e [ 213.835835][ T825] device bridge_slave_1 left promiscuous mode [ 213.842158][ T825] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.885123][ T825] device bridge_slave_0 left promiscuous mode [ 213.891336][ T825] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.925476][ T825] device bridge_slave_1 left promiscuous mode [ 213.931685][ T825] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.965999][ T825] device bridge_slave_0 left promiscuous mode [ 213.972231][ T825] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.224608][ T825] device hsr_slave_0 left promiscuous mode [ 219.284375][ T825] device hsr_slave_1 left promiscuous mode [ 219.351136][ T825] team0 (unregistering): Port device team_slave_1 removed [ 219.364023][ T825] team0 (unregistering): Port device team_slave_0 removed [ 219.376545][ T825] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.410837][ T825] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.472764][ T825] bond0 (unregistering): Released all slaves [ 219.625250][ T825] device hsr_slave_0 left promiscuous mode [ 219.664852][ T825] device hsr_slave_1 left promiscuous mode [ 219.713713][ T825] team0 (unregistering): Port device team_slave_1 removed [ 219.727616][ T825] team0 (unregistering): Port device team_slave_0 removed [ 219.738476][ T825] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.797761][ T825] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.866785][ T825] bond0 (unregistering): Released all slaves [ 219.994733][ T825] device hsr_slave_0 left promiscuous mode [ 220.054395][ T825] device hsr_slave_1 left promiscuous mode [ 220.121691][ T825] team0 (unregistering): Port device team_slave_1 removed [ 220.135338][ T825] team0 (unregistering): Port device team_slave_0 removed [ 220.147612][ T825] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.189949][ T825] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.256054][ T825] bond0 (unregistering): Released all slaves [ 220.354758][ T8556] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 220.365241][ T8556] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.377045][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.385904][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.394717][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 220.402997][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 220.411574][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 220.419929][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 220.429453][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 220.457320][ T8556] 8021q: adding VLAN 0 to HW filter on device batadv0 10:56:14 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) 10:56:14 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002b00)={r5, 0x5}, &(0x7f0000002b40)=0x8) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000002b80)={0x3, "0d137751063240a6b97a997bebe0c77fb38a7717901e0fbfeb9653184c4725bc", 0x7, 0x10, 0x10000, 0x4, 0x2, 0x2, 0x117e, 0x10000}) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000002c00)={0x0, 0x0, {0x4, 0xfffffffffffffffd, 0x201f, 0x8, 0xa, 0x8, 0x2, 0x5}}) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000002c80)=""/207, &(0x7f0000002d80)=0xcf) connect$inet6(0xffffffffffffffff, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:14 executing program 3: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xeefffdef) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 10:56:14 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) 10:56:14 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) 10:56:14 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 220.524002][ T8564] debugfs: File '8563' in directory 'proc' already present! [ 220.537112][ T8564] debugfs: File '8563' in directory 'proc' already present! 10:56:14 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002b00)={r5, 0x5}, &(0x7f0000002b40)=0x8) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000002b80)={0x3, "0d137751063240a6b97a997bebe0c77fb38a7717901e0fbfeb9653184c4725bc", 0x7, 0x10, 0x10000, 0x4, 0x2, 0x2, 0x117e, 0x10000}) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000002c00)={0x0, 0x0, {0x4, 0xfffffffffffffffd, 0x201f, 0x8, 0xa, 0x8, 0x2, 0x5}}) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000002c80)=""/207, &(0x7f0000002d80)=0xcf) connect$inet6(0xffffffffffffffff, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:14 executing program 3: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xeefffdef) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 10:56:14 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) [ 220.859234][ T8576] device vxcan1 entered promiscuous mode 10:56:14 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002b00)={r5, 0x5}, &(0x7f0000002b40)=0x8) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000002b80)={0x3, "0d137751063240a6b97a997bebe0c77fb38a7717901e0fbfeb9653184c4725bc", 0x7, 0x10, 0x10000, 0x4, 0x2, 0x2, 0x117e, 0x10000}) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000002c00)={0x0, 0x0, {0x4, 0xfffffffffffffffd, 0x201f, 0x8, 0xa, 0x8, 0x2, 0x5}}) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000002c80)=""/207, &(0x7f0000002d80)=0xcf) connect$inet6(0xffffffffffffffff, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:14 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) 10:56:14 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002b00)={r5, 0x5}, &(0x7f0000002b40)=0x8) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000002b80)={0x3, "0d137751063240a6b97a997bebe0c77fb38a7717901e0fbfeb9653184c4725bc", 0x7, 0x10, 0x10000, 0x4, 0x2, 0x2, 0x117e, 0x10000}) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000002c00)={0x0, 0x0, {0x4, 0xfffffffffffffffd, 0x201f, 0x8, 0xa, 0x8, 0x2, 0x5}}) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r6, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:15 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) 10:56:15 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:15 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002b00)={r5, 0x5}, &(0x7f0000002b40)=0x8) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000002b80)={0x3, "0d137751063240a6b97a997bebe0c77fb38a7717901e0fbfeb9653184c4725bc", 0x7, 0x10, 0x10000, 0x4, 0x2, 0x2, 0x117e, 0x10000}) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r6, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) [ 221.675144][ T8607] device vxcan1 entered promiscuous mode 10:56:15 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) [ 223.391366][ T8628] IPVS: ftp: loaded support on port[0] = 21 [ 223.687698][ T8628] chnl_net:caif_netlink_parms(): no params data found [ 223.736991][ T8628] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.744324][ T8628] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.752009][ T8628] device bridge_slave_0 entered promiscuous mode [ 223.760047][ T8628] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.767256][ T8628] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.775457][ T8628] device bridge_slave_1 entered promiscuous mode [ 223.795945][ T8628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.807205][ T8628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.828529][ T8628] team0: Port device team_slave_0 added [ 223.835944][ T8628] team0: Port device team_slave_1 added [ 223.897072][ T8628] device hsr_slave_0 entered promiscuous mode [ 223.954597][ T8628] device hsr_slave_1 entered promiscuous mode [ 224.005896][ T8628] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.013037][ T8628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.020495][ T8628] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.027634][ T8628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.071492][ T8628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.085635][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.094993][ T23] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.102959][ T23] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.111672][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 224.126152][ T8628] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.138514][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.147214][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.154352][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.187359][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.196053][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.203129][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.211531][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.220382][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.229028][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.237483][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.248792][ T8628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.268256][ T8628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.277888][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 10:56:18 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:18 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002b00)={r5, 0x5}, &(0x7f0000002b40)=0x8) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r6, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:18 executing program 0: ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x10000000002) 10:56:18 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) 10:56:18 executing program 1: shutdown(0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f0000000040)) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x40000, 0x0) lsetxattr$trusted_overlay_nlink(0x0, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000080)={0xb, 0x77, 0x2, 0x3e}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x80000, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') getpgrp(0xffffffffffffffff) 10:56:18 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:18 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002a80)={0x0, 0x81}, &(0x7f0000002ac0)=0x8) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:18 