3319.737080][T19217] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3319.737087][T19217] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3319.737103][T19217] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3319.981938][T19217] memory: usage 4280kB, limit 0kB, failcnt 1580 [ 3319.988258][T19217] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.995758][T19217] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.995767][T19217] Memory cgroup stats for /syz4: cache:84KB rss:168KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:60KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3319.995844][T19217] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19217,uid=0 [ 3320.024622][T19217] Memory cgroup out of memory: Killed process 19217 (syz-executor.4) total-vm:72056kB, anon-rss:104kB, file-rss:35556kB, shmem-rss:0kB [ 3320.053656][ T1044] oom_reaper: reaped process 19217 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:31:34 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb500000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:34 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:34 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(0x0, 0x0, 0x5193) shutdown(r0, 0x2) 00:31:34 executing program 3: syz_emit_ethernet(0x7ffff000, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:34 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:34 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x52010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:34 executing program 3: syz_emit_ethernet(0xfffffdef, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:34 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, 0x0, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:34 executing program 3: syz_emit_ethernet(0xfffffffffffffdef, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:34 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, 0x0, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:34 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x357], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:34 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x3f00], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:35 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb501000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:35 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, 0x0, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:35 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x5703], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:35 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(0x0, 0x0, 0x5193) shutdown(r0, 0x2) [ 3322.802986][T19325] IPVS: ftp: loaded support on port[0] = 21 [ 3323.489169][T19325] chnl_net:caif_netlink_parms(): no params data found [ 3323.591152][T19325] bridge0: port 1(bridge_slave_0) entered blocking state [ 3323.600865][T19325] bridge0: port 1(bridge_slave_0) entered disabled state [ 3323.611827][T19325] device bridge_slave_0 entered promiscuous mode [ 3323.622733][T19325] bridge0: port 2(bridge_slave_1) entered blocking state [ 3323.630814][T19325] bridge0: port 2(bridge_slave_1) entered disabled state [ 3323.642911][T19325] device bridge_slave_1 entered promiscuous mode [ 3323.740585][T19325] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3323.757066][T19325] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3323.842055][T19325] team0: Port device team_slave_0 added [ 3323.855482][T19325] team0: Port device team_slave_1 added [ 3323.930304][T19325] device hsr_slave_0 entered promiscuous mode [ 3324.007093][T19325] device hsr_slave_1 entered promiscuous mode [ 3324.156562][T19325] bridge0: port 2(bridge_slave_1) entered blocking state [ 3324.163828][T19325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3324.171278][T19325] bridge0: port 1(bridge_slave_0) entered blocking state [ 3324.178463][T19325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3324.477661][ T4660] bridge0: port 1(bridge_slave_0) entered disabled state [ 3324.495999][ T4660] bridge0: port 2(bridge_slave_1) entered disabled state [ 3324.601501][T19325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3324.676161][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3324.686646][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3324.770876][T19325] 8021q: adding VLAN 0 to HW filter on device team0 [ 3324.793340][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3324.805310][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3324.815480][T16597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3324.822565][T16597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3324.969110][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3324.984615][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3324.994974][T16597] bridge0: port 2(bridge_slave_1) entered blocking state [ 3325.002085][T16597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3325.073257][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3325.109630][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3325.193908][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3325.205896][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3325.229007][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3325.244011][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3325.258430][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3325.337446][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3325.348996][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3325.380758][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3325.392506][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3325.407983][T19325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3325.587404][T19325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3325.769663][T19333] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3325.780891][T19333] CPU: 1 PID: 19333 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3325.788892][T19333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3325.788901][T19333] Call Trace: [ 3325.788942][T19333] dump_stack+0x172/0x1f0 [ 3325.788972][T19333] dump_header+0x10f/0xb6c [ 3325.811198][T19333] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3325.817121][T19333] ? ___ratelimit+0x60/0x595 [ 3325.817161][T19333] ? do_raw_spin_unlock+0x57/0x270 [ 3325.827582][T19333] oom_kill_process.cold+0x10/0x15 [ 3325.832745][T19333] out_of_memory+0x79a/0x1280 [ 3325.837487][T19333] ? __sched_text_start+0x8/0x8 [ 3325.837511][T19333] ? oom_killer_disable+0x280/0x280 [ 3325.847604][T19333] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3325.847618][T19333] ? memcg_event_wake+0x230/0x230 [ 3325.847640][T19333] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3325.847658][T19333] ? cgroup_file_notify+0x140/0x1b0 [ 3325.847674][T19333] memory_max_write+0x169/0x300 [ 3325.847691][T19333] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3325.847707][T19333] ? mem_cgroup_write+0x360/0x360 [ 3325.847736][T19333] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3325.874211][T19333] cgroup_file_write+0x245/0x7a0 [ 3325.874231][T19333] ? mem_cgroup_write+0x360/0x360 [ 3325.874245][T19333] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3325.874265][T19333] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3325.874279][T19333] kernfs_fop_write+0x2ba/0x480 [ 3325.874298][T19333] __vfs_write+0x8d/0x110 [ 3325.874310][T19333] ? kernfs_fop_open+0xd90/0xd90 [ 3325.874328][T19333] vfs_write+0x20c/0x580 [ 3325.874348][T19333] ksys_write+0x14f/0x2d0 [ 3325.874374][T19333] ? __ia32_sys_read+0xb0/0xb0 [ 3325.895310][T19333] ? do_fast_syscall_32+0xd1/0xc98 [ 3325.945716][T19333] ? entry_SYSENTER_compat+0x70/0x7f [ 3325.951046][T19333] ? do_fast_syscall_32+0xd1/0xc98 [ 3325.956204][T19333] __ia32_sys_write+0x71/0xb0 [ 3325.960910][T19333] do_fast_syscall_32+0x281/0xc98 [ 3325.965969][T19333] entry_SYSENTER_compat+0x70/0x7f [ 3325.971093][T19333] RIP: 0023:0xf7f0b869 [ 3325.975267][T19333] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3325.994982][T19333] RSP: 002b:00000000f5d070cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3326.003414][T19333] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3326.011409][T19333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3326.019410][T19333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3326.034031][T19333] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3326.042034][T19333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3326.063840][T19333] memory: usage 4588kB, limit 0kB, failcnt 1589 [ 3326.070292][T19333] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3326.082273][T19333] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3326.090183][T19333] Memory cgroup stats for /syz4: cache:84KB rss:20KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3326.114494][T19333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19332,uid=0 [ 3326.134207][T19333] Memory cgroup out of memory: Killed process 19332 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3326.152657][ T1044] oom_reaper: reaped process 19332 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB 00:31:40 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x52020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:40 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:40 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}, {r0, 0x1000}], 0x8, 0x5193) shutdown(r0, 0x2) 00:31:40 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x1000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:40 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb502000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3326.535757][T19325] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3326.550490][T19325] CPU: 1 PID: 19325 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3326.558516][T19325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3326.568588][T19325] Call Trace: [ 3326.568620][T19325] dump_stack+0x172/0x1f0 [ 3326.568643][T19325] dump_header+0x10f/0xb6c [ 3326.568669][T19325] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3326.586567][T19325] ? ___ratelimit+0x60/0x595 [ 3326.591201][T19325] ? do_raw_spin_unlock+0x57/0x270 [ 3326.596338][T19325] oom_kill_process.cold+0x10/0x15 [ 3326.596354][T19325] out_of_memory+0x79a/0x1280 [ 3326.596370][T19325] ? lock_downgrade+0x880/0x880 [ 3326.596385][T19325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3326.596399][T19325] ? oom_killer_disable+0x280/0x280 [ 3326.596410][T19325] ? find_held_lock+0x35/0x130 [ 3326.596436][T19325] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3326.596448][T19325] ? memcg_event_wake+0x230/0x230 [ 3326.596469][T19325] ? do_raw_spin_unlock+0x57/0x270 [ 3326.596484][T19325] ? _raw_spin_unlock+0x2d/0x50 [ 3326.596501][T19325] try_charge+0x102c/0x15c0 [ 3326.596512][T19325] ? find_held_lock+0x35/0x130 [ 3326.596532][T19325] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3326.596547][T19325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3326.596568][T19325] ? kasan_check_read+0x11/0x20 [ 3326.596585][T19325] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3326.596604][T19325] mem_cgroup_try_charge+0x24d/0x5e0 [ 3326.596626][T19325] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3326.596650][T19325] __handle_mm_fault+0x1e1f/0x3ec0 [ 3326.652546][T19325] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3326.652565][T19325] ? find_held_lock+0x35/0x130 [ 3326.652581][T19325] ? handle_mm_fault+0x322/0xb30 [ 3326.652605][T19325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3326.679548][T19325] ? kasan_check_read+0x11/0x20 [ 3326.701101][T19325] handle_mm_fault+0x43f/0xb30 [ 3326.701124][T19325] __do_page_fault+0x5ef/0xda0 [ 3326.726682][T19325] do_page_fault+0x71/0x581 00:31:40 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x3f000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:40 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3326.726702][T19325] ? page_fault+0x8/0x30 [ 3326.726716][T19325] page_fault+0x1e/0x30 [ 3326.726739][T19325] RIP: 0023:0x804afea [ 3326.748337][T19325] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3326.768057][T19325] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3326.768073][T19325] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 00:31:40 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}, {r0, 0x1000}], 0x7, 0x5193) shutdown(r0, 0x2) [ 3326.768080][T19325] RDX: 000000000000000c RSI: 000000000032bedd RDI: 0000000000000000 [ 3326.768088][T19325] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3326.768095][T19325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3326.768101][T19325] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3326.827632][T19325] memory: usage 4324kB, limit 0kB, failcnt 1602 00:31:40 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x57030000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3326.842835][T19325] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3326.879723][T19325] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3326.905253][T19325] Memory cgroup stats for /syz4: cache:84KB rss:20KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB 00:31:40 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:40 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}, {r1, 0x20}], 0x6, 0x5193) shutdown(r0, 0x2) [ 3326.950437][T19325] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19325,uid=0 [ 3327.065989][T19325] Memory cgroup out of memory: Killed process 19325 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3327.101665][ T1044] oom_reaper: reaped process 19325 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB 00:31:41 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:41 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x53000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:41 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x100000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:41 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}, {r1, 0x80}], 0x5, 0x5193) shutdown(r0, 0x2) 00:31:41 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:41 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb600000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:41 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}, {r1, 0x4004}], 0x4, 0x5193) shutdown(r0, 0x2) 00:31:41 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x3f00000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:41 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:41 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x5703000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:41 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1, 0x1109}], 0x3, 0x5193) shutdown(r0, 0x2) 00:31:41 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r0, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:41 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:42 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0xffffffff00000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:42 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:42 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x53010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:42 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:42 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0xffffffffffffffff], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:42 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:42 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb601000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:42 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:42 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x357], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:42 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:42 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xb2) gettid() r1 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3330.117217][T19451] IPVS: ftp: loaded support on port[0] = 21 [ 3330.697235][T19451] chnl_net:caif_netlink_parms(): no params data found [ 3330.828638][T19451] bridge0: port 1(bridge_slave_0) entered blocking state [ 3330.837092][T19451] bridge0: port 1(bridge_slave_0) entered disabled state [ 3330.848805][T19451] device bridge_slave_0 entered promiscuous mode [ 3330.903273][T19451] bridge0: port 2(bridge_slave_1) entered blocking state [ 3330.913071][T19451] bridge0: port 2(bridge_slave_1) entered disabled state [ 3330.925405][T19451] device bridge_slave_1 entered promiscuous mode [ 3331.033297][T19451] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3331.054429][T19451] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3331.205856][T19451] team0: Port device team_slave_0 added [ 3331.300848][T19451] team0: Port device team_slave_1 added [ 3331.489847][T19451] device hsr_slave_0 entered promiscuous mode [ 3331.566407][T19451] device hsr_slave_1 entered promiscuous mode [ 3332.092234][T19451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3332.185675][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3332.205495][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3332.220713][T19451] 8021q: adding VLAN 0 to HW filter on device team0 [ 3332.301409][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3332.326503][T11937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3332.337152][T11937] bridge0: port 1(bridge_slave_0) entered blocking state [ 3332.344368][T11937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3332.405820][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3332.424546][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3332.437407][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3332.447005][ T7937] bridge0: port 2(bridge_slave_1) entered blocking state [ 3332.455509][ T7937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3332.533104][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3332.565221][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3332.591658][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3332.604976][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3332.694624][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3332.727114][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3332.740257][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3332.833244][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3332.849544][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3332.884350][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3332.896146][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3332.986438][T19451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3333.159592][T19451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3333.337539][T19458] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3333.356354][T19458] CPU: 1 PID: 19458 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3333.364396][T19458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3333.374477][T19458] Call Trace: [ 3333.377808][T19458] dump_stack+0x172/0x1f0 [ 3333.382179][T19458] dump_header+0x10f/0xb6c [ 3333.386619][T19458] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3333.392445][T19458] ? ___ratelimit+0x60/0x595 [ 3333.397050][T19458] ? do_raw_spin_unlock+0x57/0x270 [ 3333.402182][T19458] oom_kill_process.cold+0x10/0x15 [ 3333.407306][T19458] out_of_memory+0x79a/0x1280 [ 3333.412013][T19458] ? lock_downgrade+0x880/0x880 [ 3333.416873][T19458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.423149][T19458] ? oom_killer_disable+0x280/0x280 [ 3333.428360][T19458] ? find_held_lock+0x35/0x130 [ 3333.433155][T19458] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3333.438718][T19458] ? memcg_event_wake+0x230/0x230 [ 3333.443770][T19458] ? do_raw_spin_unlock+0x57/0x270 [ 3333.448901][T19458] ? _raw_spin_unlock+0x2d/0x50 [ 3333.453775][T19458] try_charge+0x102c/0x15c0 [ 3333.458313][T19458] ? find_held_lock+0x35/0x130 [ 3333.463302][T19458] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3333.468865][T19458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.475216][T19458] ? kasan_check_read+0x11/0x20 [ 3333.480101][T19458] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3333.485687][T19458] mem_cgroup_try_charge+0x24d/0x5e0 [ 3333.490998][T19458] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3333.496650][T19458] __handle_mm_fault+0x1e1f/0x3ec0 [ 3333.501780][T19458] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3333.507356][T19458] ? find_held_lock+0x35/0x130 [ 3333.512145][T19458] ? handle_mm_fault+0x322/0xb30 [ 3333.517921][T19458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.524192][T19458] ? kasan_check_read+0x11/0x20 [ 3333.524213][T19458] handle_mm_fault+0x43f/0xb30 [ 3333.533837][T19458] __do_page_fault+0x5ef/0xda0 [ 3333.533857][T19458] do_page_fault+0x71/0x581 [ 3333.533872][T19458] ? page_fault+0x8/0x30 [ 3333.533883][T19458] page_fault+0x1e/0x30 [ 3333.533896][T19458] RIP: 0023:0x8055172 [ 3333.533912][T19458] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3333.533918][T19458] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3333.543197][T19458] RAX: 00000000f5d21b40 RBX: 0000000000020000 RCX: 00000000f5d01000 [ 3333.543211][T19458] RDX: 0000000000000003 RSI: 00000000f5d21b40 RDI: 0000000000021000 [ 3333.551592][T19458] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3333.551608][T19458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3333.575241][T19458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3333.581877][T19458] memory: usage 4616kB, limit 0kB, failcnt 1611 [ 3333.605877][T19458] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3333.628692][T19458] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3333.642635][T19458] Memory cgroup stats for /syz4: cache:84KB rss:20KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3333.665270][T19458] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19458,uid=0 00:31:47 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x53020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:47 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x3f00], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:47 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {0xffffffffffffffff, 0x1109}], 0x3, 0x5193) shutdown(r0, 0x2) 00:31:47 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xb2) gettid() r1 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:47 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb602000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3333.683168][T19458] Memory cgroup out of memory: Killed process 19458 (syz-executor.4) total-vm:72320kB, anon-rss:84kB, file-rss:34816kB, shmem-rss:0kB [ 3333.706151][ T1044] oom_reaper: reaped process 19458 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB [ 3333.774856][T19451] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3333.828367][T19451] CPU: 1 PID: 19451 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3333.836425][T19451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3333.846596][T19451] Call Trace: [ 3333.849923][T19451] dump_stack+0x172/0x1f0 [ 3333.854311][T19451] dump_header+0x10f/0xb6c [ 3333.858786][T19451] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3333.865155][T19451] ? ___ratelimit+0x60/0x595 [ 3333.869778][T19451] ? do_raw_spin_unlock+0x57/0x270 [ 3333.874937][T19451] oom_kill_process.cold+0x10/0x15 [ 3333.880094][T19451] out_of_memory+0x79a/0x1280 [ 3333.884822][T19451] ? lock_downgrade+0x880/0x880 [ 3333.889707][T19451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.896026][T19451] ? oom_killer_disable+0x280/0x280 [ 3333.901281][T19451] ? find_held_lock+0x35/0x130 [ 3333.906090][T19451] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3333.911682][T19451] ? memcg_event_wake+0x230/0x230 [ 3333.916758][T19451] ? do_raw_spin_unlock+0x57/0x270 [ 3333.921921][T19451] ? _raw_spin_unlock+0x2d/0x50 [ 3333.926808][T19451] try_charge+0x102c/0x15c0 [ 3333.931342][T19451] ? find_held_lock+0x35/0x130 [ 3333.936147][T19451] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3333.941732][T19451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.948012][T19451] ? kasan_check_read+0x11/0x20 [ 3333.952926][T19451] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3333.958551][T19451] mem_cgroup_try_charge+0x24d/0x5e0 [ 3333.963865][T19451] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3333.969530][T19451] __handle_mm_fault+0x1e1f/0x3ec0 [ 3333.974675][T19451] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3333.980239][T19451] ? find_held_lock+0x35/0x130 [ 3333.985026][T19451] ? handle_mm_fault+0x322/0xb30 [ 