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000002bc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x10000000000, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r3, 0x407, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x2df38707f3c2aad3) recvfrom(r2, 0x0, 0x0, 0x40012040, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x28, &(0x7f0000000180)}, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000100)=0x1000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000002c00)={'vxcan1\x00', 0x900}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x28, &(0x7f0000000280)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)) [ 224.754773][ T8642] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 224.765145][ T8642] CPU: 1 PID: 8642 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 224.772702][ T8642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 224.782797][ T8642] Call Trace: [ 224.786108][ T8642] dump_stack+0x1d8/0x2f8 [ 224.790456][ T8642] dump_header+0xd8/0x970 [ 224.794820][ T8642] oom_kill_process+0xcd/0x320 [ 224.794834][ T8642] out_of_memory+0x5e1/0x8a0 [ 224.794847][ T8642] ? unregister_oom_notifier+0x20/0x20 [ 224.794867][ T8642] memory_max_write+0x537/0x6a0 [ 224.794890][ T8642] ? memory_max_show+0xa0/0xa0 [ 224.794904][ T8642] ? trace_hardirqs_on_caller+0x74/0x80 [ 224.794922][ T8642] ? trace_lock_acquire+0x154/0x1b0 [ 224.794936][ T8642] ? lock_acquire+0x158/0x250 [ 224.794948][ T8642] ? kernfs_fop_write+0x22e/0x4f0 [ 224.794964][ T8642] ? memory_max_show+0xa0/0xa0 [ 224.844604][ T8642] cgroup_file_write+0x27b/0x6e0 [ 224.849563][ T8642] ? cgroup_seqfile_stop+0xc0/0xc0 10:56:18 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = getpid() process_vm_writev(r4, &(0x7f00000017c0)=[{&(0x7f0000001380)=""/77, 0x4d}, {&(0x7f0000001400)=""/149, 0x95}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/174, 0xae}, {&(0x7f0000001600)=""/142, 0x8e}, {&(0x7f00000016c0)=""/230, 0xe6}], 0x6, &(0x7f0000002a40)=[{&(0x7f0000001840)=""/245, 0xf5}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/215, 0xd7}], 0x3, 0x0) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) [ 224.854707][ T8642] ? cgroup_seqfile_stop+0xc0/0xc0 [ 224.859846][ T8642] kernfs_fop_write+0x3e4/0x4f0 [ 224.864736][ T8642] ? kernfs_fop_read+0x580/0x580 [ 224.869695][ T8642] __vfs_write+0xf9/0x7d0 [ 224.874045][ T8642] ? __kernel_write+0x350/0x350 [ 224.878924][ T8642] ? __sb_start_write+0x39c/0x440 [ 224.883966][ T8642] ? __kasan_check_read+0x11/0x20 [ 224.889014][ T8642] vfs_write+0x275/0x590 [ 224.893282][ T8642] ksys_write+0x16b/0x2a0 [ 224.897629][ T8642] ? __ia32_sys_read+0x90/0x90 [ 224.902401][ T8642] ? prepare_exit_to_usermode+0x1f7/0x580 [ 224.908133][ T8642] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 224.913958][ T8642] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 224.919437][ T8642] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 224.925187][ T8642] ? do_syscall_64+0x1d/0x140 [ 224.929898][ T8642] __x64_sys_write+0x7b/0x90 [ 224.934537][ T8642] do_syscall_64+0xfe/0x140 [ 224.939176][ T8642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 224.945093][ T8642] RIP: 0033:0x459819 [ 224.949003][ T8642] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 224.968626][ T8642] RSP: 002b:00007fad3a071c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 224.977062][ T8642] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 224.985147][ T8642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 224.993239][ T8642] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 225.001243][ T8642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad3a0726d4 [ 225.009239][ T8642] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 225.017399][ T8642] memory: usage 5092kB, limit 0kB, failcnt 450009 [ 225.023991][ T8642] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 225.031107][ T8642] Memory cgroup stats for /syz2: [ 225.032541][ T8642] anon 4431872 [ 225.032541][ T8642] file 0 [ 225.032541][ T8642] kernel_stack 131072 [ 225.032541][ T8642] slab 270336 [ 225.032541][ T8642] sock 0 [ 225.032541][ T8642] shmem 0 [ 225.032541][ T8642] file_mapped 0 [ 225.032541][ T8642] file_dirty 0 [ 225.032541][ T8642] file_writeback 0 [ 225.032541][ T8642] anon_thp 4194304 [ 225.032541][ T8642] inactive_anon 0 [ 225.032541][ T8642] active_anon 4366336 [ 225.032541][ T8642] inactive_file 0 [ 225.032541][ T8642] active_file 0 [ 225.032541][ T8642] unevictable 0 [ 225.032541][ T8642] slab_reclaimable 0 [ 225.032541][ T8642] slab_unreclaimable 270336 [ 225.032541][ T8642] pgfault 297 [ 225.032541][ T8642] pgmajfault 0 [ 225.032541][ T8642] workingset_refault 0 [ 225.032541][ T8642] workingset_activate 0 [ 225.032541][ T8642] workingset_nodereclaim 0 [ 225.032541][ T8642] pgrefill 0 [ 225.032541][ T8642] pgscan 0 [ 225.032541][ T8642] pgsteal 0 [ 225.032541][ T8642] pgactivate 0 [ 225.126148][ T8642] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8640,uid=0 [ 225.142699][ T8642] Memory cgroup out of memory: Killed process 8640 (syz-executor.2) total-vm:72704kB, anon-rss:4196kB, file-rss:34816kB, shmem-rss:0kB [ 225.159415][ T1061] oom_reaper: reaped process 8640 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 10:56:19 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) getpid() r4 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:19 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) 10:56:19 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r3 = semget(0x2, 0x6, 0x20) semctl$GETPID(r3, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) write$binfmt_script(r2, &(0x7f0000001340)={'#! ', './file0', [{}, {0x20, 'security.SMACK64TRANSMUTE\x00'}, {}, {0x20, '%'}], 0xa, 'D'}, 0x2b) r4 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:19 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r2 = semget(0x2, 0x6, 0x20) semctl$GETPID(r2, 0x3, 0xb, &(0x7f0000000300)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000001300)=0xa9) r3 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:19 executing program 0: shutdown(0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f0000000040)) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000080)={0xb, 0x77, 0x2, 0x3e}, 0xb) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') getpgrp(0xffffffffffffffff) [ 226.005730][ T8628] syz-executor.2 invoked oom-killer: gfp_mask=0x40cd0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 226.018527][ T8628] CPU: 1 PID: 8628 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 226.026114][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.036188][ T8628] Call Trace: [ 226.039504][ T8628] dump_stack+0x1d8/0x2f8 [ 226.043848][ T8628] dump_header+0xd8/0x970 [ 226.048295][ T8628] oom_kill_process+0xcd/0x320 [ 226.053160][ T8628] out_of_memory+0x5e1/0x8a0 [ 226.057759][ T8628] ? unregister_oom_notifier+0x20/0x20 [ 226.063231][ T8628] ? __kasan_check_read+0x11/0x20 [ 226.068269][ T8628] try_charge+0x134a/0x17b0 [ 226.072800][ T8628] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 226.078614][ T8628] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 226.084339][ T8628] ? trace_mm_page_alloc+0x187/0x1d0 [ 226.089646][ T8628] __memcg_kmem_charge_memcg+0x78/0x180 [ 226.095233][ T8628] ? memcg_kmem_put_cache+0x50/0x50 [ 226.100435][ T8628] ? kmem_freepages+0x580/0x580 [ 226.105293][ T8628] kmem_getpages+0x411/0x970 [ 226.109892][ T8628] cache_grow_begin+0x7e/0x2c0 [ 226.114677][ T8628] ? __cpuset_node_allowed+0x198/0x530 [ 226.120164][ T8628] fallback_alloc+0x134/0x1c0 [ 226.124875][ T8628] ____cache_alloc_node+0x22a/0x250 [ 226.130127][ T8628] kmem_cache_alloc+0x157/0x2e0 [ 226.135006][ T8628] ? __d_alloc+0x2d/0x6e0 [ 226.139823][ T8628] __d_alloc+0x2d/0x6e0 [ 226.144096][ T8628] d_alloc_parallel+0xcc/0x15a0 [ 226.148974][ T8628] ? __lock_acquire+0x4750/0x4750 [ 226.154043][ T8628] ? d_hash_and_lookup+0x1c0/0x1c0 [ 226.159284][ T8628] ? lockdep_init_map+0x2a/0x680 [ 226.164260][ T8628] __lookup_slow+0xfc/0x410 [ 226.168796][ T8628] ? lookup_one_len+0x2a0/0x2a0 [ 226.173654][ T8628] ? __down_read+0x192/0x3d0 [ 226.178263][ T8628] path_mountpoint+0x29f/0x750 [ 226.183037][ T8628] ? kmem_cache_alloc+0x1e9/0x2e0 [ 226.188066][ T8628] ? getname_flags+0xba/0x640 [ 226.192761][ T8628] ? rcu_lock_release+0x30/0x30 [ 226.197630][ T8628] filename_mountpoint+0x221/0x670 [ 226.202753][ T8628] ? cache_grow_end+0x4a/0x170 [ 226.207526][ T8628] ? user_path_mountpoint_at+0x50/0x50 [ 226.213003][ T8628] ? __phys_addr_symbol+0x2f/0x70 [ 226.218036][ T8628] ? __check_object_size+0x313/0x400 [ 226.223347][ T8628] ? getname_flags+0x214/0x640 [ 226.228124][ T8628] user_path_mountpoint_at+0x39/0x50 [ 226.233440][ T8628] ksys_umount+0x169/0x10a0 [ 226.237964][ T8628] ? __kasan_check_read+0x11/0x20 [ 226.242993][ T8628] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 226.249066][ T8628] ? namespace_unlock+0x4f0/0x4f0 [ 226.254097][ T8628] ? prepare_exit_to_usermode+0x1f7/0x580 [ 226.259822][ T8628] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 226.265587][ T8628] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 226.271060][ T8628] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 226.276812][ T8628] ? do_syscall_64+0x1d/0x140 [ 226.281495][ T8628] __x64_sys_umount+0x5a/0x70 [ 226.286347][ T8628] do_syscall_64+0xfe/0x140 [ 226.290863][ T8628] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 226.296912][ T8628] RIP: 0033:0x45c247 [ 226.300810][ T8628] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 226.320876][ T8628] RSP: 002b:00007fff4fd33998 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 226.329447][ T8628] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c247 [ 226.337813][ T8628] RDX: 0000000000403470 RSI: 0000000000000002 RDI: 00007fff4fd33a40 [ 226.346250][ T8628] RBP: 0000000000000004 R08: 0000000000000000 R09: 000000000000000e [ 226.354728][ T8628] R10: 000000000000000a R11: 0000000000000206 R12: 00007fff4fd34ad0 [ 226.362861][ T8628] R13: 0000555556f65940 R14: 0000000000000000 R15: 00007fff4fd34ad0 [ 226.370948][ T8628] memory: usage 656kB, limit 0kB, failcnt 450025 [ 226.377347][ T8628] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.384255][ T8628] Memory cgroup stats for /syz2: [ 226.384371][ T8628] anon 81920 [ 226.384371][ T8628] file 0 [ 226.384371][ T8628] kernel_stack 65536 [ 226.384371][ T8628] slab 270336 [ 226.384371][ T8628] sock 0 [ 226.384371][ T8628] shmem 0 [ 226.384371][ T8628] file_mapped 0 [ 226.384371][ T8628] file_dirty 0 [ 226.384371][ T8628] file_writeback 0 [ 226.384371][ T8628] anon_thp 0 [ 226.384371][ T8628] inactive_anon 0 [ 226.384371][ T8628] active_anon 81920 [ 226.384371][ T8628] inactive_file 0 [ 226.384371][ T8628] active_file 0 [ 226.384371][ T8628] unevictable 0 [ 226.384371][ T8628] slab_reclaimable 0 [ 226.384371][ T8628] slab_unreclaimable 270336 [ 226.384371][ T8628] pgfault 363 [ 226.384371][ T8628] pgmajfault 0 [ 226.384371][ T8628] workingset_refault 0 [ 226.384371][ T8628] workingset_activate 0 [ 226.384371][ T8628] workingset_nodereclaim 0 [ 226.384371][ T8628] pgrefill 0 [ 226.384371][ T8628] pgscan 0 [ 226.384371][ T8628] pgsteal 0 [ 226.384371][ T8628] pgactivate 0 [ 226.384371][ T8628] pgdeactivate 0 [ 226.480474][ T8628] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8628,uid=0 10:56:20 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r2 = semget(0x2, 0x6, 0x20) semctl$GETPID(r2, 0x3, 0xb, &(0x7f0000000300)=""/4096) r3 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) [ 226.495896][ T8628] Memory cgroup out of memory: Killed process 8628 (syz-executor.2) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 226.510437][ T1061] oom_reaper: reaped process 8628 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 10:56:20 executing program 1: 10:56:20 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) semget(0x2, 0x6, 0x20) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:20 executing program 3: 10:56:21 executing program 3: 10:56:21 executing program 1: 10:56:21 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x18}, 0x10) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:21 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) 10:56:21 executing program 3: 10:56:22 executing program 1: 10:56:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:22 executing program 0: 10:56:22 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) prctl$PR_SET_TIMERSLACK(0x1d, 0x6) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:22 executing program 3: 10:56:22 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) 10:56:22 executing program 1: 10:56:22 executing program 3: 10:56:22 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x8, 0x4, 0x1009, 0x5, 0x0, 0x7, 0x0, 0x4}}) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:22 executing program 0: 10:56:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:22 executing program 3: 10:56:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000002500)=""/191, 0xbf}], 0x1, 0x3e) 10:56:22 executing program 0: 10:56:22 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x3) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:22 executing program 3: 10:56:22 executing program 0: 10:56:23 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) getpgrp(0xffffffffffffffff) 10:56:23 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) openat(r0, &(0x7f0000000100)='./file0\x00', 0x280001, 0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:23 executing program 3: 10:56:23 executing program 0: 10:56:23 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000680)="4c0000001200ff09ff1cfe956fa283b724a6008000000000000008000000150024001d001fc41180b598bc593ab6821148a730de33aa46ffecfde0258823dd8da49848c6cea97da172dcc121", 0x4c}], 0x1}, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x326) [ 229.592154][ T8776] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 230.475449][ T280] device bridge_slave_1 left promiscuous mode [ 230.481730][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.548190][ T280] device bridge_slave_0 left promiscuous mode [ 230.554803][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.275079][ T280] device hsr_slave_0 left promiscuous mode [ 232.317338][ T280] device hsr_slave_1 left promiscuous mode [ 232.362829][ T280] team0 (unregistering): Port device team_slave_1 removed [ 232.373780][ T280] team0 (unregistering): Port device team_slave_0 removed [ 232.385717][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.437653][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 232.501900][ T280] bond0 (unregistering): Released all slaves [ 232.603510][ T8781] IPVS: ftp: loaded support on port[0] = 21 [ 232.666112][ T8781] chnl_net:caif_netlink_parms(): no params data found [ 232.691737][ T8781] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.699032][ T8781] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.707238][ T8781] device bridge_slave_0 entered promiscuous mode [ 232.715771][ T8781] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.722847][ T8781] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.730682][ T8781] device bridge_slave_1 entered promiscuous mode [ 232.749896][ T8781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.760924][ T8781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.781657][ T8781] team0: Port device team_slave_0 added [ 232.830647][ T8781] team0: Port device team_slave_1 added [ 232.892348][ T8781] device hsr_slave_0 entered promiscuous mode [ 233.054574][ T8781] device hsr_slave_1 entered promiscuous mode [ 233.323128][ T8781] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.330292][ T8781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.337733][ T8781] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.344843][ T8781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.388196][ T8781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.401790][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.411215][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.423108][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.435357][ T8781] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.445482][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.454294][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.461379][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.472771][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.481570][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.488835][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.516414][ T8781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 233.526989][ T8781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 233.542516][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.551439][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.560359][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 233.568992][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 233.589755][ T8781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.600879][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 233.608932][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 233.788310][ T8789] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 233.798819][ T8789] CPU: 0 PID: 8789 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 233.806369][ T8789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.816449][ T8789] Call Trace: [ 233.819751][ T8789] dump_stack+0x1d8/0x2f8 [ 233.824106][ T8789] dump_header+0xd8/0x970 [ 233.828464][ T8789] oom_kill_process+0xcd/0x320 [ 233.833330][ T8789] out_of_memory+0x5e1/0x8a0 [ 233.837930][ T8789] ? unregister_oom_notifier+0x20/0x20 [ 233.843414][ T8789] ? trace_hardirqs_on+0x74/0x80 [ 233.848419][ T8789] memory_max_write+0x537/0x6a0 [ 233.853343][ T8789] ? memory_max_show+0xa0/0xa0 [ 233.858241][ T8789] ? lock_acquire+0x1b2/0x250 [ 233.862913][ T8789] ? memory_max_show+0xa0/0xa0 [ 233.867686][ T8789] cgroup_file_write+0x27b/0x6e0 [ 233.872655][ T8789] ? cgroup_seqfile_stop+0xc0/0xc0 [ 233.877798][ T8789] ? kernfs_get_active+0x1/0x2b0 [ 233.882746][ T8789] ? cgroup_seqfile_stop+0xc0/0xc0 [ 233.887868][ T8789] kernfs_fop_write+0x3e4/0x4f0 [ 233.892741][ T8789] ? kernfs_fop_read+0x580/0x580 [ 233.897676][ T8789] __vfs_write+0xf9/0x7d0 [ 233.902012][ T8789] ? __kernel_write+0x350/0x350 [ 233.906907][ T8789] ? __sb_start_write+0x39c/0x440 [ 233.911964][ T8789] vfs_write+0x275/0x590 [ 233.916320][ T8789] ksys_write+0x16b/0x2a0 [ 233.920646][ T8789] ? __ia32_sys_read+0x90/0x90 [ 233.925414][ T8789] ? prepare_exit_to_usermode+0x1f7/0x580 [ 233.931167][ T8789] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 233.936907][ T8789] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 233.942456][ T8789] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 233.948182][ T8789] ? do_syscall_64+0x1d/0x140 [ 233.952885][ T8789] __x64_sys_write+0x7b/0x90 [ 233.957476][ T8789] do_syscall_64+0xfe/0x140 [ 233.961981][ T8789] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.967883][ T8789] RIP: 0033:0x459819 [ 233.971807][ T8789] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.991409][ T8789] RSP: 002b:00007f801807ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.999821][ T8789] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 234.007808][ T8789] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 234.015824][ T8789] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 234.023890][ T8789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f801807b6d4 [ 234.031886][ T8789] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 234.047151][ T8789] memory: usage 5156kB, limit 0kB, failcnt 450028 [ 234.053771][ T8789] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 234.060741][ T8789] Memory cgroup stats for /syz2: [ 234.061207][ T8789] anon 4255744 [ 234.061207][ T8789] file 0 [ 234.061207][ T8789] kernel_stack 65536 [ 234.061207][ T8789] slab 270336 [ 234.061207][ T8789] sock 0 [ 234.061207][ T8789] shmem 0 [ 234.061207][ T8789] file_mapped 0 [ 234.061207][ T8789] file_dirty 0 [ 234.061207][ T8789] file_writeback 