3333.989996][T19451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.996262][T19451] ? kasan_check_read+0x11/0x20 [ 3334.001148][T19451] handle_mm_fault+0x43f/0xb30 [ 3334.005936][T19451] __do_page_fault+0x5ef/0xda0 [ 3334.010718][T19451] do_page_fault+0x71/0x581 [ 3334.015241][T19451] ? page_fault+0x8/0x30 [ 3334.019500][T19451] page_fault+0x1e/0x30 [ 3334.023660][T19451] RIP: 0023:0x804afea [ 3334.027649][T19451] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3334.047281][T19451] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3334.053367][T19451] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3334.061350][T19451] RDX: 000000000000000c RSI: 000000000032dc58 RDI: 0000000000000000 [ 3334.069335][T19451] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 00:31:47 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x5703], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:47 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {0xffffffffffffffff, 0x1109}], 0x3, 0x5193) shutdown(r0, 0x2) [ 3334.077425][T19451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3334.085495][T19451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:31:47 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xb2) gettid() r1 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:31:47 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x1000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:47 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, 0x0, 0x200002, 0x0) 00:31:47 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {0xffffffffffffffff, 0x1109}], 0x3, 0x5193) shutdown(r0, 0x2) [ 3334.477864][T19451] memory: usage 4352kB, limit 0kB, failcnt 1620 [ 3334.495598][T19451] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3334.508002][T19451] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3334.522405][T19451] Memory cgroup stats for /syz4: cache:84KB rss:20KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3334.579800][T19451] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19451,uid=0 [ 3334.596959][T19451] Memory cgroup out of memory: Killed process 19451 (syz-executor.4) total-vm:72056kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3334.613203][ T1044] oom_reaper: reaped process 19451 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:31:48 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:48 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x54000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:48 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x3f000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:48 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, 0x0, 0x200002, 0x0) 00:31:48 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r0, 0x4000}, {r1}], 0x3, 0x5193) shutdown(r0, 0x2) 00:31:48 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb700000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:48 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, 0x0, 0x200002, 0x0) 00:31:48 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:49 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x57030000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:49 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:49 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x100000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:49 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000), 0x0}, 0x20) 00:31:49 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x3f00000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:50 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x54010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:50 executing program 0: 00:31:50 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x5703000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:50 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:50 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb701000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:50 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0xffffffff00000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:50 executing program 0: 00:31:50 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0xffffffffffffffff], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3337.428154][T19565] IPVS: ftp: loaded support on port[0] = 21 [ 3338.017985][T19565] chnl_net:caif_netlink_parms(): no params data found [ 3338.137610][T19565] bridge0: port 1(bridge_slave_0) entered blocking state [ 3338.145454][T19565] bridge0: port 1(bridge_slave_0) entered disabled state [ 3338.160287][T19565] device bridge_slave_0 entered promiscuous mode [ 3338.171457][T19565] bridge0: port 2(bridge_slave_1) entered blocking state [ 3338.179154][T19565] bridge0: port 2(bridge_slave_1) entered disabled state [ 3338.191791][T19565] device bridge_slave_1 entered promiscuous mode [ 3338.360390][T19565] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3338.377509][T19565] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3338.469748][T19565] team0: Port device team_slave_0 added [ 3338.530518][T19565] team0: Port device team_slave_1 added [ 3338.619764][T19565] device hsr_slave_0 entered promiscuous mode [ 3338.676580][T19565] device hsr_slave_1 entered promiscuous mode [ 3338.809143][T19565] bridge0: port 2(bridge_slave_1) entered blocking state [ 3338.816298][T19565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3338.823791][T19565] bridge0: port 1(bridge_slave_0) entered blocking state [ 3338.830879][T19565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3339.048278][T16597] bridge0: port 1(bridge_slave_0) entered disabled state [ 3339.059316][T16597] bridge0: port 2(bridge_slave_1) entered disabled state [ 3339.361310][T19565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3339.461025][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3339.471430][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3339.492935][T19565] 8021q: adding VLAN 0 to HW filter on device team0 [ 3339.612823][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3339.626377][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3339.635754][ T5483] bridge0: port 1(bridge_slave_0) entered blocking state [ 3339.642827][ T5483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3339.668232][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3339.680057][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3339.689928][ T5481] bridge0: port 2(bridge_slave_1) entered blocking state [ 3339.697051][ T5481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3339.790237][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3339.815604][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3339.888564][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3339.900785][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3339.927651][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3339.939499][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3339.951757][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3340.021692][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3340.034047][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3340.059074][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3340.070632][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3340.096958][T19565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3340.225310][T19565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3340.379574][T19575] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3340.411221][T19575] CPU: 0 PID: 19575 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3340.419267][T19575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3340.429425][T19575] Call Trace: [ 3340.432742][T19575] dump_stack+0x172/0x1f0 [ 3340.437093][T19575] dump_header+0x10f/0xb6c [ 3340.441533][T19575] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3340.447356][T19575] ? ___ratelimit+0x60/0x595 [ 3340.451968][T19575] ? do_raw_spin_unlock+0x57/0x270 [ 3340.457140][T19575] oom_kill_process.cold+0x10/0x15 [ 3340.462271][T19575] out_of_memory+0x79a/0x1280 [ 3340.466959][T19575] ? lock_downgrade+0x880/0x880 [ 3340.471836][T19575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3340.478089][T19575] ? oom_killer_disable+0x280/0x280 [ 3340.483291][T19575] ? find_held_lock+0x35/0x130 [ 3340.488072][T19575] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3340.493715][T19575] ? memcg_event_wake+0x230/0x230 [ 3340.498755][T19575] ? do_raw_spin_unlock+0x57/0x270 [ 3340.503905][T19575] ? _raw_spin_unlock+0x2d/0x50 [ 3340.508777][T19575] try_charge+0x102c/0x15c0 [ 3340.508797][T19575] ? find_held_lock+0x35/0x130 [ 3340.518078][T19575] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3340.518096][T19575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3340.518114][T19575] ? kasan_check_read+0x11/0x20 [ 3340.518129][T19575] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3340.518155][T19575] mem_cgroup_try_charge+0x24d/0x5e0 [ 3340.518173][T19575] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3340.518191][T19575] __handle_mm_fault+0x1e1f/0x3ec0 [ 3340.518209][T19575] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3340.518229][T19575] ? find_held_lock+0x35/0x130 [ 3340.518246][T19575] ? handle_mm_fault+0x322/0xb30 [ 3340.518267][T19575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3340.518284][T19575] ? kasan_check_read+0x11/0x20 [ 3340.518302][T19575] handle_mm_fault+0x43f/0xb30 [ 3340.518321][T19575] __do_page_fault+0x5ef/0xda0 [ 3340.518341][T19575] do_page_fault+0x71/0x581 [ 3340.518362][T19575] ? page_fault+0x8/0x30 [ 3340.556620][T19575] page_fault+0x1e/0x30 [ 3340.567008][T19575] RIP: 0023:0x8055172 [ 3340.567025][T19575] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3340.567031][T19575] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3340.567042][T19575] RAX: 00000000f5d2bb40 RBX: 0000000000020000 RCX: 00000000f5d0b000 [ 3340.567048][T19575] RDX: 0000000000000003 RSI: 00000000f5d2bb40 RDI: 0000000000021000 [ 3340.567055][T19575] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3340.567062][T19575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3340.567068][T19575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3340.643924][T19575] memory: usage 4616kB, limit 0kB, failcnt 1629 [ 3340.690767][T19575] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3340.699598][T19575] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3340.707126][T19575] Memory cgroup stats for /syz4: cache:84KB rss:152KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3340.729822][T19575] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19575,uid=0 [ 3340.747947][T19575] Memory cgroup out of memory: Killed process 19575 (syz-executor.4) total-vm:72320kB, anon-rss:80kB, file-rss:34816kB, shmem-rss:0kB 00:31:54 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x357], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:54 executing program 0: 00:31:54 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:54 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x54020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:54 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r5}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1ff) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r4, 0x0, 0x0) openat$cgroup(r2, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:54 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb702000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3340.786612][T19565] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3340.833988][T19565] CPU: 1 PID: 19565 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3340.842425][T19565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3340.842434][T19565] Call Trace: [ 3340.842465][T19565] dump_stack+0x172/0x1f0 [ 3340.842489][T19565] dump_header+0x10f/0xb6c [ 3340.842508][T19565] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3340.842536][T19565] ? ___ratelimit+0x60/0x595 [ 3340.875217][T19565] ? do_raw_spin_unlock+0x57/0x270 [ 3340.875240][T19565] oom_kill_process.cold+0x10/0x15 [ 3340.875258][T19565] out_of_memory+0x79a/0x1280 [ 3340.875274][T19565] ? lock_downgrade+0x880/0x880 [ 3340.875288][T19565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3340.875302][T19565] ? oom_killer_disable+0x280/0x280 [ 3340.875315][T19565] ? find_held_lock+0x35/0x130 [ 3340.875338][T19565] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3340.875353][T19565] ? memcg_event_wake+0x230/0x230 [ 3340.875374][T19565] ? do_raw_spin_unlock+0x57/0x270 [ 3340.875396][T19565] ? _raw_spin_unlock+0x2d/0x50 [ 3340.931957][T19565] try_charge+0x102c/0x15c0 [ 3340.936487][T19565] ? find_held_lock+0x35/0x130 [ 3340.941287][T19565] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3340.946863][T19565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3340.953166][T19565] ? kasan_check_read+0x11/0x20 [ 3340.958064][T19565] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3340.963852][T19565] mem_cgroup_try_charge+0x24d/0x5e0 [ 3340.969284][T19565] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3340.974979][T19565] __handle_mm_fault+0x1e1f/0x3ec0 [ 3340.980155][T19565] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3340.985730][T19565] ? find_held_lock+0x35/0x130 [ 3340.990516][T19565] ? handle_mm_fault+0x322/0xb30 [ 3340.995488][T19565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3341.001764][T19565] ? kasan_check_read+0x11/0x20 [ 3341.007106][T19565] handle_mm_fault+0x43f/0xb30 [ 3341.011905][T19565] __do_page_fault+0x5ef/0xda0 [ 3341.023818][T19565] do_page_fault+0x71/0x581 [ 3341.028384][T19565] ? page_fault+0x8/0x30 [ 3341.032667][T19565] page_fault+0x1e/0x30 [ 3341.036877][T19565] RIP: 0023:0x804afea [ 3341.040978][T19565] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3341.062087][T19565] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3341.068200][T19565] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 [ 3341.076207][T19565] RDX: 000000000000000c RSI: 000000000032f7d9 RDI: 0000000000000000 00:31:54 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x3f00], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:54 executing program 0: 00:31:54 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x5703], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:54 executing program 0: 00:31:54 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x1000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:54 executing program 0: 00:31:54 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x3f000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3341.084392][T19565] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3341.092500][T19565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3341.100518][T19565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3341.184674][T19565] memory: usage 4348kB, limit 0kB, failcnt 1638 [ 3341.194404][T19565] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3341.237284][T19565] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:31:54 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x1}], 0x100000c7, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000269, 0x10400003) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, 0x0) shmget(0xffffffffffffffff, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000004c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x0) open$dir(0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, 0x0, 0x0) [ 3341.270027][T19565] Memory cgroup stats for /syz4: cache:84KB rss:152KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3341.346980][T19565] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19565,uid=0 [ 3341.432504][T19565] Memory cgroup out of memory: Killed process 19565 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB 00:31:55 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:56 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x55000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:56 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x57030000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:56 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb800000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:56 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x1}], 0x100000c7, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000269, 0x10400003) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, 0x0) shmget(0xffffffffffffffff, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000004c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x0) open$dir(0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, 0x0, 0x0) 00:31:56 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:31:56 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {}], 0x2, 0x5193) shutdown(r0, 0x2) 00:31:56 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x100000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:56 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x3f00000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:56 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x5703000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:56 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0xffffffff00000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:56 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/nullb0\x00', 0x4000, 0x0) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0xb3, 0x0) 00:31:56 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0xffffffffffffffff], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:57 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x55010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:31:57 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x357], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:31:57 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, 0x0}, 0x20) 00:31:57 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {}], 0x2, 0x5193) shutdown(r0, 0x2) [ 3344.521179][T19686] IPVS: ftp: loaded support on port[0] = 21 [ 3344.958922][T19686] chnl_net:caif_netlink_parms(): no params data found [ 3345.075540][T19686] bridge0: port 1(bridge_slave_0) entered blocking state [ 3345.082984][T19686] bridge0: port 1(bridge_slave_0) entered disabled state [ 3345.096110][T19686] device bridge_slave_0 entered promiscuous mode [ 3345.108876][T19686] bridge0: port 2(bridge_slave_1) entered blocking state [ 3345.117374][T19686] bridge0: port 2(bridge_slave_1) entered disabled state [ 3345.129561][T19686] device bridge_slave_1 entered promiscuous mode [ 3345.225889][T19686] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3345.324689][T19686] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3345.412795][T19686] team0: Port device team_slave_0 added [ 3345.425931][T19686] team0: Port device team_slave_1 added [ 3345.590473][T19686] device hsr_slave_0 entered promiscuous mode [ 3345.656470][T19686] device hsr_slave_1 entered promiscuous mode [ 3346.418437][T19686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3346.504488][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3346.516480][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3346.541039][T19686] 8021q: adding VLAN 0 to HW filter on device team0 [ 3346.611862][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3346.625116][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3346.635964][ T4660] bridge0: port 1(bridge_slave_0) entered blocking state [ 3346.643234][ T4660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3346.736004][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3346.755499][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3346.767640][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3346.778384][ T5481] bridge0: port 2(bridge_slave_1) entered blocking state [ 3346.785732][ T5481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3346.811302][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3346.908654][ T8099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3346.936887][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3346.949576][ T5483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3347.020910][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3347.036395][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3347.048320][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3347.147789][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3347.159510][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3347.197992][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3347.217040][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3347.306303][T19686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3347.421837][T19686] 8021q: adding VLAN 0 to HW filter on device batadv0 00:32:01 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) socket(0xa, 0x0, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x32, 0x0, &(0x7f0000000140)) 00:32:01 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb801000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:01 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x3f00], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:01 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x55020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:01 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:01 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1}], 0x1, 0x5193) shutdown(r0, 0x2) 00:32:01 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x5703], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:01 executing program 0: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000300)=0x14) 00:32:01 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:01 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x1000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:01 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(r1, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(r1, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:01 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x3f000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:01 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) [ 3348.581597][T19739] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3348.607550][T19739] CPU: 1 PID: 19739 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3348.628543][T19739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3348.644211][T19739] Call Trace: [ 3348.652178][T19739] dump_stack+0x172/0x1f0 [ 3348.656759][T19739] dump_header+0x10f/0xb6c [ 3348.661231][T19739] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3348.668216][T19739] ? ___ratelimit+0x60/0x595 [ 3348.675722][T19739] ? do_raw_spin_unlock+0x57/0x270 [ 3348.681268][T19739] oom_kill_process.cold+0x10/0x15 [ 3348.687573][T19739] out_of_memory+0x79a/0x1280 [ 3348.693190][T19739] ? lock_downgrade+0x880/0x880 [ 3348.698221][T19739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3348.704670][T19739] ? oom_killer_disable+0x280/0x280 [ 3348.710006][T19739] ? find_held_lock+0x35/0x130 [ 3348.716937][T19739] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3348.724440][T19739] ? memcg_event_wake+0x230/0x230 [ 3348.729830][T19739] ? do_raw_spin_unlock+0x57/0x270 [ 3348.734993][T19739] ? _raw_spin_unlock+0x2d/0x50 [ 3348.739892][T19739] try_charge+0x102c/0x15c0 [ 3348.744555][T19739] ? find_held_lock+0x35/0x130 [ 3348.749392][T19739] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3348.754980][T19739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3348.761263][T19739] ? kasan_check_read+0x11/0x20 [ 3348.766242][T19739] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3348.771833][T19739] mem_cgroup_try_charge+0x24d/0x5e0 [ 3348.777267][T19739] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3348.782947][T19739] __handle_mm_fault+0x1e1f/0x3ec0 [ 3348.788110][T19739] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3348.793716][T19739] ? find_held_lock+0x35/0x130 [ 3348.798525][T19739] ? handle_mm_fault+0x322/0xb30 [ 3348.803506][T19739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3348.809790][T19739] ? kasan_check_read+0x11/0x20 [ 3348.814779][T19739] handle_mm_fault+0x43f/0xb30 [ 3348.819588][T19739] __do_page_fault+0x5ef/0xda0 [ 3348.824510][T19739] do_page_fault+0x71/0x581 [ 3348.829326][T19739] ? page_fault+0x8/0x30 [ 3348.833605][T19739] page_fault+0x1e/0x30 [ 3348.837794][T19739] RIP: 0023:0x8055172 [ 3348.841804][T19739] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3348.861442][T19739] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3348.867972][T19739] RAX: 00000000f5d87b40 RBX: 0000000000020000 RCX: 00000000f5d67000 [ 3348.876205][T19739] RDX: 0000000000000003 RSI: 00000000f5d87b40 RDI: 0000000000021000 [ 