0 [ 234.061207][ T8789] anon_thp 4194304 [ 234.061207][ T8789] inactive_anon 0 [ 234.061207][ T8789] active_anon 4255744 [ 234.061207][ T8789] inactive_file 0 [ 234.061207][ T8789] active_file 0 [ 234.061207][ T8789] unevictable 0 [ 234.061207][ T8789] slab_reclaimable 0 [ 234.061207][ T8789] slab_unreclaimable 270336 [ 234.061207][ T8789] pgfault 396 [ 234.061207][ T8789] pgmajfault 0 [ 234.061207][ T8789] workingset_refault 0 [ 234.061207][ T8789] workingset_activate 0 [ 234.061207][ T8789] workingset_nodereclaim 0 [ 234.061207][ T8789] pgrefill 0 [ 234.061207][ T8789] pgscan 0 [ 234.061207][ T8789] pgsteal 0 [ 234.061207][ T8789] pgactivate 0 [ 234.154815][ T8789] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8788,uid=0 [ 234.171768][ T8789] Memory cgroup out of memory: Killed process 8788 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 234.189968][ T1061] oom_reaper: reaped process 8788 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:56:28 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:28 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x59) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb", 0x0, 0x0, 0x0, 0xfffffffffffffffc}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:28 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000680)="4c0000001200ff09ff1cfe956fa283b724a6008000000000000008000000150024001d001fc41180b598bc593ab6821148a730de33aa46ffecfde0258823dd8da49848c6cea97da172dcc121", 0x4c}], 0x1}, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x326) 10:56:28 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) setsockopt$rose(r0, 0x104, 0x6, &(0x7f00000000c0), 0x4) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:28 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) getpgrp(0xffffffffffffffff) 10:56:28 executing program 0: syz_emit_ethernet(0x420, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa0800aabb86dd6076605100303afffe80024300822918b937cdcfe6a1f3fc24478f84fb0000000000000000000012860090780014050060c5961e00000000ff010000000000000103000004000001ff020000000000000000000000000001"], 0x0) [ 234.410290][ T8781] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 234.420351][ T8781] CPU: 0 PID: 8781 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 234.428169][ T8781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.438257][ T8781] Call Trace: [ 234.441564][ T8781] dump_stack+0x1d8/0x2f8 [ 234.446008][ T8781] dump_header+0xd8/0x970 [ 234.450353][ T8781] oom_kill_process+0xcd/0x320 [ 234.455489][ T8781] out_of_memory+0x5e1/0x8a0 [ 234.460120][ T8781] ? unregister_oom_notifier+0x20/0x20 [ 234.465594][ T8781] ? __kasan_check_read+0x11/0x20 [ 234.470741][ T8781] try_charge+0x134a/0x17b0 [ 234.475275][ T8781] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 234.481111][ T8781] ? __lock_acquire+0x4750/0x4750 [ 234.486153][ T8781] ? rcu_lock_release+0x15/0x20 [ 234.491010][ T8781] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 234.496835][ T8781] mem_cgroup_try_charge+0x216/0x560 [ 234.502221][ T8781] mem_cgroup_try_charge_delay+0x25/0xa0 10:56:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 234.507875][ T8781] handle_mm_fault+0x31f3/0x6080 [ 234.512856][ T8781] ? finish_fault+0x230/0x230 [ 234.517548][ T8781] ? vmacache_find+0x566/0x5b0 [ 234.522326][ T8781] ? vmacache_update+0xb7/0x120 [ 234.527203][ T8781] do_user_addr_fault+0x589/0xaf0 [ 234.532255][ T8781] __do_page_fault+0xd3/0x1f0 [ 234.536960][ T8781] do_page_fault+0x99/0xb0 [ 234.541416][ T8781] page_fault+0x39/0x40 [ 234.545585][ T8781] RIP: 0033:0x43224c 10:56:28 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000000080)={0x0, 0xffffff00, &(0x7f0000004000)=[{&(0x7f00000002c0)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0xffffffffffffffb5, &(0x7f0000000040)=[{&(0x7f0000000640)="2400000002031f001cfffd946fa2830020200a000900020002e70200a3a20404ff7e", 0x24}], 0x1}, 0x0) [ 234.549580][ T8781] Code: 8b 18 48 85 db 74 0c 8b 43 04 83 e0 04 0f 84 93 00 00 00 e8 16 97 ff ff 48 85 c0 48 89 c3 0f 84 ba 00 00 00 48 89 ee 48 89 df df da ff ff 48 85 c0 48 89 c2 0f 84 cb 00 00 00 83 3d e4 44 64 [ 234.569197][ T8781] RSP: 002b:00007ffe8d799000 EFLAGS: 00010246 [ 234.575451][ T8781] RAX: 0000000000000000 RBX: 0000000000715640 RCX: 0000000000458b84 [ 234.583465][ T8781] RDX: 00007ffe8d799020 RSI: 0000000000008030 RDI: 0000000000715640 [ 234.591454][ T8781] RBP: 0000000000008030 R08: 0000000000000001 R09: 0000555555cab940 [ 234.599436][ T8781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8d79a200 [ 234.607420][ T8781] R13: 00007ffe8d79a1f0 R14: 0000000000000000 R15: 00007ffe8d79a200 [ 234.615710][ T8781] memory: usage 776kB, limit 0kB, failcnt 450036 [ 234.622614][ T8781] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 234.629627][ T8781] Memory cgroup stats for /syz2: [ 234.629741][ T8781] anon 57344 [ 234.629741][ T8781] file 0 [ 234.629741][ T8781] kernel_stack 0 [ 234.629741][ T8781] slab 270336 [ 234.629741][ T8781] sock 0 [ 234.629741][ T8781] shmem 0 [ 234.629741][ T8781] file_mapped 0 [ 234.629741][ T8781] file_dirty 0 [ 234.629741][ T8781] file_writeback 0 [ 234.629741][ T8781] anon_thp 0 [ 234.629741][ T8781] inactive_anon 0 [ 234.629741][ T8781] active_anon 57344 [ 234.629741][ T8781] inactive_file 0 [ 234.629741][ T8781] active_file 0 [ 234.629741][ T8781] unevictable 0 [ 234.629741][ T8781] slab_reclaimable 0 [ 234.629741][ T8781] slab_unreclaimable 270336 [ 234.629741][ T8781] pgfault 396 [ 234.629741][ T8781] pgmajfault 0 [ 234.629741][ T8781] workingset_refault 0 [ 234.629741][ T8781] workingset_activate 0 [ 234.629741][ T8781] workingset_nodereclaim 0 [ 234.629741][ T8781] pgrefill 0 [ 234.629741][ T8781] pgscan 0 [ 234.629741][ T8781] pgsteal 0 [ 234.629741][ T8781] pgactivate 0 [ 234.629741][ T8781] pgdeactivate 0 [ 234.704475][ T8808] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 234.728166][ T8781] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8781,uid=0 10:56:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 234.752855][ T8781] Memory cgroup out of memory: Killed process 8781 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 234.768318][ T1061] oom_reaper: reaped process 8781 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:56:28 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) write$P9_RREMOVE(r0, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) [ 234.810372][ T8811] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 234.836461][ T8808] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 10:56:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:29 executing program 0: r0 = perf_event_open$cgroup(&(0x7f00000004c0)={0x4, 0x70, 0x5c2b, 0x0, 0x100, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xe303, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x9, 0x14, 0x1}, 0xffffffffffffff9c, 0xe, 0xffffffffffffffff, 0x0) ioctl(r0, 0x0, &(0x7f0000000540)="695e05ca08957330ff1bb18f536663410def7ee1e971") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x31a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x166e, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000002140), 0x80000) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8004002, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) sendfile(r1, r1, 0x0, 0x8800000) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) setxattr$security_ima(0x0, 0x0, &(0x7f0000000380)=@md5={0x1, "499db13eab188000fc15e43e20c5949f"}, 0x11, 0x3) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000080), 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000080)={'lo\x00'}) ftruncate(0xffffffffffffffff, 0x2081fc) 10:56:29 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000680)="4c0000001200ff09ff1cfe956fa283b724a6008000000000000008000000150024001d001fc41180b598bc593ab6821148a730de33aa46ffecfde0258823dd8da49848c6cea97da172dcc121", 0x4c}], 0x1}, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x326) 10:56:29 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:29 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) getpgrp(0xffffffffffffffff) 10:56:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 235.850574][ T25] audit: type=1800 audit(1563792989.544:32): pid=8836 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16675 res=0 10:56:29 executing program 5: syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x2) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:29 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000680)="4c0000001200ff09ff1cfe956fa283b724a6008000000000000008000000150024001d001fc41180b598bc593ab6821148a730de33aa46ffecfde0258823dd8da49848c6cea97da172dcc121", 0x4c}], 0x1}, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x326) [ 236.078763][ T25] audit: type=1800 audit(1563792989.774:33): pid=8847 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16675 res=0 10:56:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:29 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:30 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:30 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='lo\x00', 0xf6) sendto$inet(r0, 0x0, 0xfffffffffffffeeb, 0x20000000, &(0x7f00000000c0)={0x2, 0x4e20}, 0x10) shutdown(r0, 0x1) clock_gettime(0x0, &(0x7f0000006800)) recvmmsg(r0, &(0x7f0000006580)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 10:56:30 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:30 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000680)="4c0000001200ff09ff1cfe956fa283b724a6008000000000000008000000150024001d001fc41180b598bc593ab6821148a730de33aa46ffecfde0258823dd8da49848c6cea97da172dcc121", 0x4c}], 0x1}, 0x0) 10:56:30 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 236.458220][ T8869] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 10:56:30 executing program 5: socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:30 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:56:30 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:30 executing program 0: clone(0x8000100000203, 0x0, 0x0, 0x0, 0x0) mknod(0x0, 0x1040, 