3348.884214][T19739] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3348.892222][T19739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3348.900537][T19739] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3348.926006][T19739] memory: usage 4852kB, limit 0kB, failcnt 1647 [ 3348.933104][T19739] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3348.961704][T19739] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3348.994723][T19739] Memory cgroup stats for /syz4: cache:84KB rss:12KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3349.030111][T19739] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19686,uid=0 [ 3349.056929][T19739] Memory cgroup out of memory: Killed process 19686 (syz-executor.4) total-vm:72056kB, anon-rss:100kB, file-rss:35556kB, shmem-rss:0kB [ 3349.074430][ T1044] oom_reaper: reaped process 19686 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3349.100441][T19741] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3349.115263][T19741] CPU: 1 PID: 19741 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3349.123395][T19741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3349.133676][T19741] Call Trace: [ 3349.137016][T19741] dump_stack+0x172/0x1f0 [ 3349.141396][T19741] dump_header+0x10f/0xb6c [ 3349.145864][T19741] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3349.151899][T19741] ? ___ratelimit+0x60/0x595 [ 3349.156677][T19741] ? do_raw_spin_unlock+0x57/0x270 [ 3349.162621][T19741] oom_kill_process.cold+0x10/0x15 [ 3349.167788][T19741] out_of_memory+0x79a/0x1280 [ 3349.172519][T19741] ? __sched_text_start+0x8/0x8 [ 3349.177421][T19741] ? oom_killer_disable+0x280/0x280 [ 3349.182679][T19741] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3349.188995][T19741] ? memcg_event_wake+0x230/0x230 [ 3349.194335][T19741] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3349.200379][T19741] ? cgroup_file_notify+0x140/0x1b0 [ 3349.205897][T19741] memory_max_write+0x169/0x300 [ 3349.210784][T19741] ? mem_cgroup_write+0x360/0x360 [ 3349.216118][T19741] cgroup_file_write+0x245/0x7a0 [ 3349.221476][T19741] ? mem_cgroup_write+0x360/0x360 [ 3349.227481][T19741] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3349.227501][T19741] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3349.227514][T19741] kernfs_fop_write+0x2ba/0x480 [ 3349.227533][T19741] __vfs_write+0x8d/0x110 [ 3349.227543][T19741] ? kernfs_fop_open+0xd90/0xd90 [ 3349.227558][T19741] vfs_write+0x20c/0x580 [ 3349.227575][T19741] ksys_write+0x14f/0x2d0 [ 3349.227591][T19741] ? __ia32_sys_read+0xb0/0xb0 [ 3349.227613][T19741] __ia32_sys_write+0x71/0xb0 [ 3349.227632][T19741] do_fast_syscall_32+0x281/0xc98 [ 3349.227655][T19741] entry_SYSENTER_compat+0x70/0x7f [ 3349.227667][T19741] RIP: 0023:0xf7fac869 [ 3349.227684][T19741] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3349.227691][T19741] RSP: 002b:00000000f5da80cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3349.227705][T19741] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 3349.227713][T19741] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3349.227721][T19741] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3349.227737][T19741] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3349.227746][T19741] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3349.266814][T19741] memory: usage 4796kB, limit 0kB, failcnt 1654 [ 3349.278329][T19741] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3349.278412][T19741] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3349.278470][T19741] Memory cgroup stats for /syz4: cache:84KB rss:12KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:124KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3349.417895][T19741] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19739,uid=0 [ 3349.488903][T19741] Memory cgroup out of memory: Killed process 19741 (syz-executor.4) total-vm:72320kB, anon-rss:152kB, file-rss:35580kB, shmem-rss:0kB [ 3349.507721][ T1044] oom_reaper: reaped process 19741 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:32:03 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb802000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:03 executing program 0: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb601000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x57030000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:03 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1}], 0x1, 0x5193) shutdown(r0, 0x2) 00:32:03 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x56000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x100000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x3f00000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x5703000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0xffffffff00000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0xffffffffffffffff], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:03 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x357], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:06 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:06 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb900000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:06 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x3f00], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:06 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1}], 0x1, 0x5193) shutdown(r0, 0x2) 00:32:06 executing program 0 (fault-call:13 fault-nth:0): ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:06 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x56010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:06 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) [ 3352.977399][T19791] FAULT_INJECTION: forcing a failure. [ 3352.977399][T19791] name failslab, interval 1, probability 0, space 0, times 0 [ 3353.024840][T19791] CPU: 1 PID: 19791 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #84 [ 3353.032891][T19791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3353.042976][T19791] Call Trace: [ 3353.046301][T19791] dump_stack+0x172/0x1f0 [ 3353.050650][T19791] should_fail.cold+0xa/0x15 [ 3353.055880][T19791] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3353.061703][T19791] __should_failslab+0x121/0x190 [ 3353.066658][T19791] should_failslab+0x9/0x14 [ 3353.071179][T19791] kmem_cache_alloc_trace+0x2d1/0x760 [ 3353.076602][T19791] ? tcp_sendmsg_locked+0x1f5e/0x34b0 [ 3353.081997][T19791] tcp_sendmsg_locked+0x2198/0x34b0 [ 3353.087223][T19791] ? retint_kernel+0x2d/0x2d [ 3353.091829][T19791] ? mark_held_locks+0xa4/0xf0 [ 3353.096612][T19791] ? tcp_sendpage+0x60/0x60 [ 3353.101127][T19791] ? lock_sock_nested+0x9a/0x120 [ 3353.106091][T19791] ? trace_hardirqs_on+0x67/0x230 [ 3353.111127][T19791] ? lock_sock_nested+0x9a/0x120 [ 3353.116085][T19791] ? __local_bh_enable_ip+0x15a/0x270 [ 3353.121472][T19791] tcp_sendmsg+0x30/0x50 [ 3353.125724][T19791] inet_sendmsg+0x147/0x5d0 [ 3353.130238][T19791] ? ipip_gro_receive+0x100/0x100 [ 3353.135281][T19791] sock_sendmsg+0xdd/0x130 [ 3353.139716][T19791] ___sys_sendmsg+0x806/0x930 [ 3353.144418][T19791] ? copy_msghdr_from_user+0x430/0x430 [ 3353.149899][T19791] ? lock_downgrade+0x880/0x880 [ 3353.154765][T19791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3353.161040][T19791] ? kasan_check_read+0x11/0x20 [ 3353.165914][T19791] ? __fget+0x381/0x550 [ 3353.170101][T19791] ? __fget_light+0x1a9/0x230 [ 3353.174792][T19791] ? __fdget+0x1b/0x20 [ 3353.178864][T19791] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3353.185122][T19791] __sys_sendmsg+0x105/0x1d0 [ 3353.189739][T19791] ? __ia32_sys_shutdown+0x80/0x80 [ 3353.194856][T19791] ? fput_many+0x12c/0x1a0 [ 3353.199289][T19791] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3353.204759][T19791] ? do_fast_syscall_32+0xd1/0xc98 [ 3353.209876][T19791] ? entry_SYSENTER_compat+0x70/0x7f [ 3353.215173][T19791] ? do_fast_syscall_32+0xd1/0xc98 [ 3353.220340][T19791] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 3353.225808][T19791] do_fast_syscall_32+0x281/0xc98 [ 3353.230853][T19791] entry_SYSENTER_compat+0x70/0x7f [ 3353.235966][T19791] RIP: 0023:0xf7f46869 [ 3353.240037][T19791] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3353.259669][T19791] RSP: 002b:00000000f5d420cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 3353.268093][T19791] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000540 00:32:06 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x5703], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3353.276133][T19791] RDX: 0000000024000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 3353.284121][T19791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3353.292118][T19791] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3353.300154][T19791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:32:06 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x1000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:07 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x3f000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:07 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:32:07 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x57030000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:07 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:07 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb901000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:07 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x100000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:07 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x56020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:07 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:07 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0x2, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3355.023567][T19846] IPVS: ftp: loaded support on port[0] = 21 [ 3355.722443][T19846] chnl_net:caif_netlink_parms(): no params data found [ 3355.854924][T19846] bridge0: port 1(bridge_slave_0) entered blocking state [ 3355.862117][T19846] bridge0: port 1(bridge_slave_0) entered disabled state [ 3355.873920][T19846] device bridge_slave_0 entered promiscuous mode [ 3355.932361][T19846] bridge0: port 2(bridge_slave_1) entered blocking state [ 3355.941863][T19846] bridge0: port 2(bridge_slave_1) entered disabled state [ 3355.953156][T19846] device bridge_slave_1 entered promiscuous mode [ 3355.998489][T19846] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3356.074727][T19846] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3356.087631][ T6994] device bridge_slave_1 left promiscuous mode [ 3356.097057][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3356.165578][ T6994] device bridge_slave_0 left promiscuous mode [ 3356.176411][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3356.367998][ T6994] device bridge_slave_1 left promiscuous mode [ 3356.375267][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3356.425932][ T6994] device bridge_slave_0 left promiscuous mode [ 3356.432212][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3356.488121][ T6994] device bridge_slave_1 left promiscuous mode [ 3356.495452][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3356.595792][ T6994] device bridge_slave_0 left promiscuous mode [ 3356.602072][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3356.678019][ T6994] device bridge_slave_1 left promiscuous mode [ 3356.685492][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3356.745669][ T6994] device bridge_slave_0 left promiscuous mode [ 3356.751923][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3356.828148][ T6994] device bridge_slave_1 left promiscuous mode [ 3356.835490][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3356.935216][ T6994] device bridge_slave_0 left promiscuous mode [ 3356.941492][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.027977][ T6994] device bridge_slave_1 left promiscuous mode [ 3357.036971][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3357.095968][ T6994] device bridge_slave_0 left promiscuous mode [ 3357.102276][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.188060][ T6994] device bridge_slave_1 left promiscuous mode [ 3357.196236][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3357.295868][ T6994] device bridge_slave_0 left promiscuous mode [ 3357.302128][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.387773][ T6994] device bridge_slave_1 left promiscuous mode [ 3357.395057][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3357.485830][ T6994] device bridge_slave_0 left promiscuous mode [ 3357.492271][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.557737][ T6994] device bridge_slave_1 left promiscuous mode [ 3357.565027][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3357.645817][ T6994] device bridge_slave_0 left promiscuous mode [ 3357.652073][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.726571][ T6994] device bridge_slave_1 left promiscuous mode [ 3357.732842][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3357.805811][ T6994] device bridge_slave_0 left promiscuous mode [ 3357.812052][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.867891][ T6994] device bridge_slave_1 left promiscuous mode [ 3357.875080][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3357.935558][ T6994] device bridge_slave_0 left promiscuous mode [ 3357.941797][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3357.999824][ T6994] device bridge_slave_1 left promiscuous mode [ 3358.007077][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3358.147165][ T6994] device bridge_slave_0 left promiscuous mode [ 3358.158120][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3358.210915][ T6994] device bridge_slave_1 left promiscuous mode [ 3358.218758][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3358.286621][ T6994] device bridge_slave_0 left promiscuous mode [ 3358.293026][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3358.357734][ T6994] device bridge_slave_1 left promiscuous mode [ 3358.364931][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3358.435549][ T6994] device bridge_slave_0 left promiscuous mode [ 3358.441772][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3358.498116][ T6994] device bridge_slave_1 left promiscuous mode [ 3358.505615][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3358.555917][ T6994] device bridge_slave_0 left promiscuous mode [ 3358.562198][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3358.639008][ T6994] device bridge_slave_1 left promiscuous mode [ 3358.646120][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3358.695689][ T6994] device bridge_slave_0 left promiscuous mode [ 3358.701945][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3360.871271][ T6994] device hsr_slave_1 left promiscuous mode [ 3360.972337][ T6994] device hsr_slave_0 left promiscuous mode [ 3361.101224][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3361.129472][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3361.165077][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3361.230097][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3361.466573][ T6994] bond0 (unregistering): Released all slaves [ 3361.700979][ T6994] device hsr_slave_1 left promiscuous mode [ 3361.832983][ T6994] device hsr_slave_0 left promiscuous mode [ 3361.924495][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3361.956334][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3361.979498][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3362.044850][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3362.226950][ T6994] bond0 (unregistering): Released all slaves [ 3362.471958][ T6994] device hsr_slave_1 left promiscuous mode [ 3362.562136][ T6994] device hsr_slave_0 left promiscuous mode [ 3362.650680][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3362.680208][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3362.708777][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3362.786128][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3363.044965][ T6994] bond0 (unregistering): Released all slaves [ 3363.301621][ T6994] device hsr_slave_1 left promiscuous mode [ 3363.382236][ T6994] device hsr_slave_0 left promiscuous mode [ 3363.489902][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3363.537882][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3363.567585][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3363.694712][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3363.887805][ T6994] bond0 (unregistering): Released all slaves [ 3364.121414][ T6994] device hsr_slave_1 left promiscuous mode [ 3364.181783][ T6994] device hsr_slave_0 left promiscuous mode [ 3364.278539][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3364.307988][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3364.340025][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3364.436937][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3364.664403][ T6994] bond0 (unregistering): Released all slaves [ 3364.902231][ T6994] device hsr_slave_1 left promiscuous mode [ 3364.999901][ T6994] device hsr_slave_0 left promiscuous mode [ 3365.069055][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3365.099394][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3365.137778][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3365.215955][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3365.456278][ T6994] bond0 (unregistering): Released all slaves [ 3365.781690][ T6994] device hsr_slave_1 left promiscuous mode [ 3365.884470][ T6994] device hsr_slave_0 left promiscuous mode [ 3365.939744][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3365.974294][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3366.017752][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3366.106475][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3366.338888][ T6994] bond0 (unregistering): Released all slaves [ 3366.602424][ T6994] device hsr_slave_1 left promiscuous mode [ 3366.762048][ T6994] device hsr_slave_0 left promiscuous mode [ 3366.819601][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3366.849362][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3366.878424][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3366.995966][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3367.237541][ T6994] bond0 (unregistering): Released all slaves [ 3367.518220][ T6994] device hsr_slave_1 left promiscuous mode [ 3367.590899][ T6994] device hsr_slave_0 left promiscuous mode [ 3367.652266][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3367.686769][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3367.712018][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3367.794225][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3367.995060][ T6994] bond0 (unregistering): Released all slaves [ 3368.261848][ T6994] device hsr_slave_1 left promiscuous mode [ 3368.341433][ T6994] device hsr_slave_0 left promiscuous mode [ 3368.409927][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3368.450577][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3368.493593][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3368.556553][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3368.757636][ T6994] bond0 (unregistering): Released all slaves [ 3368.996131][ T6994] device hsr_slave_1 left promiscuous mode [ 3369.091672][ T6994] device hsr_slave_0 left promiscuous mode [ 3369.166153][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3369.195707][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3369.219966][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3369.313224][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3369.517625][ T6994] bond0 (unregistering): Released all slaves [ 3369.791389][ T6994] device hsr_slave_1 left promiscuous mode [ 3369.884181][ T6994] device hsr_slave_0 left promiscuous mode [ 3369.955272][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3369.983177][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3370.012155][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3370.085535][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3370.286942][ T6994] bond0 (unregistering): Released all slaves [ 3370.462213][ T6994] device hsr_slave_1 left promiscuous mode [ 3370.611862][ T6994] device hsr_slave_0 left promiscuous mode [ 3370.705729][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3370.732392][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3370.758056][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3370.825364][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3371.021102][ T6994] bond0 (unregistering): Released all slaves [ 3371.289170][ T6994] device hsr_slave_1 left promiscuous mode [ 3371.371576][ T6994] device hsr_slave_0 left promiscuous mode [ 3371.529187][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3371.585709][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3371.639761][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3371.712104][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3371.942645][ T6994] bond0 (unregistering): Released all slaves [ 3372.247393][ T6994] device hsr_slave_1 left promiscuous mode [ 3372.339823][ T6994] device hsr_slave_0 left promiscuous mode [ 3372.408742][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3372.462393][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3372.518294][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3372.624503][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3372.823952][ T6994] bond0 (unregistering): Released all slaves [ 3373.111993][ T6994] device hsr_slave_1 left promiscuous mode [ 3373.194664][ T6994] device hsr_slave_0 left promiscuous mode [ 3373.320361][ T6994] team0 (unregistering): Port device team_slave_1 removed [ 3373.357040][ T6994] team0 (unregistering): Port device team_slave_0 removed [ 3373.395086][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3373.473384][ T6994] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3373.688279][ T6994] bond0 (unregistering): Released all slaves [ 3373.875094][T19846] team0: Port device team_slave_0 added [ 3373.887728][T19846] team0: Port device team_slave_1 added [ 3373.959635][T19846] device hsr_slave_0 entered promiscuous mode [ 3374.025937][T19846] device hsr_slave_1 entered promiscuous mode [ 3374.332679][T19846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3374.388030][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3374.405058][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3374.441371][T19846] 8021q: adding VLAN 0 to HW filter on device team0 [ 3374.467261][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3374.479485][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3374.489451][T16597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3374.496629][T16597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3374.542863][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3374.554804][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3374.567680][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3374.577813][T17386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3374.585065][T17386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3374.612764][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3374.650978][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3374.693363][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3374.721223][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3374.749744][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3374.761879][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3374.801379][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3374.829618][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3374.855364][T19846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3374.933073][T19846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3375.012627][T19854] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3375.024991][T19854] CPU: 1 PID: 19854 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3375.033013][T19854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3375.043094][T19854] Call Trace: [ 3375.046433][T19854] dump_stack+0x172/0x1f0 [ 3375.050797][T19854] dump_header+0x10f/0xb6c [ 3375.055753][T19854] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3375.061593][T19854] ? ___ratelimit+0x60/0x595 [ 3375.066301][T19854] ? do_raw_spin_unlock+0x57/0x270 [ 3375.071445][T19854] oom_kill_process.cold+0x10/0x15 [ 3375.076593][T19854] out_of_memory+0x79a/0x1280 [ 3375.081307][T19854] ? __sched_text_start+0x8/0x8 [ 3375.086192][T19854] ? oom_killer_disable+0x280/0x280 [ 3375.092398][T19854] ? cgroup_file_notify+0x140/0x1b0 [ 3375.097668][T19854] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3375.103244][T19854] ? memcg_event_wake+0x230/0x230 [ 3375.108315][T19854] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3375.114186][T19854] ? cgroup_file_notify+0x140/0x1b0 [ 3375.119439][T19854] memory_max_write+0x169/0x300 [ 3375.124317][T19854] ? kernfs_fop_write+0x204/0x480 [ 3375.129403][T19854] ? mem_cgroup_write+0x360/0x360 [ 3375.134452][T19854] ? lock_acquire+0x16f/0x3f0 [ 3375.139156][T19854] ? kernfs_fop_write+0x227/0x480 [ 3375.144397][T19854] cgroup_file_write+0x245/0x7a0 [ 3375.149372][T19854] ? mem_cgroup_write+0x360/0x360 [ 3375.154522][T19854] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3375.160202][T19854] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 3375.165872][T19854] kernfs_fop_write+0x2ba/0x480 [ 3375.170773][T19854] __vfs_write+0x8d/0x110 [ 3375.175131][T19854] ? kernfs_fop_open+0xd90/0xd90 [ 3375.180113][T19854] vfs_write+0x20c/0x580 [ 3375.184887][T19854] ksys_write+0x14f/0x2d0 [ 3375.189257][T19854] ? __ia32_sys_read+0xb0/0xb0 [ 3375.194055][T19854] ? do_fast_syscall_32+0xd1/0xc98 [ 3375.199205][T19854] ? entry_SYSENTER_compat+0x70/0x7f [ 3375.204615][T19854] ? do_fast_syscall_32+0xd1/0xc98 [ 3375.209773][T19854] __ia32_sys_write+0x71/0xb0 [ 3375.214489][T19854] do_fast_syscall_32+0x281/0xc98 [ 3375.219579][T19854] entry_SYSENTER_compat+0x70/0x7f [ 3375.224716][T19854] RIP: 0023:0xf7f8c869 [ 3375.228810][T19854] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 3375.248436][T19854] RSP: 002b:00000000f5d880cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 3375.256876][T19854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 3375.264871][T19854] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3375.272867][T19854] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3375.280867][T19854] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3375.288883][T19854] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3375.298889][T19854] memory: usage 6844kB, limit 0kB, failcnt 1662 [ 3375.305406][T19854] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3375.313089][T19854] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3375.322172][T19854] Memory cgroup stats for /syz4: cache:84KB rss:2028KB rss_huge:2048KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:2156KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3375.345791][T19854] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19853,uid=0 [ 3375.364442][T19854] Memory cgroup out of memory: Killed process 19853 (syz-executor.4) total-vm:72320kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3375.380784][ T1044] oom_reaper: reaped process 19853 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 00:32:28 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:28 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x5703000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:28 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:32:28 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0x12, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:28 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x57000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:28 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xb902000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3375.420998][T19846] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3375.488852][T19846] CPU: 1 PID: 19846 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3375.496886][T19846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3375.496893][T19846] Call Trace: [ 3375.496921][T19846] dump_stack+0x172/0x1f0 [ 3375.496944][T19846] dump_header+0x10f/0xb6c [ 3375.496961][T19846] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3375.496993][T19846] ? ___ratelimit+0x60/0x595 [ 3375.529567][T19846] ? do_raw_spin_unlock+0x57/0x270 [ 3375.529591][T19846] oom_kill_process.cold+0x10/0x15 [ 3375.529608][T19846] out_of_memory+0x79a/0x1280 [ 3375.529625][T19846] ? lock_downgrade+0x880/0x880 [ 3375.529640][T19846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3375.529661][T19846] ? oom_killer_disable+0x280/0x280 [ 3375.555752][T19846] ? find_held_lock+0x35/0x130 [ 3375.555779][T19846] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3375.555793][T19846] ? memcg_event_wake+0x230/0x230 [ 3375.555814][T19846] ? do_raw_spin_unlock+0x57/0x270 [ 3375.555832][T19846] ? _raw_spin_unlock+0x2d/0x50 00:32:29 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3375.555851][T19846] try_charge+0x102c/0x15c0 [ 3375.555863][T19846] ? find_held_lock+0x35/0x130 [ 3375.555881][T19846] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3375.555898][T19846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3375.555919][T19846] ? kasan_check_read+0x11/0x20 [ 3375.555936][T19846] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3375.555954][T19846] mem_cgroup_try_charge+0x24d/0x5e0 [ 3375.555974][T19846] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3375.555992][T19846] __handle_mm_fault+0x1e1f/0x3ec0 [ 3375.556013][T19846] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3375.556027][T19846] ? find_held_lock+0x35/0x130 [ 3375.556043][T19846] ? handle_mm_fault+0x322/0xb30 [ 3375.556066][T19846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3375.556083][T19846] ? kasan_check_read+0x11/0x20 [ 3375.556101][T19846] handle_mm_fault+0x43f/0xb30 [ 3375.556119][T19846] __do_page_fault+0x5ef/0xda0 [ 3375.556140][T19846] do_page_fault+0x71/0x581 [ 3375.556166][T19846] ? page_fault+0x8/0x30 [ 3375.556179][T19846] page_fault+0x1e/0x30 [ 3375.556190][T19846] RIP: 0023:0x804afea [ 3375.556204][T19846] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3375.556211][T19846] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3375.556223][T19846] RAX: 000000000845fde0 RBX: 0000000000000016 RCX: 000000000845fd80 [ 3375.556251][T19846] RDX: 000000000000000c RSI: 0000000000337f70 RDI: 0000000000000000 [ 3375.571741][T19846] RBP: 0000000000000016 R08: 0000000000000000 R09: 0000000000000000 00:32:29 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x2, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3375.571751][T19846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3375.571758][T19846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3375.597294][T19846] memory: usage 4536kB, limit 0kB, failcnt 1671 [ 3375.612070][T19846] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3375.676193][T19846] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:32:29 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3375.809661][T19846] Memory cgroup stats for /syz4: cache:84KB rss:0KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB 00:32:29 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x3, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3375.857604][T19846] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19846,uid=0 [ 3375.885123][T19846] Memory cgroup out of memory: Killed process 19846 (syz-executor.4) total-vm:72056kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB 00:32:29 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x357], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:29 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:30 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:30 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x4, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:30 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x5703], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:30 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:32:30 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x57010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:30 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:30 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x5, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:30 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xba00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:30 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:30 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x57020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:30 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:30 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x6, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:31 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x57030000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:31 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:32:31 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:31 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x7, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:31 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:31 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x9, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:31 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x5703000000000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:31 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xba01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3379.477196][T19975] IPVS: ftp: loaded support on port[0] = 21 [ 3380.445785][T19975] chnl_net:caif_netlink_parms(): no params data found [ 3380.514351][T19975] bridge0: port 1(bridge_slave_0) entered blocking state [ 3380.521638][T19975] bridge0: port 1(bridge_slave_0) entered disabled state [ 3380.534255][T19975] device bridge_slave_0 entered promiscuous mode [ 3380.546505][T19975] bridge0: port 2(bridge_slave_1) entered blocking state [ 3380.556116][T19975] bridge0: port 2(bridge_slave_1) entered disabled state [ 3380.577773][T19975] device bridge_slave_1 entered promiscuous mode [ 3380.646002][T19975] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3380.671944][T19975] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3380.758449][T19975] team0: Port device team_slave_0 added [ 3380.780396][T19975] team0: Port device team_slave_1 added [ 3380.900679][T19975] device hsr_slave_0 entered promiscuous mode [ 3380.966200][T19975] device hsr_slave_1 entered promiscuous mode [ 3381.094618][T19975] bridge0: port 2(bridge_slave_1) entered blocking state [ 3381.101760][T19975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3381.109316][T19975] bridge0: port 1(bridge_slave_0) entered blocking state [ 3381.116478][T19975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3381.415062][T19975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3381.434432][ T7937] bridge0: port 1(bridge_slave_0) entered disabled state [ 3381.444995][ T7937] bridge0: port 2(bridge_slave_1) entered disabled state [ 3381.460015][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3381.510510][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3381.521525][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3381.563711][T19975] 8021q: adding VLAN 0 to HW filter on device team0 [ 3381.600758][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3381.612233][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3381.622231][T16597] bridge0: port 1(bridge_slave_0) entered blocking state [ 3381.629468][T16597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3381.658703][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3381.670680][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3381.680626][T17386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3381.687858][T17386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3381.737045][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3381.751245][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3381.810280][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3381.827673][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3381.868660][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3381.879347][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3381.892108][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3381.932505][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3381.944593][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3381.973946][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3381.985579][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3382.027689][T19975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3382.156725][T19975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3382.357205][T19983] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3382.403609][T19983] CPU: 1 PID: 19983 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3382.411655][T19983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3382.421740][T19983] Call Trace: [ 3382.425076][T19983] dump_stack+0x172/0x1f0 [ 3382.429451][T19983] dump_header+0x10f/0xb6c [ 3382.433908][T19983] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3382.439758][T19983] ? ___ratelimit+0x60/0x595 [ 3382.444380][T19983] ? do_raw_spin_unlock+0x57/0x270 [ 3382.449530][T19983] oom_kill_process.cold+0x10/0x15 [ 3382.454685][T19983] out_of_memory+0x79a/0x1280 [ 3382.459411][T19983] ? lock_downgrade+0x880/0x880 [ 3382.464308][T19983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.470597][T19983] ? oom_killer_disable+0x280/0x280 [ 3382.475834][T19983] ? find_held_lock+0x35/0x130 [ 3382.480650][T19983] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3382.486235][T19983] ? memcg_event_wake+0x230/0x230 [ 3382.491332][T19983] ? do_raw_spin_unlock+0x57/0x270 [ 3382.496485][T19983] ? _raw_spin_unlock+0x2d/0x50 [ 3382.501383][T19983] try_charge+0x102c/0x15c0 [ 3382.505933][T19983] ? find_held_lock+0x35/0x130 [ 3382.510755][T19983] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3382.516351][T19983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.522657][T19983] ? kasan_check_read+0x11/0x20 [ 3382.527566][T19983] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3382.533199][T19983] mem_cgroup_try_charge+0x24d/0x5e0 [ 3382.538564][T19983] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3382.544260][T19983] __handle_mm_fault+0x1e1f/0x3ec0 [ 3382.549430][T19983] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3382.555025][T19983] ? find_held_lock+0x35/0x130 [ 3382.559835][T19983] ? handle_mm_fault+0x322/0xb30 [ 3382.564831][T19983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.571131][T19983] ? kasan_check_read+0x11/0x20 [ 3382.576046][T19983] handle_mm_fault+0x43f/0xb30 [ 3382.580869][T19983] __do_page_fault+0x5ef/0xda0 [ 3382.585688][T19983] do_page_fault+0x71/0x581 [ 3382.590857][T19983] ? page_fault+0x8/0x30 [ 3382.595166][T19983] page_fault+0x1e/0x30 [ 3382.599366][T19983] RIP: 0023:0x8055172 [ 3382.603416][T19983] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3382.623155][T19983] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3382.629260][T19983] RAX: 00000000f5cf7b40 RBX: 0000000000020000 RCX: 00000000f5cd7000 [ 3382.637266][T19983] RDX: 0000000000000003 RSI: 00000000f5cf7b40 RDI: 0000000000021000 [ 3382.645283][T19983] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3382.653288][T19983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3382.661296][T19983] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3382.675721][T19983] memory: usage 6840kB, limit 0kB, failcnt 1680 [ 3382.682068][T19983] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3382.689682][T19983] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3382.696918][T19983] Memory cgroup stats for /syz4: cache:84KB rss:2052KB rss_huge:2048KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:2160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3382.724841][T19983] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19983,uid=0 [ 3382.740536][T19983] Memory cgroup out of memory: Killed process 19983 (syz-executor.4) total-vm:72320kB, anon-rss:2128kB, file-rss:34816kB, shmem-rss:0kB [ 3382.759767][ T1044] oom_reaper: reaped process 19983 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:32:36 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:36 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0xa, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:36 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x58000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:36 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:36 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:32:36 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xba02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3382.827908][T19975] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3382.866249][T19975] CPU: 1 PID: 19975 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3382.874306][T19975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3382.884399][T19975] Call Trace: [ 3382.887746][T19975] dump_stack+0x172/0x1f0 [ 3382.892126][T19975] dump_header+0x10f/0xb6c [ 3382.896595][T19975] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3382.902455][T19975] ? ___ratelimit+0x60/0x595 [ 3382.907095][T19975] ? do_raw_spin_unlock+0x57/0x270 [ 3382.912290][T19975] oom_kill_process.cold+0x10/0x15 [ 3382.917451][T19975] out_of_memory+0x79a/0x1280 [ 3382.922187][T19975] ? lock_downgrade+0x880/0x880 [ 3382.927077][T19975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.933373][T19975] ? oom_killer_disable+0x280/0x280 [ 3382.933390][T19975] ? find_held_lock+0x35/0x130 [ 3382.933421][T19975] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3382.948995][T19975] ? memcg_event_wake+0x230/0x230 [ 3382.954063][T19975] ? do_raw_spin_unlock+0x57/0x270 [ 3382.959288][T19975] ? _raw_spin_unlock+0x2d/0x50 [ 3382.964195][T19975] try_charge+0x102c/0x15c0 [ 3382.968749][T19975] ? find_held_lock+0x35/0x130 [ 3382.973571][T19975] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3382.979175][T19975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.985460][T19975] ? kasan_check_read+0x11/0x20 [ 3382.990372][T19975] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3382.995969][T19975] mem_cgroup_try_charge+0x24d/0x5e0 [ 3383.001335][T19975] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3383.007014][T19975] __handle_mm_fault+0x1e1f/0x3ec0 [ 3383.007036][T19975] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3383.007051][T19975] ? find_held_lock+0x35/0x130 00:32:36 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) 00:32:36 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0xe, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3383.007066][T19975] ? handle_mm_fault+0x322/0xb30 [ 3383.007088][T19975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3383.007106][T19975] ? kasan_check_read+0x11/0x20 [ 3383.007124][T19975] handle_mm_fault+0x43f/0xb30 [ 3383.007142][T19975] __do_page_fault+0x5ef/0xda0 [ 3383.007177][T19975] do_page_fault+0x71/0x581 [ 3383.007194][T19975] ? page_fault+0x8/0x30 [ 3383.007210][T19975] page_fault+0x1e/0x30 [ 3383.007224][T19975] RIP: 0023:0x804afea [ 3383.007259][T19975] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3383.032443][T19975] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3383.032459][T19975] RAX: 000000000845fde0 RBX: 0000000000000016 RCX: 000000000845fd80 [ 3383.032466][T19975] RDX: 000000000000000c RSI: 0000000000339bcc RDI: 0000000000000000 [ 3383.032473][T19975] RBP: 0000000000000016 R08: 0000000000000000 R09: 0000000000000000 [ 3383.032480][T19975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3383.032486][T19975] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3383.113651][T19975] memory: usage 4528kB, limit 0kB, failcnt 1689 00:32:36 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1000, 0x0) fgetxattr(r0, &(0x7f0000000080)=@known='system.advise\x00', &(0x7f00000000c0), 0x0) 00:32:36 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x18, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3383.207775][T19975] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3383.241643][T19975] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3383.291365][T19975] Memory cgroup stats for /syz4: cache:84KB rss:72KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB 00:32:36 executing program 3: syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xbc43, 0x80) syz_emit_ethernet(0x365, &(0x7f0000000100)=ANY=[@ANYBLOB="66ace0b288f500000000000000006f3278a3962ed2c04a16c43dc766f4e1c9e748726b2edaefa49bac177c00399fa998c36c729cbd1b914f429b4f146a4b87ac1a0913c95fb6f95c04fda157451744931643d299eace2feead545156177531c507dd6a0e09003368bcf6b867c21c25a93e6ca5614e5720470dd2d064ed31f3622aa6aa16a2"], 0x0) [ 3383.349108][T19975] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19975,uid=0 00:32:37 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x301000, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x10, &(0x7f0000000040)={&(0x7f0000001200)=""/251, 0xfb, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001300)={r0, 0x10, &(0x7f00000000c0)={&(0x7f0000000200)=""/4096, 0x1000, r1}}, 0x10) syz_emit_ethernet(0xcc, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa2200110001d31b14378a00f91ff3b6698a4a50bac44f06cd235475d6b395c597d48a712727e32bdeff6117be7d1458600e14f58166858db734d470061cfb483339ac8a0323b953712b6ed3e2f6fc53039600dd7089869b45fdd0238186a5ac37daf25c8006d764a9e77967a1083a5790b985b08573e6b0d9bc3355118a05b13c4b60591cf3e7d8b283628b134999cc8f47e3a9a007f0deeedac63a2d6daf4c4e43fa2965394d59d7b5b37af668bf11b2b3690f40a2bb248d656a58db15f3cc6981e90c1d5e56a5b7"], 0x0) [ 3383.703975][T19975] Memory cgroup out of memory: Killed process 19975 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3383.740859][ T1044] oom_reaper: reaped process 19975 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB 00:32:38 executing program 4: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x1ff) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r2, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:38 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0xfc, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:38 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x58010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:38 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000005853d09ef03f88f5"], 0x0) 00:32:38 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1}, {r1}], 0x2, 0x5193) shutdown(r0, 0x2) 00:32:38 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x1f4, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:38 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xbb00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:38 executing program 4: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x1ff) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r2, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:32:38 executing program 3: syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYRESDEC], 0x0) 00:32:38 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x218, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:38 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x101000, 0x0) r1 = mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffff9c, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080)={r1}) r2 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$get_keyring_id(0x0, r2, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000100)={@empty, @random="5853d0b2f03f", [{[{0x9100, 0x100000000, 0x81, 0x1}], {0x8100, 0x2, 0x6}}], {@generic={0x88f5}}}, 0x0) 00:32:38 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x240, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:38 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000000)=ANY=[@ANYBLOB="00005c38ec7b0dfe0000000058530cf101d0b2f0"], 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) 00:32:39 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000005853d0b2f03f88ee"], 0x0) 00:32:39 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x58020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:32:39 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x300, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:32:39 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x0) shutdown(r0, 0x2) 00:32:39 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000080), &(0x7f00000000c0)) 00:32:39 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xbb01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3387.051448][T20096] IPVS: ftp: loaded support on port[0] = 21 [ 3407.477982][T20096] chnl_net:caif_netlink_parms(): no params data found [ 3407.537970][T20096] bridge0: port 1(bridge_slave_0) entered blocking state [ 3407.546711][T20096] bridge0: port 1(bridge_slave_0) entered disabled state [ 3407.559186][T20096] device bridge_slave_0 entered promiscuous mode [ 3407.570948][T20096] bridge0: port 2(bridge_slave_1) entered