0x0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f00000004c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x200010a) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200800000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r0, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3103101ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000380)=[0x0]) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, 0x0, 0x0) [ 238.054880][ T280] device bridge_slave_1 left promiscuous mode [ 238.061118][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.114910][ T280] device bridge_slave_0 left promiscuous mode [ 238.121129][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.885067][ T280] device hsr_slave_0 left promiscuous mode [ 239.924883][ T280] device hsr_slave_1 left promiscuous mode [ 239.972807][ T280] team0 (unregistering): Port device team_slave_1 removed [ 239.983282][ T280] team0 (unregistering): Port device team_slave_0 removed [ 239.996332][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 240.057707][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 240.142809][ T280] bond0 (unregistering): Released all slaves [ 240.292525][ T8911] IPVS: ftp: loaded support on port[0] = 21 [ 240.359326][ T8911] chnl_net:caif_netlink_parms(): no params data found [ 240.388803][ T8911] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.396109][ T8911] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.403709][ T8911] device bridge_slave_0 entered promiscuous mode [ 240.411929][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.419064][ T8911] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.427023][ T8911] device bridge_slave_1 entered promiscuous mode [ 240.446345][ T8911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.456895][ T8911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.475110][ T8911] team0: Port device team_slave_0 added [ 240.481712][ T8911] team0: Port device team_slave_1 added [ 240.526958][ T8911] device hsr_slave_0 entered promiscuous mode [ 240.584629][ T8911] device hsr_slave_1 entered promiscuous mode [ 240.693156][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.700346][ T8911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.707795][ T8911] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.715001][ T8911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.775974][ T8911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.795288][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.803873][ T8322] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.817023][ T8322] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.833044][ T8911] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.850278][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.859038][ T8322] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.866185][ T8322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.908565][ T8911] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 240.919463][ T8911] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.938279][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.946981][ T8322] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.954050][ T8322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.962384][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.971111][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.979669][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.988293][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.003869][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 241.012825][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 241.029953][ T8911] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.214315][ T8921] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 241.225909][ T8921] CPU: 0 PID: 8921 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 241.233447][ T8921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.243843][ T8921] Call Trace: [ 241.247139][ T8921] dump_stack+0x1d8/0x2f8 [ 241.251468][ T8921] dump_header+0xd8/0x970 [ 241.255796][ T8921] oom_kill_process+0xcd/0x320 [ 241.260558][ T8921] out_of_memory+0x5e1/0x8a0 [ 241.265153][ T8921] ? unregister_oom_notifier+0x20/0x20 [ 241.270695][ T8921] ? trace_hardirqs_on+0x74/0x80 [ 241.275644][ T8921] memory_max_write+0x537/0x6a0 [ 241.280492][ T8921] ? lock_acquire+0x158/0x250 [ 241.285178][ T8921] ? memory_max_show+0xa0/0xa0 [ 241.289942][ T8921] ? trace_lock_acquire+0x154/0x1b0 [ 241.295141][ T8921] ? lock_acquire+0x158/0x250 [ 241.299813][ T8921] ? kernfs_fop_write+0x22e/0x4f0 [ 241.304834][ T8921] ? memory_max_show+0xa0/0xa0 [ 241.309601][ T8921] cgroup_file_write+0x27b/0x6e0 [ 241.314541][ T8921] ? cgroup_seqfile_stop+0xc0/0xc0 [ 241.319656][ T8921] ? ceph_osdc_copy_from+0x630/0xb00 [ 241.324937][ T8921] ? cgroup_seqfile_stop+0xc0/0xc0 [ 241.330052][ T8921] kernfs_fop_write+0x3e4/0x4f0 [ 241.334900][ T8921] ? kernfs_fop_read+0x580/0x580 [ 241.340112][ T8921] __vfs_write+0xf9/0x7d0 [ 241.344447][ T8921] ? __lock_acquire+0x4750/0x4750 [ 241.349478][ T8921] ? __kernel_write+0x350/0x350 [ 241.354328][ T8921] ? trace_lock_acquire+0x154/0x1b0 [ 241.359616][ T8921] ? __sb_start_write+0x39c/0x440 [ 241.364639][ T8921] ? __kasan_check_read+0x11/0x20 [ 241.369674][ T8921] vfs_write+0x275/0x590 [ 241.373932][ T8921] ksys_write+0x16b/0x2a0 [ 241.378273][ T8921] ? __ia32_sys_read+0x90/0x90 [ 241.383045][ T8921] ? prepare_exit_to_usermode+0x1f7/0x580 [ 241.388784][ T8921] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 241.394504][ T8921] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 241.399968][ T8921] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 241.405769][ T8921] ? do_syscall_64+0x1d/0x140 [ 241.410443][ T8921] __x64_sys_write+0x7b/0x90 [ 241.415033][ T8921] do_syscall_64+0xfe/0x140 [ 241.419534][ T8921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.425419][ T8921] RIP: 0033:0x459819 [ 241.429313][ T8921] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 241.448930][ T8921] RSP: 002b:00007f9e35a24c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.458233][ T8921] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 241.466208][ T8921] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 241.474191][ T8921] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 241.482188][ T8921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e35a256d4 [ 241.490336][ T8921] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 241.499443][ T8921] memory: usage 3248kB, limit 0kB, failcnt 450037 [ 241.505932][ T8921] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 241.512789][ T8921] Memory cgroup stats for /syz2: [ 241.512881][ T8921] anon 2117632 [ 241.512881][ T8921] file 0 [ 241.512881][ T8921] kernel_stack 65536 [ 241.512881][ T8921] slab 540672 [ 241.512881][ T8921] sock 0 [ 241.512881][ T8921] shmem 0 [ 241.512881][ T8921] file_mapped 0 [ 241.512881][ T8921] file_dirty 0 [ 241.512881][ T8921] file_writeback 0 [ 241.512881][ T8921] anon_thp 2097152 [ 241.512881][ T8921] inactive_anon 0 [ 241.512881][ T8921] active_anon 2117632 [ 241.512881][ T8921] inactive_file 0 [ 241.512881][ T8921] active_file 0 [ 241.512881][ T8921] unevictable 0 [ 241.512881][ T8921] slab_reclaimable 135168 [ 241.512881][ T8921] slab_unreclaimable 405504 [ 241.512881][ T8921] pgfault 462 [ 241.512881][ T8921] pgmajfault 0 [ 241.512881][ T8921] workingset_refault 0 [ 241.512881][ T8921] workingset_activate 0 [ 241.512881][ T8921] workingset_nodereclaim 0 [ 241.512881][ T8921] pgrefill 0 [ 241.512881][ T8921] pgscan 0 [ 241.512881][ T8921] pgsteal 0 [ 241.512881][ T8921] pgactivate 0 10:56:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:35 executing program 5: socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:35 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x1c) 10:56:35 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) socket$inet(0x10, 0x0, 0x0) 10:56:35 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCSIFBR(r1, 0x8941, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='cubic\x00', 0x6) [ 241.607270][ T8921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8918,uid=0 [ 241.622694][ T8921] Memory cgroup out of memory: Killed process 8918 (syz-executor.2) total-vm:72840kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 241.640489][ T1061] oom_reaper: reaped process 8918 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 241.687126][ T8911] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 241.697169][ T8911] CPU: 0 PID: 8911 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 241.704746][ T8911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.714816][ T8911] Call Trace: [ 241.718129][ T8911] dump_stack+0x1d8/0x2f8 [ 241.722471][ T8911] dump_header+0xd8/0x970 [ 241.726814][ T8911] oom_kill_process+0xcd/0x320 [ 241.731590][ T8911] out_of_memory+0x5e1/0x8a0 10:56:35 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x1c) [ 241.736192][ T8911] ? unregister_oom_notifier+0x20/0x20 [ 241.741667][ T8911] ? __kasan_check_read+0x11/0x20 [ 241.746742][ T8911] try_charge+0x134a/0x17b0 [ 241.751638][ T8911] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 241.751656][ T8911] ? __lock_acquire+0x4750/0x4750 [ 241.751674][ T8911] ? rcu_lock_release+0x15/0x20 [ 241.767496][ T8911] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 241.773061][ T8911] mem_cgroup_try_charge+0x216/0x560 [ 241.778537][ T8911] mem_cgroup_try_charge_delay+0x25/0xa0 10:56:35 executing program 1: r0 = socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x40, @media='udp\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20004041}, 0x80) [ 241.784189][ T8911] wp_page_copy+0x367/0x18c0 [ 241.788808][ T8911] ? rcu_lock_release+0x30/0x30 [ 241.793669][ T8911] ? __lock_acquire+0x4750/0x4750 [ 241.798715][ T8911] ? __kasan_check_read+0x11/0x20 [ 241.803777][ T8911] ? do_raw_spin_unlock+0x49/0x260 [ 241.808997][ T8911] do_wp_page+0x2c9/0x1ce0 [ 241.813433][ T8911] ? __rwlock_init+0x130/0x130 [ 241.818320][ T8911] ? count_memcg_event_mm+0x300/0x300 [ 241.823807][ T8911] handle_mm_fault+0x2bcf/0x6080 [ 241.828765][ T8911] ? finish_fault+0x230/0x230 [ 241.828789][ T8911] ? vmacache_find+0x251/0x5b0 [ 241.828809][ T8911] do_user_addr_fault+0x589/0xaf0 [ 241.828832][ T8911] __do_page_fault+0xd3/0x1f0 [ 241.838408][ T8911] do_page_fault+0x99/0xb0 [ 241.838421][ T8911] page_fault+0x39/0x40 [ 241.838431][ T8911] RIP: 0033:0x403442 [ 241.838443][ T8911] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 241.838447][ T8911] RSP: 002b:00007fffc4813cb0 EFLAGS: 00010246 10:56:35 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x1c) [ 241.838456][ T8911] RAX: 0000000000000000 RBX: 000000000003af90 RCX: 0000000000413420 [ 241.838461][ T8911] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffc4814de0 [ 241.838466][ T8911] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555efb940 [ 241.838472][ T8911] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffc4814de0 [ 241.838478][ T8911] R13: 00007fffc4814dd0 R14: 0000000000000000 R15: 00007fffc4814de0 [ 241.840378][ T8911] memory: usage 832kB, limit 0kB, failcnt 450045 [ 241.926630][ T8911] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 241.926636][ T8911] Memory cgroup stats for /syz2: [ 241.926736][ T8911] anon 32768 [ 241.926736][ T8911] file 0 [ 241.926736][ T8911] kernel_stack 0 [ 241.926736][ T8911] slab 540672 [ 241.926736][ T8911] sock 0 [ 241.926736][ T8911] shmem 0 [ 241.926736][ T8911] file_mapped 0 [ 241.926736][ T8911] file_dirty 0 [ 241.926736][ T8911] file_writeback 0 [ 241.926736][ T8911] anon_thp 0 [ 241.926736][ T8911] inactive_anon 0 [ 241.926736][ T8911] active_anon 32768 [ 241.926736][ T8911] inactive_file 0 10:56:35 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 241.926736][ T8911] active_file 0 [ 241.926736][ T8911] unevictable 0 [ 241.926736][ T8911] slab_reclaimable 135168 [ 241.926736][ T8911] slab_unreclaimable 405504 [ 241.926736][ T8911] pgfault 462 [ 241.926736][ T8911] pgmajfault 0 [ 241.926736][ T8911] workingset_refault 0 [ 241.926736][ T8911] workingset_activate 0 [ 241.926736][ T8911] workingset_nodereclaim 0 [ 241.926736][ T8911] pgrefill 0 [ 241.926736][ T8911] pgscan 0 [ 241.926736][ T8911] pgsteal 0 [ 241.926736][ T8911] pgactivate 0 [ 241.926736][ T8911] pgdeactivate 0 10:56:35 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 241.940167][ T8911] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8911,uid=0 [ 242.052114][ T8911] Memory cgroup out of memory: Killed process 8911 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 242.068622][ T1061] oom_reaper: reaped process 8911 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:56:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x80002102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x11, 0x3, 0x0, 0x0) write$evdev(r1, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) 10:56:36 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) 10:56:36 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:36 executing program 5: socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000002e80)={0xa, 0x4e20, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:36 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:36 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:36 executing program 0: clone(0x200, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f0000000400)='./file1\x00', &(0x7f00000003c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00') r0 = creat(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x105) close(r0) execve(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000200)='./file1/file0\x00', 0x0, 0x0) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000300)={0x0, 0x2c1, &(0x7f00000002c0)={0x0}}, 0x0) 10:56:36 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, 0x0, 0x0) 10:56:36 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:36 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, 0x0, 0x0) 10:56:36 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/147, 0x93}], 0x368) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x893f, 0x0, 0x0, 0x800e00519) shutdown(r1, 0x0) setsockopt$sock_timeval(r2, 0xffff, 0x1006, &(0x7f0000000240)={0xaf6a}, 0x10) lseek(r0, 0x0, 0x0) recvfrom$inet(r2, 0x0, 0x10201, 0x2, 0x0, 0x800e0051d) shutdown(r2, 0x0) 10:56:36 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:37 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) 10:56:37 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:37 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, 0x0, 0x0) 10:56:37 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:37 executing program 0: 10:56:37 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000002e80)={0xa, 0x0, 0x9b0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) 10:56:37 executing program 0: 10:56:37 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:37 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000002e80)={0xa, 0x0, 0x0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6", 0x3ff}, 0x1c) [ 244.941063][ T9053] IPVS: ftp: loaded support on port[0] = 21 [ 244.999432][ T9053] chnl_net:caif_netlink_parms(): no params data found [ 245.089292][ T9053] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.096490][ T9053] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.104268][ T9053] device bridge_slave_0 entered promiscuous mode [ 245.111793][ T9053] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.119329][ T9053] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.128579][ T9053] device bridge_slave_1 entered promiscuous mode [ 245.143225][ T9053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.155850][ T9053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.242124][ T9053] team0: Port device team_slave_0 added [ 245.249573][ T9053] team0: Port device team_slave_1 added [ 245.297329][ T9053] device hsr_slave_0 entered promiscuous mode [ 245.334616][ T9053] device hsr_slave_1 entered promiscuous mode [ 245.374490][ T9053] debugfs: Directory 'hsr0' with parent '/' already present! [ 245.450070][ T9053] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.460362][ T9053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.467757][ T9053] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.474854][ T9053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.509304][ T9053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.517140][ T280] device bridge_slave_1 left promiscuous mode [ 245.523450][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.565483][ T280] device bridge_slave_0 left promiscuous mode [ 245.571679][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.354605][ T280] device hsr_slave_0 left promiscuous mode [ 247.395036][ T280] device hsr_slave_1 left promiscuous mode [ 247.443130][ T280] team0 (unregistering): Port device team_slave_1 removed [ 247.453830][ T280] team0 (unregistering): Port device team_slave_0 removed [ 247.466280][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.530042][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 247.603223][ T280] bond0 (unregistering): Released all slaves [ 247.689949][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.698247][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.708096][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 247.722265][ T9053] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.729489][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.737452][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.756275][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.765228][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.773574][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.780748][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.790710][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.799562][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.808157][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.815260][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.877653][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.905031][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.913926][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.922907][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 247.931551][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 247.940599][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.949246][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 247.957798][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 247.966261][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 247.974775][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 247.992336][ T9053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 248.017277][ T9053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.031434][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 248.331002][ T9061] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 248.341421][ T9061] CPU: 1 PID: 9061 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 248.348980][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.359057][ T9061] Call Trace: [ 248.362379][ T9061] dump_stack+0x1d8/0x2f8 [ 248.366741][ T9061] dump_header+0xd8/0x970 [ 248.371105][ T9061] oom_kill_process+0xcd/0x320 [ 248.376435][ T9061] out_of_memory+0x5e1/0x8a0 [ 248.381055][ T9061] ? unregister_oom_notifier+0x20/0x20 [ 248.386543][ T9061] ? memset_erms+0xb/0x10 [ 248.390903][ T9061] memory_max_write+0x537/0x6a0 [ 248.395834][ T9061] ? memory_max_show+0xa0/0xa0 [ 248.400623][ T9061] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 248.405935][ T9061] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 248.411440][ T9061] ? retint_kernel+0x10/0x10 [ 248.416049][ T9061] ? memory_max_show+0xa0/0xa0 [ 248.420833][ T9061] cgroup_file_write+0x27b/0x6e0 [ 248.425799][ T9061] ? cgroup_seqfile_stop+0xc0/0xc0 [ 248.430931][ T9061] ? kernfs_fop_write+0x349/0x4f0 [ 248.435972][ T9061] ? cgroup_seqfile_stop+0xc0/0xc0 [ 248.441109][ T9061] kernfs_fop_write+0x3e4/0x4f0 [ 248.446073][ T9061] ? kernfs_fop_read+0x580/0x580 [ 248.451047][ T9061] __vfs_write+0xf9/0x7d0 [ 248.455402][ T9061] ? retint_kernel+0x10/0x10 [ 248.460026][ T9061] ? __kernel_write+0x350/0x350 [ 248.464909][ T9061] ? rcu_irq_exit+0xe3/0x260 [ 248.469523][ T9061] ? retint_kernel+0x10/0x10 [ 248.474145][ T9061] ? __sb_start_write+0x393/0x440 [ 248.479205][ T9061] ? __sb_start_write+0x39c/0x440 [ 248.484265][ T9061] ? __sanitizer_cov_trace_pc+0x31/0x50 [ 248.489924][ T9061] ? __sb_start_write+0x39c/0x440 [ 248.494968][ T9061] ? __kasan_check_read+0x11/0x20 [ 248.500032][ T9061] vfs_write+0x275/0x590 [ 248.504310][ T9061] ksys_write+0x16b/0x2a0 [ 248.508664][ T9061] ? __ia32_sys_read+0x90/0x90 [ 248.513444][ T9061] ? prepare_exit_to_usermode+0x1f7/0x580 [ 248.519182][ T9061] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 248.524930][ T9061] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 248.530411][ T9061] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 248.536173][ T9061] ? do_syscall_64+0x1d/0x140 [ 248.540880][ T9061] __x64_sys_write+0x7b/0x90 [ 248.545503][ T9061] do_syscall_64+0xfe/0x140 [ 248.550030][ T9061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.555934][ T9061] RIP: 0033:0x459819 [ 248.559854][ T9061] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 248.579472][ T9061] RSP: 002b:00007f6d9f061c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 248.587933][ T9061] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 248.595932][ T9061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 248.604008][ T9061] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 248.611999][ T9061] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d9f0626d4 [ 248.619987][ T9061] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 248.628174][ T9061] memory: usage 5404kB, limit 0kB, failcnt 450046 [ 248.634841][ T9061] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 248.641877][ T9061] Memory cgroup stats for /syz2: [ 248.642870][ T9061] anon 4317184 [ 248.642870][ T9061] file 0 [ 248.642870][ T9061] kernel_stack 131072 [ 248.642870][ T9061] slab 540672 [ 248.642870][ T9061] sock 0 [ 248.642870][ T9061] shmem 0 [ 248.642870][ T9061] file_mapped 0 [ 248.642870][ T9061] file_dirty 0 [ 248.642870][ T9061] file_writeback 0 [ 248.642870][ T9061] anon_thp 4194304 [ 248.642870][ T9061] inactive_anon 0 [ 248.642870][ T9061] active_anon 4317184 [ 248.642870][ T9061] inactive_file 0 [ 248.642870][ T9061] active_file 0 [ 248.642870][ T9061] unevictable 0 [ 248.642870][ T9061] slab_reclaimable 135168 [ 248.642870][ T9061] slab_unreclaimable 405504 [ 248.642870][ T9061] pgfault 528 [ 248.642870][ T9061] pgmajfault 0 [ 248.642870][ T9061] workingset_refault 0 [ 248.642870][ T9061] workingset_activate 0 [ 248.642870][ T9061] workingset_nodereclaim 0 [ 248.642870][ T9061] pgrefill 0 [ 248.642870][ T9061] pgscan 0 [ 248.642870][ T9061] pgsteal 0 [ 248.642870][ T9061] pgactivate 0 [ 248.736627][ T9061] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9060,uid=0 [ 248.752582][ T9061] Memory cgroup out of memory: Killed process 9060 (syz-executor.2) total-vm:72972kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 248.769604][ T1061] oom_reaper: reaped process 9060 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 10:56:42 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:42 executing program 0: 10:56:42 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:42 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000002e80)={0xa, 0x0, 0x0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6"}, 0x1c) 10:56:42 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) 10:56:42 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 248.901163][ T9053] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 248.912560][ T9053] CPU: 0 PID: 9053 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 248.920117][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.930183][ T9053] Call Trace: [ 248.933484][ T9053] dump_stack+0x1d8/0x2f8 [ 248.937825][ T9053] dump_header+0xd8/0x970 [ 248.942181][ T9053] oom_kill_process+0xcd/0x320 [ 248.947059][ T9053] out_of_memory+0x5e1/0x8a0 10:56:42 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 248.951667][ T9053] ? unregister_oom_notifier+0x20/0x20 [ 248.957150][ T9053] ? __kasan_check_read+0x11/0x20 [ 248.962197][ T9053] try_charge+0x134a/0x17b0 [ 248.966765][ T9053] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 248.972602][ T9053] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 248.978363][ T9053] ? rcu_lock_acquire+0x30/0x30 [ 248.983266][ T9053] __memcg_kmem_charge_memcg+0x78/0x180 [ 248.988918][ T9053] ? __lock_acquire+0x4750/0x4750 [ 248.993961][ T9053] ? memcg_kmem_put_cache+0x50/0x50 [ 248.999177][ T9053] kmem_getpages+0x411/0x970 [ 249.003778][ T9053] cache_grow_begin+0x7e/0x2c0 [ 249.014666][ T9053] ? __cpuset_node_allowed+0x198/0x530 [ 249.014728][ T9053] fallback_alloc+0x134/0x1c0 [ 249.014741][ T9053] ____cache_alloc_node+0x22a/0x250 [ 249.014752][ T9053] kmem_cache_alloc+0x157/0x2e0 [ 249.014762][ T9053] ? __alloc_file+0x29/0x350 [ 249.014774][ T9053] __alloc_file+0x29/0x350 [ 249.014782][ T9053] ? alloc_empty_file+0x4c/0x1b0 [ 249.014793][ T9053] alloc_empty_file+0xac/0x1b0 [ 249.014805][ T9053] path_openat+0x12b/0x4440 [ 249.014829][ T9053] ? trace_lock_acquire+0x1b0/0x1b0 [ 249.014847][ T9053] ? do_filp_open+0x430/0x430 [ 249.014857][ T9053] ? __kasan_kmalloc+0x178/0x1b0 [ 249.014866][ T9053] ? __kasan_kmalloc+0x11c/0x1b0 [ 249.014874][ T9053] ? kasan_slab_alloc+0xf/0x20 [ 249.014883][ T9053] ? kmem_cache_alloc+0x1e9/0x2e0 [ 249.014891][ T9053] ? getname_flags+0xba/0x640 [ 249.014900][ T9053] ? getname+0x19/0x20 10:56:42 executing program 0: [ 249.014908][ T9053] ? do_sys_open+0x2fc/0x620 [ 249.014916][ T9053] ? __x64_sys_open+0x87/0x90 [ 249.014927][ T9053] ? do_syscall_64+0xfe/0x140 [ 249.014948][ T9053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.120447][ T9053] do_filp_open+0x1f7/0x430 [ 249.124995][ T9053] ? vfs_tmpfile+0x230/0x230 [ 249.129610][ T9053] ? __lock_acquire+0x4750/0x4750 [ 249.134660][ T9053] ? do_raw_spin_unlock+0x49/0x260 [ 249.134674][ T9053] ? _raw_spin_unlock+0x22/0x30 [ 249.134684][ T9053] ? __alloc_fd+0x58f/0x630 10:56:42 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 249.134706][ T9053] ? get_unused_fd_flags+0x97/0xb0 [ 249.134719][ T9053] do_sys_open+0x343/0x620 [ 249.134730][ T9053] ? file_open_root+0x440/0x440 [ 249.134743][ T9053] ? prepare_exit_to_usermode+0x1f7/0x580 [ 249.134761][ T9053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 249.146315][ T9053] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 249.146328][ T9053] ? do_syscall_64+0x1d/0x140 [ 249.146339][ T9053] __x64_sys_open+0x87/0x90 [ 249.146351][ T9053] do_syscall_64+0xfe/0x140 [ 249.146363][ T9053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.146375][ T9053] RIP: 0033:0x457790 [ 249.146386][ T9053] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 249.146391][ T9053] RSP: 002b:00007ffff08f7290 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 249.146401][ T9053] RAX: ffffffffffffffda RBX: 000000000003c9ec RCX: 0000000000457790 [ 249.146406][ T9053] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffff08f8470 [ 249.146411][ T9053] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556267940 [ 249.146425][ T9053] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffff08f8470 [ 249.234160][ T9053] R13: 00007ffff08f8460 R14: 0000000000000000 R15: 00007ffff08f8470 [ 249.235037][ T9053] memory: usage 892kB, limit 0kB, failcnt 450058 [ 249.250426][ T9053] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 249.250432][ T9053] Memory cgroup stats for /syz2: [ 249.250638][ T9053] anon 73728 [ 249.250638][ T9053] file 0 [ 249.250638][ T9053] kernel_stack 0 10:56:43 executing program 0: 10:56:43 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000002e80)={0xa, 0x0, 0x0, @rand_addr="735d23f3b6f04bce710e7862341d0ae6"}, 0x1c) [ 249.250638][ T9053] slab 540672 [ 249.250638][ T9053] sock 0 [ 249.250638][ T9053] shmem 0 [ 249.250638][ T9053] file_mapped 0 [ 249.250638][ T9053] file_dirty 0 [ 249.250638][ T9053] file_writeback 0 [ 249.250638][ T9053] anon_thp 0 [ 249.250638][ T9053] inactive_anon 0 [ 249.250638][ T9053] active_anon 73728 [ 249.250638][ T9053] inactive_file 0 [ 249.250638][ T9053] active_file 0 [ 249.250638][ T9053] unevictable 0 [ 249.250638][ T9053] slab_reclaimable 135168 [ 249.250638][ T9053] slab_unreclaimable 405504 [ 249.250638][ T9053] pgfault 528 [ 249.250638][ T9053] pgmajfault 0 [ 249.250638][ T9053] workingset_refault 0 [ 249.250638][ T9053] workingset_activate 0 [ 249.250638][ T9053] workingset_nodereclaim 0 [ 249.250638][ T9053] pgrefill 0 [ 249.250638][ T9053] pgscan 0 [ 249.250638][ T9053] pgsteal 0 [ 249.250638][ T9053] pgactivate 0 [ 249.250638][ T9053] pgdeactivate 0 [ 249.384160][ T9053] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9053,uid=0 10:56:43 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 249.399873][ T9053] Memory cgroup out of memory: Killed process 9053 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 249.416974][ T1061] oom_reaper: reaped process 9053 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:56:43 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:43 executing program 5: 10:56:43 executing program 0: 10:56:43 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:43 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:43 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:43 executing program 0: 10:56:43 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:43 executing program 5: 10:56:43 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:44 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:44 executing program 0: 10:56:44 executing program 5: 10:56:44 executing program 0: 10:56:44 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:44 executing program 5: 10:56:44 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:44 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:44 executing program 0: 