blocking state [ 3407.580527][T20096] bridge0: port 2(bridge_slave_1) entered disabled state [ 3407.595218][T20096] device bridge_slave_1 entered promiscuous mode [ 3407.666675][T20096] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3417.618925][T20096] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3417.688719][T20096] team0: Port device team_slave_0 added [ 3417.719212][T20096] team0: Port device team_slave_1 added [ 3427.389177][T20096] device hsr_slave_0 entered promiscuous mode [ 3427.435981][T20096] device hsr_slave_1 entered promiscuous mode [ 3436.635243][T20096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3436.670909][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3436.681752][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3436.702008][T20096] 8021q: adding VLAN 0 to HW filter on device team0 [ 3436.727294][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3436.738804][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3436.765081][T19981] bridge0: port 1(bridge_slave_0) entered blocking state [ 3436.772226][T19981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3436.836066][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3436.846713][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3436.858186][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3436.868753][T19979] bridge0: port 2(bridge_slave_1) entered blocking state [ 3436.875947][T19979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3436.887240][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3445.197114][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3445.227088][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3445.239076][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3445.250379][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3445.277633][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3445.314509][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3445.325801][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3445.336489][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3445.365316][T20096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3445.379016][T20096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3445.390340][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3445.402223][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3445.473924][T20096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3445.677226][T20102] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3445.703742][T20102] CPU: 0 PID: 20102 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3445.711791][T20102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3445.721874][T20102] Call Trace: [ 3445.725207][T20102] dump_stack+0x172/0x1f0 [ 3445.729561][T20102] dump_header+0x10f/0xb6c [ 3445.733997][T20102] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3445.739851][T20102] ? ___ratelimit+0x60/0x595 [ 3445.744463][T20102] ? do_raw_spin_unlock+0x57/0x270 [ 3445.749692][T20102] oom_kill_process.cold+0x10/0x15 [ 3445.754831][T20102] out_of_memory+0x79a/0x1280 [ 3445.760051][T20102] ? lock_downgrade+0x880/0x880 [ 3445.765017][T20102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3445.771379][T20102] ? oom_killer_disable+0x280/0x280 [ 3445.776703][T20102] ? find_held_lock+0x35/0x130 [ 3445.781523][T20102] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3445.787094][T20102] ? memcg_event_wake+0x230/0x230 [ 3445.792414][T20102] ? do_raw_spin_unlock+0x57/0x270 [ 3445.797811][T20102] ? _raw_spin_unlock+0x2d/0x50 [ 3445.802684][T20102] try_charge+0x102c/0x15c0 [ 3445.807308][T20102] ? find_held_lock+0x35/0x130 [ 3445.812099][T20102] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3445.817669][T20102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3445.823937][T20102] ? kasan_check_read+0x11/0x20 [ 3445.828813][T20102] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3445.834481][T20102] mem_cgroup_try_charge+0x24d/0x5e0 [ 3445.839807][T20102] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3445.845478][T20102] __handle_mm_fault+0x1e1f/0x3ec0 [ 3445.850633][T20102] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3445.856225][T20102] ? find_held_lock+0x35/0x130 [ 3445.861023][T20102] ? handle_mm_fault+0x322/0xb30 [ 3445.866078][T20102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3445.872350][T20102] ? kasan_check_read+0x11/0x20 [ 3445.877404][T20102] handle_mm_fault+0x43f/0xb30 [ 3445.882233][T20102] __do_page_fault+0x5ef/0xda0 [ 3445.887027][T20102] do_page_fault+0x71/0x581 [ 3445.891546][T20102] ? page_fault+0x8/0x30 [ 3445.895808][T20102] page_fault+0x1e/0x30 [ 3445.899973][T20102] RIP: 0023:0x8055172 [ 3445.903963][T20102] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3445.923930][T20102] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3445.930911][T20102] RAX: 00000000f5d86b40 RBX: 0000000000020000 RCX: 00000000f5d66000 [ 3445.940560][T20102] RDX: 0000000000000003 RSI: 00000000f5d86b40 RDI: 0000000000021000 [ 3445.948571][T20102] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3445.956689][T20102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3445.964957][T20102] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3445.986358][T20102] memory: usage 6444kB, limit 0kB, failcnt 1698 [ 3445.994515][T20102] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.002246][T20102] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.010091][T20102] Memory cgroup stats for /syz4: cache:84KB rss:2192KB rss_huge:2048KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:2156KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3446.032913][T20102] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20102,uid=0 [ 3446.049313][T20102] Memory cgroup out of memory: Killed process 20102 (syz-executor.4) total-vm:72320kB, anon-rss:2128kB, file-rss:34816kB, shmem-rss:0kB [ 3446.069273][ T1044] oom_reaper: reaped process 20102 (syz-executor.4), now anon-rss:0kB, file-rss:34076kB, shmem-rss:0kB 00:33:39 executing program 4: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r4 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x1ff) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r2, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:33:39 executing program 3: syz_emit_ethernet(0xfffffffffffffff1, &(0x7f0000000000)={@empty, @dev={[], 0x19}, [], {@generic={0x88f5}}}, 0x0) 00:33:39 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x0) shutdown(r0, 0x2) 00:33:39 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x3e8, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:33:39 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x59000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:33:39 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xbb02000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) [ 3446.104096][T20096] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 00:33:39 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x0) shutdown(r0, 0x2) [ 3446.159927][T20096] CPU: 0 PID: 20096 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3446.167993][T20096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3446.168000][T20096] Call Trace: [ 3446.168032][T20096] dump_stack+0x172/0x1f0 [ 3446.168052][T20096] dump_header+0x10f/0xb6c [ 3446.168069][T20096] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3446.168098][T20096] ? ___ratelimit+0x60/0x595 [ 3446.201312][T20096] ? do_raw_spin_unlock+0x57/0x270 [ 3446.206447][T20096] oom_kill_process.cold+0x10/0x15 [ 3446.211583][T20096] out_of_memory+0x79a/0x1280 [ 3446.216289][T20096] ? lock_downgrade+0x880/0x880 [ 3446.221151][T20096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.227410][T20096] ? oom_killer_disable+0x280/0x280 [ 3446.232622][T20096] ? find_held_lock+0x35/0x130 [ 3446.237399][T20096] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3446.237415][T20096] ? memcg_event_wake+0x230/0x230 [ 3446.237437][T20096] ? do_raw_spin_unlock+0x57/0x270 [ 3446.237455][T20096] ? _raw_spin_unlock+0x2d/0x50 [ 3446.237473][T20096] try_charge+0x102c/0x15c0 [ 3446.237485][T20096] ? find_held_lock+0x35/0x130 [ 3446.237507][T20096] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3446.237530][T20096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.279224][T20096] ? kasan_check_read+0x11/0x20 [ 3446.284190][T20096] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3446.289742][T20096] mem_cgroup_try_charge+0x24d/0x5e0 [ 3446.295031][T20096] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3446.295050][T20096] __handle_mm_fault+0x1e1f/0x3ec0 [ 3446.295070][T20096] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3446.295085][T20096] ? find_held_lock+0x35/0x130 [ 3446.295101][T20096] ? handle_mm_fault+0x322/0xb30 [ 3446.295123][T20096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.327311][T20096] ? kasan_check_read+0x11/0x20 [ 3446.332180][T20096] handle_mm_fault+0x43f/0xb30 [ 3446.336951][T20096] __do_page_fault+0x5ef/0xda0 [ 3446.336973][T20096] do_page_fault+0x71/0x581 [ 3446.336990][T20096] ? page_fault+0x8/0x30 [ 3446.337006][T20096] page_fault+0x1e/0x30 [ 3446.337018][T20096] RIP: 0023:0x804afea [ 3446.337032][T20096] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3446.337038][T20096] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3446.337049][T20096] RAX: 000000000845fde0 RBX: 0000000000000016 RCX: 000000000845fd80 [ 3446.337057][T20096] RDX: 000000000000000c RSI: 0000000000349320 RDI: 0000000000000000 [ 3446.337065][T20096] RBP: 0000000000000016 R08: 0000000000000000 R09: 0000000000000000 00:33:39 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x500, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:33:39 executing program 3: syz_emit_ethernet(0xfffffffffffffef8, &(0x7f00000005c0)=ANY=[@ANYBLOB="0000000000005853d0b2f03f8100150086dd6f73dae1030b3206fe88000000000000000000000000010100000000000000000000ffffac14142a77005aa864000000bf01000000000000010a000000000000060168000000000204010560683afe8800000000000000000000000001011602000000000000071000000006023f48ae040000000000000004010900000000008108e800000000000209650000005e0a040509500000fe8000000000000000000000000000bb00000000000000000000000000000000ff010000000000000000000000000001ff01000000000000000000000000000100000000000000000000ffff000000020420880b0085000300044ccda0bc1d302f467d2edbce6155100123cd9253038725da0868968ecd5c5114a3426b0992b27006eef6a9f59b1f5e3f2c3274c053f7456099f904d0c68652cb21ed2647397c0963faf4dadc80f12cf644ae71babecee3661607d7758f41d6506da4b66920da428cceb96b9bc10951f15b7ab397c7f388f7564f9c7fb2407b0eb4494aafeca98f43014000000000000000a2e381e6e6752b5470d70f2780fd494621422de92578d3f6e45403ac8a0b1670af89cb0789a51eff5c37dc06ac908f34c050ac46e1f45334945c9016e0931ce2584f59b881ab32a836a81487568bf8a25f6d8d7ef78624afbaae66474936b7ce40b667e0670a5e9579f6dc461a36f7fb98e1660947577554fed32a86cbec9a12b60c8c933e86041be36493bdb54b56a7fa6c8d0ec379f61a48973ebaa17a937e9ddefdda087a367702efd473daf598c91af9482075b2171ac770a3536c4b1f98f58333379b357bd0345f287b5d47982d6e8cd82e07f944d574a3b75e8b2ade58050086ddc02f958c462693077e947ecb062f3f5cb1afdd8c4b138c01496c261104f81fa5e7159eda099205f8af6f613a4c0ef9de111f85d93cdec4ae0cae926e90e74e2a92f328df695501000000000000006ba7ded7f7fe0473048726348341cd95ee2aadd4820b47d47eff3888b9b65f561be581adf85175080088be00000004100728ff01000000000007d3080022eb0000000320e93c07020000000000000101017f1a080065580000000180e27de34ad9d5d2e0be5ae6dcb74810923a508b8bec943cff472d4a03e5dfe85e35acbe"], 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0) exit_group(0x6) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0x4c2a, 0x6}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000540)={r1, 0x6}, 0x8) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000580)) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000000c0)={r1, @in={{0x2, 0x4e21, @multicast1}}}, &(0x7f0000000180)=0x84) 00:33:39 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(0xffffffffffffffff, 0x2) [ 3446.337072][T20096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3446.337079][T20096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:33:40 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x600, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3446.476626][T20096] memory: usage 4136kB, limit 0kB, failcnt 1707 [ 3446.484273][T20096] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.522568][T20096] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 00:33:40 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x400, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0245629, &(0x7f00000000c0)={0x0, 0x1, 0x100000001, [], &(0x7f0000000080)=0x3}) sendmsg$kcm(r0, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="8dbdd7abf673fb3d084bf1a2b5144787b10905235a8a6cbaa1a4601d578932532524a699a0736323768da52779ab9dbd1e8d7df2ef", 0x35}, {&(0x7f0000000140)="8488bbde6386325963d6b7248f10ae934c515464a9a683d1ea76ebaf21ece26670475949", 0x24}, {&(0x7f0000000180)="3f4991dbe7205d46e5d6c6eaaac24aee3eaea8273b0efdce667bf020e6844acaa5337cdb7bce7fb1166d1bd49446de3df13e8ecdbc8f27707f879fa241dda23a3efb358dc20b08c47a6668218afbbab41ead741b982c2829fcef89099eb3ae14bd2ef2d8711eb658ee5d8de4a3ca714788431e30ee62530b64bd33b0d91e8222c8ab935b96f1d2b3f53d4db81b1a0dd6edc9dd1d693640651b428eb61754b9c08e25dd86463ec816aef54b12ecc6", 0xae}, {&(0x7f0000000240)="1e5e57ff98f1bf8f710c787a210c6d81b895fddb88e54a0d36111763f3df6e", 0x1f}], 0x4, &(0x7f00000002c0)=[{0x5c, 0x113, 0xffff, "f98e1ba0686753c5cf7aad0a604004eef5c083e4ee34359c99e15f4f7336344c08dc309075a3088e035f7fcd49c96fd88fcb47bb05d9be75f07d6ea51b214cc3a0ef696d2083472073ecd95553"}, {0x24, 0x112, 0xabf, "5fdd59cccb5c7231b21602e41db3a74727569f8584ad11"}, {0x100c, 0x113, 0x732e, "431d4ea77535667e2ddda6ed7cd27e90a9e7c17a0a999ba54c529b0eeff081243ed3b60edb524ab8dad85ea952f1519fbb382fdbd05f03f808690f14961510e9f1bbfc7bf4a8b703d2bef33934ed4519b3e6ade100e6212c5bb04d7a5446d71a2da93e6d6b878af4c904dd93789e612c16c1e804f7847135cf99ac5afd18722a79a5ae61a50e281a630d836c8e2a949fbcb563634de574794b0a4391f8587ea45311146e2b4e40bc992ba997d6e9aa4115ec48948f8e3a9598fe93fabe00242d6621f80ae2f16b619f7931d814f4fc4b439bf8605d0df6ea12720373977162113288edef84619a882f8771d7abab2eae317503f6039c8cee933ea08aad989ef8ce78b1c04b16d81c8e9782a0ca06bedf2a05673ce623de8dba3bda7554f8c29e772d318c203d1676211bd14d255d0b56b885b2f4001ae117756affcf29da90f3e199da691acc9590ba1372d38ffc7d3173ec75b199a21dd29bffe61c3624774eb76695c19e2fd9fa9e7967a569b2d4bbbdf81b85f6afa5bae22c58e8f836d1120534440acca218ccccc06b604f3b652b4693b3844f6eec4584994ee988d0b84bb7106e23f273c2fabf89d25940eea390901a1a1d8e4aad97bb321c682748f622bc37f9b6164823377120e3dd08f5123b905a0167e7db6cc428b3919350b8f261ce9194867bfd765e3dd8427e21a2d1a215207eae72694fcfbecb215336fb1f65e27e7ddf26931130f62242ff0a7be16868a7087d07071bb1db0388000f7022e02ceda657a5534361d4daaec74ea94be70534583050f1490ed74a33302a7f2ad7b22bb6650a03fefecb1db12726c85f15a0f3a5a7b05b720cb514f8a2cb847cc14fc294ebe6ff214ab042ed63eeb4b5213679e19f5a39d4264c39885695ead7128f7306f6d840687f9341d5aad949d58d4a3410146acf9a2035dbd50275602457e7430ea82c0771bf0377d382d7cde96b3164f16f0a139f1eab0c0426a01708d13ace8886a4183e769c98c5950689740de4a43bf03a877ef3d11e7ae1f67a1f8be13ebca6760ff6d0d2ab201fbde557ae1631f5e26cef77c268816a3ad79f4625b3298fa9fcb225e9fa6763f73de03c35522b120d6d6029a92e891d01ff2ea9488a60b2ea6e7269ba2b0ddc9cf40bbc657b244d04659c3e56d3d84e4638b0ba7d6ff323dd91ea7978964821dedc592d5b4db521b90196f1923c6ba75fc0c5c12d8d52b4f1be897700a438b4c2a88a64a7c7b7fe7b0ec48cdb858ab7415bb1532d4f680602dd71b0f6411e87adb4a1408f9742680611ba58ddea9311ff846a3cb726259e2be1ff605533a7af64fef39198435cf4a74a49da0dbfea9409a74e1ca1d2c626909fe30e3d9712b26ed975d3c5c955547e354ad321a3f581becbd89b7a4228ae089253534ab43c7eca1d5ba6661e94c20c1563557a6a2095a8f076300ebf8555e7552eea364c3adaaa287b30d740ce471df3aa4ae11b17d08a403403f86c4be1285691989bca126725f6116a39a38bc899c6db37916ebca02d54e66c8af610abc902dbfa7c2f15566fe80a53d09eeea19646e1b93744b79c58dafcbf10d9ca95474c13c7e8b47f6ab2daa22e29d595cfbbf8da3a53042c38c333ca6b90946d0ea4ce522661b6345106eba7985861a89856f3277f8840744fb22cde79f3ba4ea772090fb823fb9bbb37c7e37fddaacccd4f86530c16692c4a7be97bb4e05bd847dba66b938a50ad4d83be5d6f521ab46681ca73095a771f694858b0876239d04c2dbe9eca6763789f5b07a166e6af523d19d82d738926893ef42a42b28da92c3cef13872259f13da36c76d9e26173b1f55ffbf54c964351617bc1304c6aa6c855eb363221e77ae1acd714b441e79ca83b1cb0d48469b945f45da0169d4b785f323fa9bcab0a3d8edc5e12ac9583bcebf217b9799e63fd99502e0f2f2f06f92d979e496ccab49fa8afd9381632123becd803a875bdf672d1806ae083eab88a87803d2e62956560e0c82cceef2fe6b5e27273410ca9f939047a89b7a625074c858529416da016d161532c0c5939c6a8db07a809fba2f58ea3fa7bfc89110c2f5fbd8bd8fe54b04e1deff2064e227c97595356a03247191408efa934118abeba21b644f27b694b79ffcd1de999401fa4a1d75de7167cb4fa747824c544588c0c4d7d1e183882a731d6ee3de7bcdbf6ea9ed48739ee95e24385474bba927bb428994294430933e4a8f5bf3af094f616c0fb478b360a54c4dcfca078b0af2e83104ab0ce6f031f38a6380f11b9467cbbe03b6b47a2fe36152bd236ccd442ba540811d24846a3afeb9dd84378a93f0770d5404b8b48934de6cb6f33ef0d3c0e9f5d1d142e9441118808daf7767c4bbd8d445321461966f30322010d1c133a7926f660ab744f3c88d80f907463930a76c3f6ed1ccb0afaa5e4cd6db92d28cb6a13903e2354bcd0e45674f955d41d2ab2e7a2fe1ab666125158dd86e122bd71dfb7eaa6fe22a8c694fd4d660fda50cc6aec675377aa6b7103aabfc8b1f9fb628dfa6d4b14e16d9f3a774fb6ac3f0845210359d99c0471254eecd37b51d8b99c9d36cf327a7af2cd79e58f910805a82ae595698f1a0c084c64ab04113d18ea78f730e70c2806290071b73d7c57a7191696ddd64d6489fbe38c45c2e52c3a536cd326e81c2b7fcec5572853cf3eaca6b6a42e06fd71ce3e9239f33cfe5305a9f6a9ad392b2c82be697bc8c8784747a34f24aa479839c40318abcacdfd37978c199636ed7692ca03c4713091ff5f20c8a8be3611e97765eded9f86715fbe8393c31170f18e8c6537d5ae448c7d47f2435bdda5ff6941ccca79c65628f464355808e33c6e223c4918fb78b239a5b3af11ec58949a5c193f2f52c0ce01c8f0c68175d4b671ec7cb8180b87d40b12f4bd53352936d675f41ddc0f94c91a4a31a8c91a52516216657402c6d59d0ac26d5827dc18358f23881aad3ae68eed7e3a3d1732e9a0b720d30c887297ddaad12e27b22b989bd2be690f1ca5b46c2cb5a11deb71a3a22b546b7dc17e8abd1bb12313f62e63bec4bca3646e63a79bae9a1af83f216accc74891b4d77277e2e9fb39449aa00c69a880b6628c122e58c468f0f7f6d2d334f5f866a8c823515103dd0ef0dd08d5767159bd35c93ada9c03c8cc336283fcc647e432bd089dd83c5eb5d868c29a33e7b13d19d4f985bb7ab4c06d552f52fa3bc21498d60ddb01cf301f6ae18015952790906955b00cfe9bb347c2c6ea8b134ff446d0687bb82acf5f762c84d1f839caa48db787b3bdf05542c53f1d89bd48ba74fac9b1eec16609c36f1e4fd37b02f44f7dcdcb87541eb323ebe52ac9069302db8d4531e1413734f4fd598b09811e50f32fcb3f7e8b1c57a65bca2a8a3f2606e7e69fd7af571d0423d8f5aa620d75fc7cc858dda2106b5e396d8adcb0936432f03e369631e749372db6a0c22324b7d45be2559a013c1d7bf4271424bd91d0f476d086e063feca6bd41c0f090d8dafa9825982628c556814372f17625db12ebe939cd88cfa20622d6b417472e906b103c4b8b271504290153bb2ba815e6c476c12debfd83e744d83f3fb0711a454fc42d3fcd99befb8a6cfcd68b7f6fa174b839d225a6d1a213c909b12678b6ea8c124386cabbd561b3e9c2e1df9bf47e3682a5830f3ef5c62017dd389b8837867634723b6c6942bb4188ffd27a57757b7b870178cc7e5c600065858d79bf617219b2e5ff5cd7583a10f39fde4c3db00de38903c70e7e34b066028699a191e5fb375fd7bdc047ce64420374e5481bec4b45ed713e13d5ba378ad7521a7c5b1b8c8c8f4567959e4d0187636b567f4b8f50cc46ef42feedd0c991ac84d234ec64f562da3b3e0e0a385186bf720763afb7bb02fdbfeeed743e1161284c55b430d90c06ff37a370147efa2bc10c8853ab49454d3794b566c8ae3c724791174f655226bd5f0edc8404ceb6ccd12ebe4f3fee37889f23b3aa5a1be400aa9acdb5995ffd08ebddc5b5723a7f4bd40586745ca0f6b6f09096b29b45a2f589c510686bc597bca19687205ec7518dcb63d40dee7d572a2265bbb8cd36f2d8449ae6808268cedde480180e177f2c59cba9f1b9d86822b718f742f5d492dae706eaf296995d33aa9dc1ef4f89ba03b5ca3eda9b8a2dba86de9f7458df23e4d4de3a76da4553ac7a9ae55e0acc5afc22bd16106d28fb84ccba3829caa3a26084d6a330ff3fe3a145cb89dbf6e6d6928f0c023174dd905755c148953b78ffaa21c8ecf16209c09f0adaca356cb79544d754bf24f38f3a1f5f36031b1ce332f38d9e9c769485dd84c282e5ba0f06ec7004318a12599b4e6f25f4cc073a9a44ab6d8a12efbee008b93210b4cbd9d31f6275442d8c43db6462e8e225ab5e752440a222881cdda2fd0c06e33c2bcdc79f6eb44934e0c88e428a1e8dcf8274b4360c39cd0b24451833bd2b5762235577b8c15fc51b1655e033ed8707c6b5ceefc992e5537cc06a60c2e434faafb1fedb4646b4b9f8ca9e8b0783b65020c11e454fda2b82f2ca62d30093eef909fbed9b8a656dc4a0b4de4fb0cf238c03a1cc673c5b61a84a9fdfde9b1537a2a984f112edb35414a4ff7eaf4dc72a4992885a2b974c9505a5b3c35ad8c7a72d8f18dcf9ed31ada6be351d4e55167c8c08de0b16ff202c396f3b801f0bc69e949d98b959f4ba56f8f51bb213d6a9dba1d5d4a7dfc07e1c9903bf0ebe80a1396122ca0162ebcb6adf91868f769b1bb6e1ff923017f4809ac1a9d1cd1ce77b622095a5bfcd7f4001aebaebc816e83a43aba892f47c0411b6555084561aa4ffe91d5a5397336b02dd588b4a54234fbc4c5f0b0c7d616bb96bea92d0bfa5ed4cd964cd7c37f95f1566fad9e12d0b5789e4d591525d348e4bd079da61265412c4355cd7411fd596dda58f66f0b8e03a3ac644b4c2b9249e52b9f8bb3147471e9eb3b39411c94b8386170b99f47837f1422e3ef5af6993edd4ca4f173b88dbe2e854fc38e202143f4d06d3e0413df1155f9646a1d7e7f0eeb21fe82d887a60eacfa151ea03aa561311dd4249dc547b93d870d6be583c5bca7980fa39e44b95c51c75558dccbb8e624f7a1eca889c9f05e67281f65e33011d1d8447c0f3805005a5e671276c59d55ccbd559f6ad50f72c46a1653ba288e2b10cdeae254f71a5abaacd2955a799d0ec18433067aa2fa489dae4a51494eddbeec88cf0483a2a6cec81dd012ad4ef9cd3e10d8976d6bc2418d63eff001be16c49f147ff07a7942a176e7d10f15f29eca33285156a92ef78ee3151f4df4bf555e1c09aa0b3ac08fc9d558228780a4a71e5ee27d51f01117b34a5967a7952f182de78d993dc04653b2c264ccde0e47abfea928ec319a5b6906fa93885bd572751ee6adff9ae43143e84f458a0428f7372664c76c0acfbd82b201e4bb4f3a66ad6b184ca17d219aaef90cb8b2a6bbf7b2a1f1e9e25f9b893896cef6607ede7f852cb07551fc29dd36556bd03f1aad3581042cac4328cde41e5767231ff4f228348f588f5448576bc6cbdcadb4f0df50c7dad0805c3b9e763484f775ca30e0d876a4ef8a146ff6668a045c33c176f2607d99759981e86d7a0c5889363dc936aecd41d6eb2b75b43f3a39f8af6c494bfe960ac5baff2eadfce7c645b0a15b3e5cb2e0e5987e599b0bd9468d74ebc58768f6068cf2915eb07df58b8e9b48d34e57ba63b41d8baa5ceb70ec80e0a63e6a15c50a84563b385091fbcc500fbde203e28f8fbbb1c59244009d96494f60fc6dd2cce3f93fa36ea57234e795b491d7"}, {0x3c, 0x88, 0x1000, "6c9d3d1efd6bcf1fe5cd890641c4a519c31cefa70c9d54358fee96db56182947661c1dbaee9effc379fc1db35610"}], 0x10c8}, 0x8000) syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) [ 3446.567819][T20096] Memory cgroup stats for /syz4: cache:84KB rss:80KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3446.628376][T20096] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20096,uid=0 [ 3446.647057][T20096] Memory cgroup out of memory: Killed process 20096 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3446.703897][ T1044] oom_reaper: reaped process 20096 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 00:33:48 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x700, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:33:48 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:33:48 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000005846d0b2f03f88f5"], 0x0) 00:33:48 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(0xffffffffffffffff, 0x2) 00:33:57 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x59010000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:33:57 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)=ANY=[@ANYBLOB="000286f5"], 0x0) 00:33:57 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x900, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:33:57 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:33:57 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(0xffffffffffffffff, 0x2) 00:33:57 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xbc00000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:33:57 executing program 3: syz_emit_ethernet(0xe, &(0x7f0000000040)={@empty, @random="98bf9b9b9176", [], {@generic={0x88f5}}}, 0x0) 00:33:57 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0xa00, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:33:57 executing program 3: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x401, 0x101000) write$rfkill(r0, &(0x7f0000000080)={0x1f, 0x4, 0x2, 0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x2, [0x3, 0x100000001]}, 0x8) recvfrom$packet(r0, &(0x7f00000001c0)=""/4096, 0x1000, 0x10001, 0x0, 0x0) syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e23, @broadcast}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x100, 0x0, 0x0, 0x0, 0x1f, &(0x7f0000000100)='sit0\x00', 0x7ff, 0x10000, 0x7}) io_uring_setup(0xe61, &(0x7f00000011c0)={0x0, 0x0, 0x2, 0x3, 0x245}) 00:33:57 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0xe00, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:33:57 executing program 3: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x44000, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000080)={0x2, 0x3, 0x7, 0x1, 0x1}) syz_emit_ethernet(0x365, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0) 00:33:57 executing program 3: syz_emit_ethernet(0xb6, &(0x7f0000000080)={@empty, @dev={[], 0x28}, [], {@llc_tr={0x11, {@llc={0xd4, 0x0, ')', "ef89fbe49f026938505825acbbba1ca6938b9e1e1d33f4b298587923557d5d308782925c3666a37a9b821cf4962e25beb2c9bedb7e02fa5c25c0cba6888a8a69363a8dbc897ab22fa12278586c434fc8f18e825dae9e175883e4a8ece6cbd299e3d80e907c6c0c764f1778915aa1e7622df717e8cb6a5d0bbc3b86f363b1041e94eca6ac87b05342089ec432cd0a384b46c1d02bb8906f7ba580b52264112d29c7b5349534"}}}}}, 0x0) [ 3465.629826][T20209] IPVS: ftp: loaded support on port[0] = 21 00:34:06 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x59020000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:34:06 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x1800, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:34:06 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x0) [ 3480.158431][T20209] chnl_net:caif_netlink_parms(): no params data found [ 3480.209547][T20209] bridge0: port 1(bridge_slave_0) entered blocking state [ 3480.218987][T20209] bridge0: port 1(bridge_slave_0) entered disabled state [ 3480.229276][T20209] device bridge_slave_0 entered promiscuous mode [ 3480.240196][T20209] bridge0: port 2(bridge_slave_1) entered blocking state [ 3480.248586][T20209] bridge0: port 2(bridge_slave_1) entered disabled state [ 3480.258996][T20209] device bridge_slave_1 entered promiscuous mode [ 3480.294354][T20209] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3480.308264][T20209] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3480.340377][T20209] team0: Port device team_slave_0 added [ 3480.353078][T20209] team0: Port device team_slave_1 added [ 3480.458974][T20209] device hsr_slave_0 entered promiscuous mode [ 3480.515474][T20209] device hsr_slave_1 entered promiscuous mode [ 3480.670922][T20209] bridge0: port 2(bridge_slave_1) entered blocking state [ 3480.678072][T20209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3480.685512][T20209] bridge0: port 1(bridge_slave_0) entered blocking state [ 3480.692588][T20209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3480.928165][T20209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3481.013711][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3481.026504][T19979] bridge0: port 1(bridge_slave_0) entered disabled state [ 3481.035394][T19979] bridge0: port 2(bridge_slave_1) entered disabled state [ 3481.047739][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3481.073406][T20209] 8021q: adding VLAN 0 to HW filter on device team0 [ 3481.169748][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3481.181113][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3481.191120][T11542] bridge0: port 1(bridge_slave_0) entered blocking state [ 3481.198354][T11542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3481.269611][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3481.281765][T19979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3481.291690][T19979] bridge0: port 2(bridge_slave_1) entered blocking state [ 3481.298912][T19979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3481.395664][T11542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3481.416486][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3481.537341][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3481.548593][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3481.648120][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3481.658351][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3481.668902][T16597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3481.787713][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3481.798291][T17386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3481.818386][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3481.828426][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3481.846999][T20209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3481.962697][T20209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3482.107628][T20228] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3482.122372][T20228] CPU: 0 PID: 20228 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3482.130828][T20228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3482.141600][T20228] Call Trace: [ 3482.144919][T20228] dump_stack+0x172/0x1f0 [ 3482.149282][T20228] dump_header+0x10f/0xb6c [ 3482.153710][T20228] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3482.159530][T20228] ? ___ratelimit+0x60/0x595 [ 3482.164125][T20228] ? do_raw_spin_unlock+0x57/0x270 [ 3482.169245][T20228] oom_kill_process.cold+0x10/0x15 [ 3482.174418][T20228] out_of_memory+0x79a/0x1280 [ 3482.179132][T20228] ? lock_downgrade+0x880/0x880 [ 3482.184576][T20228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.190846][T20228] ? oom_killer_disable+0x280/0x280 [ 3482.196057][T20228] ? find_held_lock+0x35/0x130 [ 3482.200838][T20228] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3482.206397][T20228] ? memcg_event_wake+0x230/0x230 [ 3482.211437][T20228] ? do_raw_spin_unlock+0x57/0x270 [ 3482.216575][T20228] ? _raw_spin_unlock+0x2d/0x50 [ 3482.221447][T20228] try_charge+0x102c/0x15c0 [ 3482.225975][T20228] ? find_held_lock+0x35/0x130 [ 3482.231202][T20228] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3482.236768][T20228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.243026][T20228] ? kasan_check_read+0x11/0x20 [ 3482.247895][T20228] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3482.253476][T20228] mem_cgroup_try_charge+0x24d/0x5e0 [ 3482.258780][T20228] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3482.264487][T20228] __handle_mm_fault+0x1e1f/0x3ec0 [ 3482.269606][T20228] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3482.275160][T20228] ? find_held_lock+0x35/0x130 [ 3482.279946][T20228] ? handle_mm_fault+0x322/0xb30 [ 3482.284900][T20228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.291163][T20228] ? kasan_check_read+0x11/0x20 [ 3482.296040][T20228] handle_mm_fault+0x43f/0xb30 [ 3482.300819][T20228] __do_page_fault+0x5ef/0xda0 [ 3482.305599][T20228] do_page_fault+0x71/0x581 [ 3482.310106][T20228] ? page_fault+0x8/0x30 [ 3482.314358][T20228] page_fault+0x1e/0x30 [ 3482.318519][T20228] RIP: 0023:0x8055172 [ 3482.322502][T20228] Code: 00 83 c4 20 83 f8 ff 89 45 b0 0f 84 86 01 00 00 8b 45 b0 85 c0 0f 84 bb 04 00 00 8b 4d b0 8b 7d a8 8d 84 39 40 fb ff ff 89 c6 <89> 88 70 02 00 00 89 b8 74 02 00 00 89 45 b4 05 8c 00 00 00 c7 46 [ 3482.342120][T20228] RSP: 002b:000000000845fb60 EFLAGS: 00010286 [ 3482.348211][T20228] RAX: 00000000f5d74b40 RBX: 0000000000020000 RCX: 00000000f5d54000 [ 3482.356194][T20228] RDX: 0000000000000003 RSI: 00000000f5d74b40 RDI: 0000000000021000 [ 3482.364188][T20228] RBP: 000000000845fbd8 R08: 0000000000000000 R09: 0000000000000000 [ 3482.372183][T20228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3482.380180][T20228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3482.391412][T20228] memory: usage 8448kB, limit 0kB, failcnt 1716 [ 3482.398608][T20228] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3482.418950][T20228] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3482.426380][T20228] Memory cgroup stats for /syz4: cache:84KB rss:4220KB rss_huge:4096KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:4204KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3482.448581][T20228] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20228,uid=0 [ 3482.466849][T20228] Memory cgroup out of memory: Killed process 20228 (syz-executor.4) total-vm:72320kB, anon-rss:4176kB, file-rss:34816kB, shmem-rss:0kB [ 3482.486766][ T1044] oom_reaper: reaped process 20228 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 00:34:16 executing program 2: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$NBD_SET_SOCK(r0, 0xab00, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0xbc01000000000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:34:16 executing program 3: syz_emit_ethernet(0x365, &(0x7f0000000040)={@empty, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x0, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e20, @remote}, 0x10, 0x0, 0x0, 0x0, 0xca, &(0x7f0000000000)='bpq0\x00', 0x3, 0x3, 0x2}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x5, 0x4) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000140)={{0x2, 0x4e22, @empty}, {0x6, @local}, 0x48, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x16}}, 'veth0_to_bond\x00'}) 00:34:16 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='/dev/rfkill\x00') ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x2a}, @mcast1, @mcast1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000280}) syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x5a000000, 0x21000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x22, 0x1, 0x6000, 0x0, {0x4}}, 0x14}}, 0x0) 00:34:16 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x1802, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:34:16 executing program 4: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$kcm(0x11, 0x4, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r4}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xb2) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x42f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.stat\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x200000, 0x0) write$cgroup_int(r3, 0x0, 0x0) openat$cgroup(r1, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0xb1) 00:34:16 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x0) [ 3482.852073][T20209] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3482.862944][T20209] CPU: 0 PID: 20209 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #84 [ 3482.870940][T20209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3482.870947][T20209] Call Trace: [ 3482.870990][T20209] dump_stack+0x172/0x1f0 [ 3482.888696][T20209] dump_header+0x10f/0xb6c [ 3482.893138][T20209] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3482.898984][T20209] ? ___ratelimit+0x60/0x595 [ 3482.903607][T20209] ? do_raw_spin_unlock+0x57/0x270 [ 3482.908746][T20209] oom_kill_process.cold+0x10/0x15 [ 3482.913881][T20209] out_of_memory+0x79a/0x1280 [ 3482.918576][T20209] ? lock_downgrade+0x880/0x880 [ 3482.923437][T20209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.929692][T20209] ? oom_killer_disable+0x280/0x280 [ 3482.929708][T20209] ? find_held_lock+0x35/0x130 [ 3482.929735][T20209] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3482.929749][T20209] ? memcg_event_wake+0x230/0x230 [ 3482.929780][T20209] ? do_raw_spin_unlock+0x57/0x270 [ 3482.955429][T20209] ? _raw_spin_unlock+0x2d/0x50 [ 3482.960310][T20209] try_charge+0x102c/0x15c0 [ 3482.960325][T20209] ? find_held_lock+0x35/0x130 [ 3482.960346][T20209] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3482.960365][T20209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.960385][T20209] ? kasan_check_read+0x11/0x20 [ 3482.960403][T20209] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3482.960422][T20209] mem_cgroup_try_charge+0x24d/0x5e0 [ 3482.960444][T20209] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3482.960476][T20209] __handle_mm_fault+0x1e1f/0x3ec0 [ 3482.991930][T20209] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3482.991954][T20209] ? find_held_lock+0x35/0x130 [ 3483.007986][T20209] ? handle_mm_fault+0x322/0xb30 [ 3483.008014][T20209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3483.008035][T20209] ? kasan_check_read+0x11/0x20 [ 3483.008054][T20209] handle_mm_fault+0x43f/0xb30 [ 3483.008074][T20209] __do_page_fault+0x5ef/0xda0 [ 3483.008096][T20209] do_page_fault+0x71/0x581 [ 3483.008119][T20209] ? page_fault+0x8/0x30 [ 3483.044344][T20209] page_fault+0x1e/0x30 [ 3483.044358][T20209] RIP: 0023:0x804afea [ 3483.044375][T20209] Code: 03 00 83 c4 1c c3 83 ec 0c 68 9f 3a 0d 08 e8 4d e7 ff ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec 7c 10 00 00 <89> 44 24 04 8d 6c 24 6c c7 44 24 0c 00 00 00 00 65 a1 14 00 00 00 [ 3483.044382][T20209] RSP: 002b:000000000845ed10 EFLAGS: 00010202 [ 3483.044394][T20209] RAX: 000000000845fde0 RBX: 0000000000000017 RCX: 000000000845fd80 00:34:16 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x1ce7, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3483.044402][T20209] RDX: 000000000000000c RSI: 000000000035218d RDI: 0000000000000000 [ 3483.044410][T20209] RBP: 0000000000000017 R08: 0000000000000000 R09: 0000000000000000 [ 3483.044417][T20209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3483.044424][T20209] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:34:16 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x2000, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) [ 3483.224206][T20209] memory: usage 4096kB, limit 0kB, failcnt 1727 [ 3483.236876][T20209] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3483.251593][T20209] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3483.263819][T20209] Memory cgroup stats for /syz4: cache:84KB rss:56KB rss_huge:0KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3483.294442][T20209] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20209,uid=0 [ 3483.310858][T20209] Memory cgroup out of memory: Killed process 20209 (syz-executor.4) total-vm:72056kB, anon-rss:64kB, file-rss:34832kB, shmem-rss:0kB [ 3483.334652][ T1044] oom_reaper: reaped process 20209 (syz-executor.4), now anon-rss:0kB, file-rss:34156kB, shmem-rss:0kB 00:34:17 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x2ee0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:34:17 executing program 0: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xb2) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x42f) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x3f00, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) 00:34:17 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) poll(&(0x7f0000000200)=[{r1, 0x10}, {r1}], 0x2, 0x5193) shutdown(r0, 0x0) 00:34:17 executing program 3: syz_emit_ethernet(0xe, &(0x7f0000000040)={@broadcast, @random="5853d0b2f03f", [], {@generic={0x88f5}}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) [ 3484.353993][ T6994] device bridge_slave_1 left promiscuous mode [ 3484.360348][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3484.455920][ T6994] device bridge_slave_0 left promiscuous mode [ 3484.463300][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3484.538356][ T6994] device bridge_slave_1 left promiscuous mode [ 3484.555640][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3484.606763][ T6994] device bridge_slave_0 left promiscuous mode [ 3484.617084][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3484.739352][ T6994] device bridge_slave_1 left promiscuous mode [ 3484.746688][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3484.867668][ T6994] device bridge_slave_0 left promiscuous mode [ 3484.875088][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3484.919247][ T6994] device bridge_slave_1 left promiscuous mode [ 3484.926884][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.002342][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.009582][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.079367][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.086821][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.147157][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.153969][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.224083][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.231076][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.287860][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.294833][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.349025][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.355975][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.447185][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.454598][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.508684][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.515943][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.648049][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.654856][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.719442][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.726394][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.778258][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.785085][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.839139][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.846065][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3485.896692][ T6994] device bridge_slave_0 left promiscuous mode [ 3485.903163][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3485.978424][ T6994] device bridge_slave_1 left promiscuous mode [ 3485.985348][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.037076][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.043399][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.107348][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.113984][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.168511][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.175290][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.239461][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.246337][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.306807][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.313122][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.358511][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.365346][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.426753][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.433086][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.478473][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.485284][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.537611][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.544307][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.599143][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.606575][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.657703][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.665558][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.787151][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.843375][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3486.886807][ T6994] device bridge_slave_0 left promiscuous mode [ 3486.893282][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3486.958472][ T6994] device bridge_slave_1 left promiscuous mode [ 3486.967440][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3487.027630][ T6994] device bridge_slave_0 left promiscuous mode [ 3487.037160][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3487.101094][ T6994] device bridge_slave_1 left promiscuous mode [ 3487.108545][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3487.185642][ T6994] device bridge_slave_0 left promiscuous mode [ 3487.191969][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3487.282725][ T6994] device bridge_slave_1 left promiscuous mode [ 3487.289626][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3487.377116][ T6994] device bridge_slave_0 left promiscuous mode [ 3487.384091][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3487.428545][ T6994] device bridge_slave_1 left promiscuous mode [ 3487.436014][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3487.517137][ T6994] device bridge_slave_0 left promiscuous mode [ 3487.524348][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3487.648447][ T6994] device bridge_slave_1 left promiscuous mode [ 3487.655869][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3487.734161][ T6994] device bridge_slave_0 left promiscuous mode [ 3487.742615][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3487.790291][ T6994] device bridge_slave_1 left promiscuous mode [ 3487.797772][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3487.996949][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.003258][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3488.088347][ T6994] device bridge_slave_1 left promiscuous mode [ 3488.095540][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3488.147191][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.155287][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3488.258921][ T6994] device bridge_slave_1 left promiscuous mode [ 3488.266325][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3488.317396][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.324613][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3488.419052][ T6994] device bridge_slave_1 left promiscuous mode [ 3488.426218][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3488.505104][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.511439][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3488.558323][ T6994] device bridge_slave_1 left promiscuous mode [ 3488.564793][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3488.666602][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.672939][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3488.746808][ T6994] device bridge_slave_1 left promiscuous mode [ 3488.753130][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3488.845690][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.852038][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3488.928678][ T6994] device bridge_slave_1 left promiscuous mode [ 3488.936185][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3488.987088][ T6994] device bridge_slave_0 left promiscuous mode [ 3488.994159][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3489.139696][ T6994] device bridge_slave_1 left promiscuous mode [ 3489.147604][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3489.359208][ T6994] device bridge_slave_0 left promiscuous mode [ 3489.366217][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3489.458740][ T6994] device bridge_slave_1 left promiscuous mode [ 3489.466843][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3489.536889][ T6994] device bridge_slave_0 left promiscuous mode [ 3489.543210][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3489.698196][ T6994] device bridge_slave_1 left promiscuous mode [ 3489.705545][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3489.850673][ T6994] device bridge_slave_0 left promiscuous mode [ 3489.858770][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3489.908139][ T6994] device bridge_slave_1 left promiscuous mode [ 3489.915490][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3490.006496][ T6994] device bridge_slave_0 left promiscuous mode [ 3490.012809][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3490.058359][ T6994] device bridge_slave_1 left promiscuous mode [ 3490.065581][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3490.106619][ T6994] device bridge_slave_0 left promiscuous mode [ 3490.112939][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3490.218363][ T6994] device bridge_slave_1 left promiscuous mode [ 3490.225873][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3490.276734][ T6994] device bridge_slave_0 left promiscuous mode [ 3490.283071][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3490.398461][ T6994] device bridge_slave_1 left promiscuous mode [ 3490.405664][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3490.526350][ T6994] device bridge_slave_0 left promiscuous mode [ 3490.532682][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3490.680502][ T6994] device bridge_slave_1 left promiscuous mode [ 3490.687887][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3490.816637][ T6994] device bridge_slave_0 left promiscuous mode [ 3490.822964][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3490.918199][ T6994] device bridge_slave_1 left promiscuous mode [ 3490.925385][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3490.976518][ T6994] device bridge_slave_0 left promiscuous mode [ 3490.982850][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3491.058350][ T6994] device bridge_slave_1 left promiscuous mode [ 3491.065612][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3491.126689][ T6994] device bridge_slave_0 left promiscuous mode [ 3491.133045][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3491.268027][ T6994] device bridge_slave_1 left promiscuous mode [ 3491.275490][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3491.336819][ T6994] device bridge_slave_0 left promiscuous mode [ 3491.343141][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3491.439857][ T6994] device bridge_slave_1 left promiscuous mode [ 3491.447127][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3491.516504][ T6994] device bridge_slave_0 left promiscuous mode [ 3491.522830][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3491.667973][ T6994] device bridge_slave_1 left promiscuous mode [ 3491.676108][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3491.726719][ T6994] device bridge_slave_0 left promiscuous mode [ 3491.733042][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3491.848047][ T6994] device bridge_slave_1 left promiscuous mode [ 3491.856024][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3491.956926][ T6994] device bridge_slave_0 left promiscuous mode [ 3491.963294][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3492.047910][ T6994] device bridge_slave_1 left promiscuous mode [ 3492.055098][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3492.179823][ T6994] device bridge_slave_0 left promiscuous mode [ 3492.187306][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3492.291293][ T6994] device bridge_slave_1 left promiscuous mode [ 3492.315150][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3492.406509][ T6994] device bridge_slave_0 left promiscuous mode [ 3492.412802][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3492.478341][ T6994] device bridge_slave_1 left promiscuous mode [ 3492.485497][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3492.576796][ T6994] device bridge_slave_0 left promiscuous mode [ 3492.583095][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3492.648000][ T6994] device bridge_slave_1 left promiscuous mode [ 3492.655338][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3492.766284][ T6994] device bridge_slave_0 left promiscuous mode [ 3492.772566][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3492.818070][ T6994] device bridge_slave_1 left promiscuous mode [ 3492.825265][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3492.916362][ T6994] device bridge_slave_0 left promiscuous mode [ 3492.922667][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3492.988064][ T6994] device bridge_slave_1 left promiscuous mode [ 3492.995254][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.066467][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.072773][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3493.128108][ T6994] device bridge_slave_1 left promiscuous mode [ 3493.135482][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.203205][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.210248][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3493.318229][ T6994] device bridge_slave_1 left promiscuous mode [ 3493.325319][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.376466][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.382783][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3493.427963][ T6994] device bridge_slave_1 left promiscuous mode [ 3493.435534][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.506663][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.513103][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3493.568018][ T6994] device bridge_slave_1 left promiscuous mode [ 3493.575162][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.617270][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.624637][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3493.718165][ T6994] device bridge_slave_1 left promiscuous mode [ 3493.725415][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.846288][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.852570][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3493.908042][ T6994] device bridge_slave_1 left promiscuous mode [ 3493.915950][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3493.975968][ T6994] device bridge_slave_0 left promiscuous mode [ 3493.982252][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3494.037891][ T6994] device bridge_slave_1 left promiscuous mode [ 3494.045046][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3494.095675][ T6994] device bridge_slave_0 left promiscuous mode [ 3494.101957][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3494.197493][ T6994] device bridge_slave_1 left promiscuous mode [ 3494.204801][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3494.276500][ T6994] device bridge_slave_0 left promiscuous mode [ 3494.282804][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3494.338142][ T6994] device bridge_slave_1 left promiscuous mode [ 3494.345319][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3494.397521][ T6994] device bridge_slave_0 left promiscuous mode [ 3494.404630][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3494.468184][ T6994] device bridge_slave_1 left promiscuous mode [ 3494.478457][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3494.546104][ T6994] device bridge_slave_0 left promiscuous mode [ 3494.552416][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3494.607694][ T6994] device bridge_slave_1 left promiscuous mode [ 3494.615064][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3494.736219][ T6994] device bridge_slave_0 left promiscuous mode [ 3494.742487][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3494.817889][ T6994] device bridge_slave_1 left promiscuous mode [ 3494.825033][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3494.896409][ T6994] device bridge_slave_0 left promiscuous mode [ 3494.902707][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3495.047857][ T6994] device bridge_slave_1 left promiscuous mode [ 3495.056590][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3495.198367][ T6994] device bridge_slave_0 left promiscuous mode [ 3495.205322][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3495.299630][ T6994] device bridge_slave_1 left promiscuous mode [ 3495.310411][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3495.426154][ T6994] device bridge_slave_0 left promiscuous mode [ 3495.432443][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3495.488127][ T6994] device bridge_slave_1 left promiscuous mode [ 3495.495325][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3495.676470][ T6994] device bridge_slave_0 left promiscuous mode [ 3495.682811][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3495.738155][ T6994] device bridge_slave_1 left promiscuous mode [ 3495.745521][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3495.826575][ T6994] device bridge_slave_0 left promiscuous mode [ 3495.832887][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3495.978003][ T6994] device bridge_slave_1 left promiscuous mode [ 3495.985226][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3496.116312][ T6994] device bridge_slave_0 left promiscuous mode [ 3496.122630][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3496.229622][ T6994] device bridge_slave_1 left promiscuous mode [ 3496.238131][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3496.289713][ T6994] device bridge_slave_0 left promiscuous mode [ 3496.296897][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3496.378532][ T6994] device bridge_slave_1 left promiscuous mode [ 3496.385879][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3496.476418][ T6994] device bridge_slave_0 left promiscuous mode [ 3496.482725][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3496.558774][ T6994] device bridge_slave_1 left promiscuous mode [ 3496.566008][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3496.656318][ T6994] device bridge_slave_0 left promiscuous mode [ 3496.662616][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3496.737959][ T6994] device bridge_slave_1 left promiscuous mode [ 3496.745283][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3496.786641][ T6994] device bridge_slave_0 left promiscuous mode [ 3496.792984][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3496.867946][ T6994] device bridge_slave_1 left promiscuous mode [ 3496.875362][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3497.006219][ T6994] device bridge_slave_0 left promiscuous mode [ 3497.012528][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3497.109393][ T6994] device bridge_slave_1 left promiscuous mode [ 3497.123368][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3497.166681][ T6994] device bridge_slave_0 left promiscuous mode [ 3497.183780][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3497.247624][ T6994] device bridge_slave_1 left promiscuous mode [ 3497.254859][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3497.356436][ T6994] device bridge_slave_0 left promiscuous mode [ 3497.362814][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3497.427786][ T6994] device bridge_slave_1 left promiscuous mode [ 3497.438095][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3497.546058][ T6994] device bridge_slave_0 left promiscuous mode [ 3497.552367][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3497.637691][ T6994] device bridge_slave_1 left promiscuous mode [ 3497.644999][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3497.706237][ T6994] device bridge_slave_0 left promiscuous mode [ 3497.712523][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3497.808303][ T6994] device bridge_slave_1 left promiscuous mode [ 3497.815513][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3497.966185][ T6994] device bridge_slave_0 left promiscuous mode [ 3497.972500][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3498.017936][ T6994] device bridge_slave_1 left promiscuous mode [ 3498.025245][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3498.156027][ T6994] device bridge_slave_0 left promiscuous mode [ 3498.162325][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3498.257944][ T6994] device bridge_slave_1 left promiscuous mode [ 3498.265281][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3498.396549][ T6994] device bridge_slave_0 left promiscuous mode [ 3498.402870][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3498.457795][ T6994] device bridge_slave_1 left promiscuous mode [ 3498.464990][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3498.506188][ T6994] device bridge_slave_0 left promiscuous mode [ 3498.512498][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3498.637939][ T6994] device bridge_slave_1 left promiscuous mode [ 3498.645298][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3498.736279][ T6994] device bridge_slave_0 left promiscuous mode [ 3498.743062][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3498.808053][ T6994] device bridge_slave_1 left promiscuous mode [ 3498.815317][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3498.886157][ T6994] device bridge_slave_0 left promiscuous mode [ 3498.893241][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3498.978300][ T6994] device bridge_slave_1 left promiscuous mode [ 3498.986339][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3499.056288][ T6994] device bridge_slave_0 left promiscuous mode [ 3499.062644][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3499.117838][ T6994] device bridge_slave_1 left promiscuous mode [ 3499.125101][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3499.166049][ T6994] device bridge_slave_0 left promiscuous mode [ 3499.172379][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3499.227849][ T6994] device bridge_slave_1 left promiscuous mode [ 3499.235052][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3499.376474][ T6994] device bridge_slave_0 left promiscuous mode [ 3499.393844][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3499.607951][ T6994] device bridge_slave_1 left promiscuous mode [ 3499.615335][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3499.677008][ T6994] device bridge_slave_0 left promiscuous mode [ 3499.683329][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3499.747862][ T6994] device bridge_slave_1 left promiscuous mode [ 3499.757090][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3499.905945][ T6994] device bridge_slave_0 left promiscuous mode [ 3499.912244][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3499.977817][ T6994] device bridge_slave_1 left promiscuous mode [ 3499.984984][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3500.086111][ T6994] device bridge_slave_0 left promiscuous mode [ 3500.092436][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3500.199039][ T6994] device bridge_slave_1 left promiscuous mode [ 3500.206408][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3500.276209][ T6994] device bridge_slave_0 left promiscuous mode [ 3500.282517][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3500.346644][ T6994] device bridge_slave_1 left promiscuous mode [ 3500.352927][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3500.416232][ T6994] device bridge_slave_0 left promiscuous mode [ 3500.422778][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3500.478349][ T6994] device bridge_slave_1 left promiscuous mode [ 3500.485625][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3500.615021][ T6994] device bridge_slave_0 left promiscuous mode [ 3500.621346][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3500.677724][ T6994] device bridge_slave_1 left promiscuous mode [ 3500.684932][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3500.776303][ T6994] device bridge_slave_0 left promiscuous mode [ 3500.783170][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3500.858227][ T6994] device bridge_slave_1 left promiscuous mode [ 3500.865817][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3500.996225][ T6994] device bridge_slave_0 left promiscuous mode [ 3501.002550][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3501.058037][ T6994] device bridge_slave_1 left promiscuous mode [ 3501.065566][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3501.145991][ T6994] device bridge_slave_0 left promiscuous mode [ 3501.152503][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3501.310622][ T6994] device bridge_slave_1 left promiscuous mode [ 3501.317804][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3501.425961][ T6994] device bridge_slave_0 left promiscuous mode [ 3501.432263][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3501.518623][ T6994] device bridge_slave_1 left promiscuous mode [ 3501.526151][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3501.615863][ T6994] device bridge_slave_0 left promiscuous mode [ 3501.622273][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3501.717938][ T6994] device bridge_slave_1 left promiscuous mode [ 3501.725198][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3501.785997][ T6994] device bridge_slave_0 left promiscuous mode [ 3501.792331][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3501.917791][ T6994] device bridge_slave_1 left promiscuous mode [ 3501.924987][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3502.025913][ T6994] device bridge_slave_0 left promiscuous mode [ 3502.032220][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3502.087982][ T6994] device bridge_slave_1 left promiscuous mode [ 3502.095430][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3502.166639][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3502.249028][ T6994] device bridge_slave_1 left promiscuous mode [ 3502.256266][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3502.415929][ T6994] device bridge_slave_0 left promiscuous mode [ 3502.422225][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3502.527846][ T6994] device bridge_slave_1 left promiscuous mode [ 3502.536383][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3502.667241][ T6994] device bridge_slave_0 left promiscuous mode [ 3502.674244][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3502.728699][ T6994] device bridge_slave_1 left promiscuous mode [ 3502.736836][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3502.799851][ T6994] device bridge_slave_0 left promiscuous mode [ 3502.807016][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3502.857553][ T6994] device bridge_slave_1 left promiscuous mode [ 3502.864827][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3502.927053][ T6994] device bridge_slave_0 left promiscuous mode [ 3502.933399][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3503.077088][ T6994] device bridge_slave_1 left promiscuous mode [ 3503.084155][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3503.175854][ T6994] device bridge_slave_0 left promiscuous mode [ 3503.182138][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3503.247642][ T6994] device bridge_slave_1 left promiscuous mode [ 3503.254846][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3503.316113][ T6994] device bridge_slave_0 left promiscuous mode [ 3503.322425][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3503.407728][ T6994] device bridge_slave_1 left promiscuous mode [ 3503.415032][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3503.456217][ T6994] device bridge_slave_0 left promiscuous mode [ 3503.462539][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3503.538003][ T6994] device bridge_slave_1 left promiscuous mode [ 3503.545280][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3503.586187][ T6994] device bridge_slave_0 left promiscuous mode [ 3503.593302][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3503.717822][ T6994] device bridge_slave_1 left promiscuous mode [ 3503.725041][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3503.816232][ T6994] device bridge_slave_0 left promiscuous mode [ 3503.822599][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3503.887828][ T6994] device bridge_slave_1 left promiscuous mode [ 3503.895359][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3503.985156][ T6994] device bridge_slave_0 left promiscuous mode [ 3503.991478][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3504.057777][ T6994] device bridge_slave_1 left promiscuous mode [ 3504.065008][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3504.125754][ T6994] device bridge_slave_0 left promiscuous mode [ 3504.132070][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3504.238611][ T6994] device bridge_slave_1 left promiscuous mode [ 3504.245977][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3504.296229][ T6994] device bridge_slave_0 left promiscuous mode [ 3504.302604][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3504.427942][ T6994] device bridge_slave_1 left promiscuous mode [ 3504.435294][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3504.536121][ T6994] device bridge_slave_0 left promiscuous mode [ 3504.542455][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3504.587903][ T6994] device bridge_slave_1 left promiscuous mode [ 3504.595334][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3504.686010][ T6994] device bridge_slave_0 left promiscuous mode [ 3504.692952][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3504.757873][ T6994] device bridge_slave_1 left promiscuous mode [ 3504.765345][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3504.885803][ T6994] device bridge_slave_0 left promiscuous mode [ 3504.892106][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.008518][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.015787][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3505.096686][ T6994] device bridge_slave_0 left promiscuous mode [ 3505.104590][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.188217][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.199063][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3505.295628][ T6994] device bridge_slave_0 left promiscuous mode [ 3505.301949][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.368057][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.375344][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3505.426049][ T6994] device bridge_slave_0 left promiscuous mode [ 3505.432490][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.557049][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.563364][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3505.605628][ T6994] device bridge_slave_0 left promiscuous mode [ 3505.611990][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.677558][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.684990][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3505.755714][ T6994] device bridge_slave_0 left promiscuous mode [ 3505.762139][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.807712][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.815088][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3505.866643][ T6994] device bridge_slave_0 left promiscuous mode [ 3505.872918][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3505.927787][ T6994] device bridge_slave_1 left promiscuous mode [ 3505.935071][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.024015][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.030264][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3506.097584][ T6994] device bridge_slave_1 left promiscuous mode [ 3506.104862][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.155973][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.162297][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3506.276384][ T6994] device bridge_slave_1 left promiscuous mode [ 3506.282645][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.328027][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.335146][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3506.477623][ T6994] device bridge_slave_1 left promiscuous mode [ 3506.484882][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.555108][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.561407][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3506.619184][ T6994] device bridge_slave_1 left promiscuous mode [ 3506.626394][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.675803][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.682086][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3506.737633][ T6994] device bridge_slave_1 left promiscuous mode [ 3506.745080][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.805907][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.812217][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3506.867780][ T6994] device bridge_slave_1 left promiscuous mode [ 3506.874952][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3506.975630][ T6994] device bridge_slave_0 left promiscuous mode [ 3506.982113][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3507.057288][ T6994] device bridge_slave_1 left promiscuous mode [ 3507.070365][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3507.115872][ T6994] device bridge_slave_0 left promiscuous mode [ 3507.154500][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3507.247545][ T6994] device bridge_slave_1 left promiscuous mode [ 3507.254901][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3507.305802][ T6994] device bridge_slave_0 left promiscuous mode [ 3507.312646][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3507.476650][ T6994] device bridge_slave_1 left promiscuous mode [ 3507.482972][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3507.545436][ T6994] device bridge_slave_0 left promiscuous mode [ 3507.551728][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3507.687496][ T6994] device bridge_slave_1 left promiscuous mode [ 3507.694677][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3507.756658][ T6994] device bridge_slave_0 left promiscuous mode [ 3507.762973][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3507.817603][ T6994] device bridge_slave_1 left promiscuous mode [ 3507.824923][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3507.985603][ T6994] device bridge_slave_0 left promiscuous mode [ 3507.992081][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3508.097468][ T6994] device bridge_slave_1 left promiscuous mode [ 3508.104607][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3508.175775][ T6994] device bridge_slave_0 left promiscuous mode [ 3508.182050][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3508.297508][ T6994] device bridge_slave_1 left promiscuous mode [ 3508.304892][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3508.415555][ T6994] device bridge_slave_0 left promiscuous mode [ 3508.421868][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3508.487579][ T6994] device bridge_slave_1 left promiscuous mode [ 3508.494778][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3508.575682][ T6994] device bridge_slave_0 left promiscuous mode [ 3508.581989][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3508.657707][ T6994] device bridge_slave_1 left promiscuous mode [ 3508.666210][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3508.775544][ T6994] device bridge_slave_0 left promiscuous mode [ 3508.781844][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3508.887576][ T6994] device bridge_slave_1 left promiscuous mode [ 3508.894812][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3508.965465][ T6994] device bridge_slave_0 left promiscuous mode [ 3508.971804][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3509.067501][ T6994] device bridge_slave_1 left promiscuous mode [ 3509.074670][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3509.135554][ T6994] device bridge_slave_0 left promiscuous mode [ 3509.141865][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3509.227626][ T6994] device bridge_slave_1 left promiscuous mode [ 3509.235079][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3509.295736][ T6994] device bridge_slave_0 left promiscuous mode [ 3509.302044][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3509.417438][ T6994] device bridge_slave_1 left promiscuous mode [ 3509.424620][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3509.495639][ T6994] device bridge_slave_0 left promiscuous mode [ 3509.501958][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3509.627496][ T6994] device bridge_slave_1 left promiscuous mode [ 3509.634642][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3509.706510][ T6994] device bridge_slave_0 left promiscuous mode [ 3509.712792][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3509.797883][ T6994] device bridge_slave_1 left promiscuous mode [ 3509.805154][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3509.875679][ T6994] device bridge_slave_0 left promiscuous mode [ 3509.882438][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3509.930113][ T6994] device bridge_slave_1 left promiscuous mode [ 3509.937418][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.024986][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.031327][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.078623][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.086077][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.175576][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.182019][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.238111][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.245425][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.305769][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.312068][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.377452][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.384623][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.445699][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.451976][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.567925][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.575160][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.625524][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.632079][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.697597][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.704745][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.748539][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.755576][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.807655][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.815321][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3510.885822][ T6994] device bridge_slave_0 left promiscuous mode [ 3510.892116][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3510.947751][ T6994] device bridge_slave_1 left promiscuous mode [ 3510.955196][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 3511.035488][ T6994] device bridge_slave_0 left promiscuous mode [ 3511.041745][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 3644.234738][ T1043] INFO: task kworker/1:1:16597 blocked for more than 143 seconds. [ 3644.242620][ T1043] Not tainted 5.1.0-rc6+ #84 [ 3644.253499][ T1043] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3644.262187][ T1043] kworker/1:1 D26416 16597 2 0x80000000 [ 3644.293695][ T1043] Workqueue: events switchdev_deferred_process_work [ 3644.300328][ T1043] Call Trace: [ 3644.315295][ T1043] __schedule+0x813/0x1cc0 [ 3644.319755][ T1043] ? __mutex_lock+0x721/0x1310 [ 3644.324686][ T1043] ? __sched_text_start+0x8/0x8 [ 3644.329556][ T1043] schedule+0x92/0x180 [ 3644.335056][ T1043] schedule_preempt_disabled+0x13/0x20 [ 3644.340545][ T1043] __mutex_lock+0x726/0x1310 [ 3644.345592][ T1043] ? rtnl_lock+0x17/0x20 [ 3644.349861][ T1043] ? mutex_trylock+0x1e0/0x1e0 [ 3644.355033][ T1043] ? mark_held_locks+0xf0/0xf0 [ 3644.359818][ T1043] ? process_one_work+0x890/0x1790 [ 3644.365449][ T1043] mutex_lock_nested+0x16/0x20 [ 3644.370237][ T1043] ? mutex_lock_nested+0x16/0x20 [ 3644.376284][ T1043] rtnl_lock+0x17/0x20 [ 3644.380373][ T1043] switchdev_deferred_process_work+0xe/0x20 [ 3644.387552][ T1043] process_one_work+0x98e/0x1790 [ 3644.392518][ T1043] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3644.398286][ T1043] ? lock_acquire+0x16f/0x3f0 [ 3644.402987][ T1043] worker_thread+0x98/0xe40 [ 3644.408012][ T1043] ? trace_hardirqs_on+0x67/0x230 [ 3644.413065][ T1043] kthread+0x357/0x430 [ 3644.417552][ T1043] ? process_one_work+0x1790/0x1790 [ 3644.422761][ T1043] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3644.429445][ T1043] ret_from_fork+0x3a/0x50 [ 3644.443848][ T1043] INFO: task kworker/1:2:17386 blocked for more than 143 seconds. [ 3644.451678][ T1043] Not tainted 5.1.0-rc6+ #84 [ 3644.473709][ T1043] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3644.482425][ T1043] kworker/1:2 D26656 17386 2 0x80000000 [ 3644.502680][ T1043] Workqueue: events linkwatch_event [ 3644.514334][ T1043] Call Trace: [ 3644.517670][ T1043] __schedule+0x813/0x1cc0 [ 3644.522101][ T1043] ? __mutex_lock+0x721/0x1310 [ 3644.543511][ T1043] ? __sched_text_start+0x8/0x8 [ 3644.548414][ T1043] schedule+0x92/0x180 [ 3644.552501][ T1043] schedule_preempt_disabled+0x13/0x20 [ 3644.573507][ T1043] __mutex_lock+0x726/0x1310 [ 3644.578143][ T1043] ? rtnl_lock+0x17/0x20 [ 3644.582391][ T1043] ? mutex_trylock+0x1e0/0x1e0 [ 3644.603576][ T1043] ? mark_held_locks+0xf0/0xf0 [ 3644.608386][ T1043] ? process_one_work+0x890/0x1790 [ 3644.623514][ T1043] mutex_lock_nested+0x16/0x20 [ 3644.628406][ T1043] ? mutex_lock_nested+0x16/0x20 [ 3644.633349][ T1043] rtnl_lock+0x17/0x20 [ 3644.643596][ T1043] linkwatch_event+0xf/0x70 [ 3644.648129][ T1043] process_one_work+0x98e/0x1790 [ 3644.653079][ T1043] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3644.673604][ T1043] ? lock_acquire+0x16f/0x3f0 [ 3644.678351][ T1043] worker_thread+0x98/0xe40 [ 3644.682971][ T1043] ? trace_hardirqs_on+0x67/0x230 [ 3644.703501][ T1043] kthread+0x357/0x430 [ 3644.707625][ T1043] ? process_one_work+0x1790/0x1790 [ 3644.712827][ T1043] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3644.743529][ T1043] ret_from_fork+0x3a/0x50 [ 3644.748322][ T1043] INFO: task syz-executor.2:20260 blocked for more than 143 seconds. [ 3644.763501][ T1043] Not tainted 5.1.0-rc6+ #84 [ 3644.768628][ T1043] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3644.793995][ T1043] syz-executor.2 D25832 20260 7948 0x20020004 [ 3644.800386][ T1043] Call Trace: [ 3644.813534][ T1043] __schedule+0x813/0x1cc0 [ 3644.817987][ T1043] ? __mutex_lock+0x721/0x1310 [ 3644.822757][ T1043] ? __sched_text_start+0x8/0x8 [ 3644.843483][ T1043] schedule+0x92/0x180 [ 3644.847596][ T1043] schedule_preempt_disabled+0x13/0x20 [ 3644.853057][ T1043] __mutex_lock+0x726/0x1310 [ 3644.873584][ T1043] ? rtnl_lock+0x17/0x20 [ 3644.877879][ T1043] ? mutex_trylock+0x1e0/0x1e0 [ 3644.882644][ T1043] ? lock_downgrade+0x880/0x880 [ 3644.903711][ T1043] ? kasan_check_write+0x14/0x20 [ 3644.908781][ T1043] ? up_read+0x131/0x180 [ 3644.913033][ T1043] mutex_lock_nested+0x16/0x20 [ 3644.933550][ T1043] ? mutex_lock_nested+0x16/0x20 [ 3644.938530][ T1043] rtnl_lock+0x17/0x20 [ 3644.942619][ T1043] ieee80211_register_hw+0x1a47/0x3c00 [ 3644.948740][ T1043] ? ieee80211_ifa_changed+0xc70/0xc70 [ 3644.954799][ T1043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3644.961056][ T1043] ? __hrtimer_init+0xe1/0x250 [ 3644.966274][ T1043] ? hrtimer_init+0x8b/0x300 [ 3644.970912][ T1043] ? mac80211_hwsim_set_tsf+0x220/0x220 [ 3644.977105][ T1043] mac80211_hwsim_new_radio+0x2008/0x3ed0 [ 3644.982844][ T1043] ? mark_held_locks+0xa4/0xf0 [ 3645.003582][ T1043] ? hwsim_tx_info_frame_received_nl+0x15b0/0x15b0 [ 3645.010136][ T1043] hwsim_new_radio_nl+0x9e3/0x1070 [ 3645.015868][ T1043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3645.022299][ T1043] ? mac80211_hwsim_new_radio+0x3ed0/0x3ed0 [ 3645.028665][ T1043] genl_family_rcv_msg+0x6e1/0xd90 [ 3645.034286][ T1043] ? genl_unregister_family+0x790/0x790 [ 3645.039860][ T1043] ? __dev_queue_xmit+0xb8a/0x3060 [ 3645.045454][ T1043] ? find_held_lock+0x35/0x130 [ 3645.063494][ T1043] genl_rcv_msg+0xca/0x16c [ 3645.067944][ T1043] netlink_rcv_skb+0x17a/0x460 [ 3645.072709][ T1043] ? genl_family_rcv_msg+0xd90/0xd90 [ 3645.093616][ T1043] ? netlink_ack+0xb50/0xb50 [ 3645.098270][ T1043] genl_rcv+0x29/0x40 [ 3645.102258][ T1043] netlink_unicast+0x536/0x720 [ 3645.123621][ T1043] ? netlink_attachskb+0x770/0x770 [ 3645.128793][ T1043] netlink_sendmsg+0x8ae/0xd70 [ 3645.143783][ T1043] ? netlink_unicast+0x720/0x720 [ 3645.148876][ T1043] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3645.155122][ T1043] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3645.160605][ T1043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3645.167351][ T1043] ? security_socket_sendmsg+0x93/0xc0 [ 3645.172853][ T1043] ? netlink_unicast+0x720/0x720 [ 3645.178284][ T1043] sock_sendmsg+0xdd/0x130 [ 3645.182725][ T1043] ___sys_sendmsg+0x806/0x930 [ 3645.187993][ T1043] ? copy_msghdr_from_user+0x430/0x430 [ 3645.203533][ T1043] ? kasan_check_read+0x11/0x20 [ 3645.208476][ T1043] ? __fget+0x381/0x550 [ 3645.212645][ T1043] ? ksys_dup3+0x3e0/0x3e0 [ 3645.217614][ T1043] ? lock_downgrade+0x880/0x880 [ 3645.222488][ T1043] ? __fget_light+0x1a9/0x230 [ 3645.227706][ T1043] ? __fdget+0x1b/0x20 [ 3645.231793][ T1043] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3645.238512][ T1043] __sys_sendmsg+0x105/0x1d0 [ 3645.243118][ T1043] ? __ia32_sys_shutdown+0x80/0x80 [ 3645.248678][ T1043] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3645.254744][ T1043] ? do_fast_syscall_32+0xd1/0xc98 [ 3645.259869][ T1043] ? entry_SYSENTER_compat+0x70/0x7f [ 3645.275034][ T1043] ? do_fast_syscall_32+0xd1/0xc98 [ 3645.280200][ T1043] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 3645.303618][ T1043] do_fast_syscall_32+0x281/0xc98 [ 3645.308711][ T1043] entry_SYSENTER_compat+0x70/0x7f [ 3645.323478][ T1043] RIP: 0023:0xf7f7f869 [ 3645.327595][ T1043] Code: Bad RIP value. [ 3645.331661][ T1043] RSP: 002b:00000000f5d390cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 3645.353779][ T1043] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000080 [ 3645.361817][ T1043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3645.383534][ T1043] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3645.391562][ T1043] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3645.423495][ T1043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3645.431638][ T1043] INFO: task syz-executor.1:20267 blocked for more than 144 seconds. [ 3645.443508][ T1043] Not tainted 5.1.0-rc6+ #84 [ 3645.448631][ T1043] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3645.473493][ T1043] syz-executor.1 D28504 20267 7946 0x20020004 [ 3645.479972][ T1043] Call Trace: [ 3645.483281][ T1043] __schedule+0x813/0x1cc0 [ 3645.493501][ T1043] ? __mutex_lock+0x721/0x1310 [ 3645.498354][ T1043] ? __sched_text_start+0x8/0x8 [ 3645.503228][ T1043] schedule+0x92/0x180 [ 3645.523523][ T1043] schedule_preempt_disabled+0x13/0x20 [ 3645.529067][ T1043] __mutex_lock+0x726/0x1310 [ 3645.534137][ T1043] ? genl_rcv_msg+0x13e/0x16c [ 3645.538833][ T1043] ? trace_hardirqs_on+0x67/0x230 [ 3645.553477][ T1043] ? mutex_trylock+0x1e0/0x1e0 [ 3645.558323][ T1043] ? __dev_queue_xmit+0xb8a/0x3060 [ 3645.563911][ T1043] ? __lock_acquire+0x548/0x3fb0 [ 3645.568967][ T1043] mutex_lock_nested+0x16/0x20 [ 3645.574230][ T1043] ? mutex_lock_nested+0x16/0x20 [ 3645.579177][ T1043] genl_rcv_msg+0x13e/0x16c [ 3645.584294][ T1043] netlink_rcv_skb+0x17a/0x460 [ 3645.589074][ T1043] ? genl_family_rcv_msg+0xd90/0xd90 [ 3645.594894][ T1043] ? netlink_ack+0xb50/0xb50 [ 3645.599513][ T1043] genl_rcv+0x29/0x40 [ 3645.603931][ T1043] netlink_unicast+0x536/0x720 [ 3645.608713][ T1043] ? netlink_attachskb+0x770/0x770 [ 3645.614314][ T1043] ? _copy_from_iter_full+0x25d/0x900 [ 3645.619694][ T1043] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3645.625800][ T1043] ? __check_object_size+0x3d/0x42f [ 3645.631271][ T1043] netlink_sendmsg+0x8ae/0xd70 [ 3645.636405][ T1043] ? netlink_unicast+0x720/0x720 [ 3645.641356][ T1043] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3645.647482][ T1043] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3645.652952][ T1043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3645.659558][ T1043] ? security_socket_sendmsg+0x93/0xc0 [ 3645.665365][ T1043] ? netlink_unicast+0x720/0x720 [ 3645.670321][ T1043] sock_sendmsg+0xdd/0x130 [ 3645.675500][ T1043] ___sys_sendmsg+0x806/0x930 [ 3645.680195][ T1043] ? copy_msghdr_from_user+0x430/0x430 [ 3645.693471][ T1043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3645.695193][ T6994] kobject: 'vlan0' (000000006b5d72c4): kobject_uevent_env [ 3645.699822][ T1043] ? kasan_check_read+0x11/0x20 [ 3645.706966][ T6994] kobject: 'vlan0' (000000006b5d72c4): kobject_uevent_env: attempted to send uevent without kset! [ 3645.722488][ T6994] kobject: 'mesh' (00000000f24ca03c): kobject_cleanup, parent (null) [ 3645.723475][ T1043] ? __fget+0x381/0x550 [ 3645.732228][ T6994] kobject: 'mesh' (00000000f24ca03c): calling ktype release [ 3645.743494][ T1043] ? ksys_dup3+0x3e0/0x3e0 [ 3645.743513][ T6994] kobject: (00000000f24ca03c): dynamic_kobj_release [ 3645.747923][ T1043] ? find_held_lock+0x35/0x130 [ 3645.747942][ T1043] ? __fd_install+0x1bc/0x640 [ 3645.755912][ T6994] kobject: 'mesh': free name [ 3645.769614][ T6994] kobject: 'vlan0' (000000006b5d72c4): kobject_cleanup, parent (null) [ 3645.779041][ T1043] ? __fget_light+0x1a9/0x230 [ 3645.784095][ T1043] ? __fdget+0x1b/0x20 [ 3645.788175][ T1043] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3645.794768][ T6994] kobject: 'vlan0' (000000006b5d72c4): calling ktype release [ 3645.802149][ T6994] kobject: (000000006b5d72c4): dynamic_kobj_release [ 3645.809529][ T1043] ? sockfd_lookup_light+0xcb/0x180 [ 3645.815902][ T6994] kobject: 'vlan0': free name [ 3645.824265][ T1043] __sys_sendmsg+0x105/0x1d0 [ 3645.828874][ T1043] ? __ia32_sys_shutdown+0x80/0x80 [ 3645.843514][ T1043] ? lock_downgrade+0x880/0x880 [ 3645.848406][ T1043] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3645.863529][ T1043] ? _copy_from_user+0xdd/0x150 [ 3645.868426][ T1043] __ia32_compat_sys_socketcall+0x74a/0x7d0 [ 3645.883541][ T1043] ? __x32_compat_sys_recvmmsg_time32+0x150/0x150 [ 3645.890005][ T1043] ? kasan_check_write+0x14/0x20 [ 3645.913480][ T1043] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3645.918991][ T1043] ? do_fast_syscall_32+0xd1/0xc98 [ 3645.933479][ T1043] ? entry_SYSENTER_compat+0x70/0x7f [ 3645.938982][ T1043] ? do_fast_syscall_32+0xd1/0xc98 [ 3645.953487][ T1043] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3645.958824][ T1043] ? trace_hardirqs_on+0x67/0x230 [ 3645.964572][ T1043] do_fast_syscall_32+0x281/0xc98 [ 3645.969649][ T1043] entry_SYSENTER_compat+0x70/0x7f [ 3645.975183][ T1043] RIP: 0023:0xf7fb6869 [ 3645.979326][ T1043] Code: Bad RIP value. [ 3645.983390][ T1043] RSP: 002b:00000000f5d6fe40 EFLAGS: 00000286 ORIG_RAX: 0000000000000066 [ 3645.992549][ T1043] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000f5d6fe54 [ 3646.001067][ T1043] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000014 [ 3646.009467][ T1043] RBP: 00000000f5d70168 R08: 0000000000000000 R09: 0000000000000000 [ 3646.017859][ T1043] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3646.026259][ T1043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3646.034826][ T1043] [ 3646.034826][ T1043] Showing all locks held in the system: [ 3646.042563][ T1043] 1 lock held by khungtaskd/1043: [ 3646.063563][ T1043] #0: 0000000041b91f5b (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3646.073007][ T1043] 1 lock held by rsyslogd/7818: [ 3646.093471][ T1043] #0: 0000000081bda23f (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3646.102206][ T1043] 2 locks held by getty/7907: [ 3646.123734][ T1043] #0: 0000000060e929f0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.132765][ T1043] #1: 00000000be575629 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.163605][ T1043] 2 locks held by getty/7908: [ 3646.168327][ T1043] #0: 000000008351092f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.193630][ T1043] #1: 00000000e1ba5c93 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.203262][ T1043] 2 locks held by getty/7909: [ 3646.223545][ T1043] #0: 000000006f70a466 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.232551][ T1043] #1: 000000000becf1c9 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.243030][ T1043] 2 locks held by getty/7910: [ 3646.247780][ T1043] #0: 000000000d523fdf (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.256818][ T1043] #1: 000000008a3aa555 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.266453][ T1043] 2 locks held by getty/7911: [ 3646.271129][ T1043] #0: 000000006eb4b596 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.280566][ T1043] #1: 00000000d8a0309d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.290510][ T1043] 2 locks held by getty/7912: [ 3646.295522][ T1043] #0: 0000000010a2fd17 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.304988][ T1043] #1: 000000004ba992d0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.315236][ T1043] 2 locks held by getty/7913: [ 3646.319912][ T1043] #0: 000000008958f50a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3646.329422][ T1043] #1: 00000000d90fd8ba (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3646.339543][ T1043] 3 locks held by kworker/1:1/16597: [ 3646.345145][ T1043] #0: 000000005d0e82ec ((wq_completion)events){+.+.}, at: process_one_work+0x87e/0x1790 [ 3646.355435][ T1043] #1: 000000007f2a5c56 (deferred_process_work){+.+.}, at: process_one_work+0x8b4/0x1790 [ 3646.383632][ T1043] #2: 00000000ba19bf87 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3646.391687][ T1043] 4 locks held by kworker/u4:1/6994: [ 3646.403546][ T1043] 3 locks held by kworker/1:3/7937: [ 3646.408784][ T1043] #0: 00000000cd02c703 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x87e/0x1790 [ 3646.433460][ T1043] #1: 00000000b0295243 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8b4/0x1790 [ 3646.443337][ T1043] #2: 00000000ba19bf87 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3646.463676][ T1043] 3 locks held by kworker/1:4/11937: [ 3646.468984][ T1043] #0: 0000000097ff3c6e (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1cc0 [ 3646.493458][ T1043] #1: 0000000041b91f5b (rcu_read_lock){....}, at: update_curr+0x2ce/0x8a0 [ 3646.502131][ T1043] #2: 000000007a3b5aea (&base->lock){-.-.}, at: lock_timer_base+0x56/0x1b0 [ 3646.511468][ T1043] 3 locks held by kworker/1:2/17386: [ 3646.517064][ T1043] #0: 000000005d0e82ec ((wq_completion)events){+.+.}, at: process_one_work+0x87e/0x1790 [ 3646.527299][ T1043] #1: 00000000cdba6428 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8b4/0x1790 [ 3646.537507][ T1043] #2: 00000000ba19bf87 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3646.546232][ T1043] 2 locks held by kworker/u4:0/19714: [ 3646.551617][ T1043] 3 locks held by syz-executor.2/20260: [ 3646.557652][ T1043] #0: 00000000f0dd1124 (cb_lock){++++}, at: genl_rcv+0x1a/0x40 [ 3646.573475][ T1043] #1: 000000008abe70bc (genl_mutex){+.+.}, at: genl_rcv_msg+0x13e/0x16c [ 3646.582064][ T1043] #2: 00000000ba19bf87 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3646.603519][ T1043] 2 locks held by syz-executor.1/20267: [ 3646.609147][ T1043] #0: 00000000f0dd1124 (cb_lock){++++}, at: genl_rcv+0x1a/0x40 [ 3646.623486][ T1043] #1: 000000008abe70bc (genl_mutex){+.+.}, at: genl_rcv_msg+0x13e/0x16c [ 3646.631993][ T1043] [ 3646.643494][ T1043] ============================================= [ 3646.643494][ T1043] [ 3646.651957][ T1043] NMI backtrace for cpu 0 [ 3646.656381][ T1043] CPU: 0 PID: 1043 Comm: khungtaskd Not tainted 5.1.0-rc6+ #84 [ 3646.663922][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3646.673985][ T1043] Call Trace: [ 3646.677291][ T1043] dump_stack+0x172/0x1f0 [ 3646.681628][ T1043] nmi_cpu_backtrace.cold+0x63/0xa4 [ 3646.686851][ T1043] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 3646.692666][ T1043] nmi_trigger_cpumask_backtrace+0x1be/0x236 [ 3646.698661][ T1043] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3646.704562][ T1043] watchdog+0x9b7/0xec0 [ 3646.708732][ T1043] kthread+0x357/0x430 [ 3646.712803][ T1043] ? reset_hung_task_detector+0x30/0x30 [ 3646.718374][ T1043] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3646.724642][ T1043] ret_from_fork+0x3a/0x50 [ 3646.729320][ T1043] Sending NMI from CPU 0 to CPUs 1: [ 3646.735044][ C1] NMI backtrace for cpu 1 [ 3646.735051][ C1] CPU: 1 PID: 19714 Comm: kworker/u4:0 Not tainted 5.1.0-rc6+ #84 [ 3646.735057][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3646.735061][ C1] Workqueue: bat_events batadv_purge_orig [ 3646.735069][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3646.735081][ C1] Code: 48 89 e5 48 8b 4d 08 e8 d8 fe ff ff 5d c3 66 0f 1f 44 00 00 55 89 f2 89 fe bf 05 00 00 00 48 89 e5 48 8b 4d 08 e8 ba fe ff ff <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 f2 48 89 fe bf 07 00 00 00 [ 3646.735085][ C1] RSP: 0018:ffff888071967c08 EFLAGS: 00000093 [ 3646.735094][ C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff83317581 [ 3646.735099][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005 [ 3646.735104][ C1] RBP: ffff888071967c08 R08: ffff88807196c1c0 R09: ffffed100e6b2ae6 [ 3646.735109][ C1] R10: ffffed100e6b2ae5 R11: ffff88807359572b R12: ffffffff87692a80 [ 3646.735115][ C1] R13: 0000000000000001 R14: dffffc0000000000 R15: 00000000000002b3 [ 3646.735121][ C1] FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 3646.735125][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3646.735131][ C1] CR2: 000000c4263bfa50 CR3: 00000000909d8000 CR4: 00000000001406e0 [ 3646.735136][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3646.735141][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3646.735144][ C1] Call Trace: [ 3646.735148][ C1] __this_cpu_preempt_check+0x31/0x270 [ 3646.735152][ C1] ? batadv_purge_orig_ref+0xa85/0x1060 [ 3646.735156][ C1] __local_bh_enable_ip+0x1e9/0x270 [ 3646.735160][ C1] _raw_spin_unlock_bh+0x31/0x40 [ 3646.735164][ C1] batadv_purge_orig_ref+0xa85/0x1060 [ 3646.735167][ C1] batadv_purge_orig+0x1b/0x70 [ 3646.735171][ C1] process_one_work+0x98e/0x1790 [ 3646.735175][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3646.735178][ C1] ? lock_acquire+0x16f/0x3f0 [ 3646.735182][ C1] worker_thread+0x98/0xe40 [ 3646.735186][ C1] ? trace_hardirqs_on+0x67/0x230 [ 3646.735189][ C1] kthread+0x357/0x430 [ 3646.735193][ C1] ? process_one_work+0x1790/0x1790 [ 3646.735197][ C1] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3646.735201][ C1] ret_from_fork+0x3a/0x50 [ 3646.737623][ T1043] Kernel panic - not syncing: hung_task: blocked tasks [ 3646.960338][ T1043] CPU: 0 PID: 1043 Comm: khungtaskd Not tainted 5.1.0-rc6+ #84 [ 3646.967880][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3646.977942][ T1043] Call Trace: [ 3646.981256][ T1043] dump_stack+0x172/0x1f0 [ 3646.985599][ T1043] panic+0x2cb/0x65c [ 3646.989498][ T1043] ? __warn_printk+0xf3/0xf3 [ 3646.994093][ T1043] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 3646.999729][ T1043] ? ___preempt_schedule+0x16/0x18 [ 3647.004848][ T1043] ? nmi_trigger_cpumask_backtrace+0x19e/0x236 [ 3647.011010][ T1043] ? nmi_trigger_cpumask_backtrace+0x1fa/0x236 [ 3647.017175][ T1043] ? nmi_trigger_cpumask_backtrace+0x204/0x236 [ 3647.023359][ T1043] ? nmi_trigger_cpumask_backtrace+0x19e/0x236 [ 3647.029535][ T1043] watchdog+0x9c8/0xec0 [ 3647.033713][ T1043] kthread+0x357/0x430 [ 3647.037794][ T1043] ? reset_hung_task_detector+0x30/0x30 [ 3647.043350][ T1043] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3647.049640][ T1043] ret_from_fork+0x3a/0x50 [ 3647.060694][ T1043] Kernel Offset: disabled [ 3647.065028][ T1043] Rebooting in 86400 seconds..