10:56:44 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:44 executing program 5: [ 252.437910][ T9152] IPVS: ftp: loaded support on port[0] = 21 [ 252.566448][ T9152] chnl_net:caif_netlink_parms(): no params data found [ 252.591753][ T9152] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.598963][ T9152] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.606742][ T9152] device bridge_slave_0 entered promiscuous mode [ 252.678673][ T9152] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.685877][ T9152] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.693542][ T9152] device bridge_slave_1 entered promiscuous mode [ 252.710835][ T9152] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.786477][ T9152] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.806729][ T9152] team0: Port device team_slave_0 added [ 252.813382][ T9152] team0: Port device team_slave_1 added [ 252.917239][ T9152] device hsr_slave_0 entered promiscuous mode [ 252.954715][ T9152] device hsr_slave_1 entered promiscuous mode [ 253.025617][ T280] device bridge_slave_1 left promiscuous mode [ 253.031875][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.095003][ T280] device bridge_slave_0 left promiscuous mode [ 253.101197][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.895086][ T280] device hsr_slave_0 left promiscuous mode [ 254.934863][ T280] device hsr_slave_1 left promiscuous mode [ 254.980572][ T280] team0 (unregistering): Port device team_slave_1 removed [ 254.997571][ T280] team0 (unregistering): Port device team_slave_0 removed [ 255.009735][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.048205][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.117578][ T280] bond0 (unregistering): Released all slaves [ 255.202501][ T9152] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.209662][ T9152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.217100][ T9152] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.224252][ T9152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.234278][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.241932][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.279389][ T9152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.290066][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.298722][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 255.308660][ T9152] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.373307][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 255.382427][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 255.391100][ T2620] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.406491][ T2620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.442796][ T9152] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 255.453389][ T9152] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 255.471437][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 255.480537][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.489113][ T2620] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.496248][ T2620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.503948][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 255.512934][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 255.521825][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 255.530988][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 255.539721][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 255.548564][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 255.557217][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 255.565746][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.574418][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 255.582949][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 255.599305][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 255.607490][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 255.625662][ T9152] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.842590][ T9160] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 255.854282][ T9160] CPU: 1 PID: 9160 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 255.861848][ T9160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.871946][ T9160] Call Trace: [ 255.875261][ T9160] dump_stack+0x1d8/0x2f8 [ 255.879613][ T9160] dump_header+0xd8/0x970 [ 255.883970][ T9160] oom_kill_process+0xcd/0x320 [ 255.888751][ T9160] out_of_memory+0x5e1/0x8a0 [ 255.893362][ T9160] ? unregister_oom_notifier+0x20/0x20 [ 255.898853][ T9160] memory_max_write+0x537/0x6a0 [ 255.903737][ T9160] ? memory_max_show+0xa0/0xa0 [ 255.908527][ T9160] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 255.913825][ T9160] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 255.919337][ T9160] ? retint_kernel+0x10/0x10 [ 255.923950][ T9160] ? memory_max_show+0xa0/0xa0 [ 255.928739][ T9160] cgroup_file_write+0x27b/0x6e0 [ 255.933709][ T9160] ? cgroup_seqfile_stop+0xc0/0xc0 [ 255.938845][ T9160] ? cgroup_seqfile_stop+0xc0/0xc0 [ 255.943978][ T9160] ? kernfs_fop_write+0x349/0x4f0 [ 255.949024][ T9160] ? cgroup_seqfile_stop+0xc0/0xc0 [ 255.954153][ T9160] kernfs_fop_write+0x3e4/0x4f0 [ 255.959034][ T9160] ? kernfs_fop_read+0x580/0x580 [ 255.963993][ T9160] __vfs_write+0xf9/0x7d0 [ 255.968606][ T9160] ? __kernel_write+0x350/0x350 [ 255.973479][ T9160] ? trace_lock_acquire+0x154/0x1b0 [ 255.978716][ T9160] ? __sb_start_write+0x39c/0x440 [ 255.983766][ T9160] vfs_write+0x275/0x590 [ 255.988044][ T9160] ksys_write+0x16b/0x2a0 [ 255.992410][ T9160] ? __ia32_sys_read+0x90/0x90 [ 255.997210][ T9160] ? do_syscall_64+0xc0/0x140 [ 256.001924][ T9160] __x64_sys_write+0x7b/0x90 [ 256.006549][ T9160] do_syscall_64+0xfe/0x140 [ 256.011075][ T9160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.016988][ T9160] RIP: 0033:0x459819 [ 256.020921][ T9160] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.040636][ T9160] RSP: 002b:00007f4e4deccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 256.049078][ T9160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 256.057064][ T9160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 256.065052][ T9160] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 256.073043][ T9160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e4decd6d4 [ 256.081036][ T9160] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 256.089203][ T9160] memory: usage 5284kB, limit 0kB, failcnt 450059 [ 256.095821][ T9160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 256.102903][ T9160] Memory cgroup stats for /syz2: [ 256.103790][ T9160] anon 4390912 [ 256.103790][ T9160] file 0 [ 256.103790][ T9160] kernel_stack 65536 [ 256.103790][ T9160] slab 540672 [ 256.103790][ T9160] sock 0 [ 256.103790][ T9160] shmem 0 [ 256.103790][ T9160] file_mapped 0 [ 256.103790][ T9160] file_dirty 0 [ 256.103790][ T9160] file_writeback 0 [ 256.103790][ T9160] anon_thp 4194304 [ 256.103790][ T9160] inactive_anon 0 [ 256.103790][ T9160] active_anon 4390912 [ 256.103790][ T9160] inactive_file 0 [ 256.103790][ T9160] active_file 0 [ 256.103790][ T9160] unevictable 0 [ 256.103790][ T9160] slab_reclaimable 135168 [ 256.103790][ T9160] slab_unreclaimable 405504 [ 256.103790][ T9160] pgfault 594 [ 256.103790][ T9160] pgmajfault 0 [ 256.103790][ T9160] workingset_refault 0 [ 256.103790][ T9160] workingset_activate 0 [ 256.103790][ T9160] workingset_nodereclaim 0 [ 256.103790][ T9160] pgrefill 0 [ 256.103790][ T9160] pgscan 0 [ 256.103790][ T9160] pgsteal 0 [ 256.103790][ T9160] pgactivate 0 [ 256.197630][ T9160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9159,uid=0 [ 256.213650][ T9160] Memory cgroup out of memory: Killed process 9159 (syz-executor.2) total-vm:72576kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 256.236840][ T1061] oom_reaper: reaped process 9159 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 256.671922][ T9152] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 256.682185][ T9152] CPU: 1 PID: 9152 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 256.689757][ T9152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.699838][ T9152] Call Trace: [ 256.703152][ T9152] dump_stack+0x1d8/0x2f8 [ 256.707502][ T9152] dump_header+0xd8/0x970 [ 256.711849][ T9152] oom_kill_process+0xcd/0x320 [ 256.716634][ T9152] out_of_memory+0x5e1/0x8a0 10:56:50 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:50 executing program 5: 10:56:50 executing program 0: 10:56:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:50 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:50 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 256.721247][ T9152] ? unregister_oom_notifier+0x20/0x20 [ 256.726733][ T9152] ? __kasan_check_read+0x11/0x20 [ 256.731789][ T9152] try_charge+0x134a/0x17b0 [ 256.736326][ T9152] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 256.742157][ T9152] ? __lock_acquire+0x4750/0x4750 [ 256.747215][ T9152] ? rcu_lock_release+0x15/0x20 [ 256.752104][ T9152] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 256.757664][ T9152] mem_cgroup_try_charge+0x216/0x560 [ 256.762964][ T9152] mem_cgroup_try_charge_delay+0x25/0xa0 [ 256.768617][ T9152] wp_page_copy+0x367/0x18c0 [ 256.773242][ T9152] ? rcu_lock_release+0x30/0x30 [ 256.778116][ T9152] ? __lock_acquire+0x4750/0x4750 [ 256.783156][ T9152] ? __kasan_check_read+0x11/0x20 [ 256.788197][ T9152] ? do_raw_spin_unlock+0x49/0x260 [ 256.793323][ T9152] do_wp_page+0x2c9/0x1ce0 [ 256.797756][ T9152] ? __rwlock_init+0x130/0x130 [ 256.802526][ T9152] ? count_memcg_event_mm+0x300/0x300 [ 256.807938][ T9152] handle_mm_fault+0x2bcf/0x6080 [ 256.812907][ T9152] ? finish_fault+0x230/0x230 [ 256.817634][ T9152] ? vmacache_find+0x251/0x5b0 10:56:50 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:50 executing program 0: [ 256.822442][ T9152] do_user_addr_fault+0x589/0xaf0 [ 256.827489][ T9152] __do_page_fault+0xd3/0x1f0 [ 256.832174][ T9152] do_page_fault+0x99/0xb0 [ 256.836615][ T9152] page_fault+0x39/0x40 [ 256.840776][ T9152] RIP: 0033:0x4308f6 [ 256.844672][ T9152] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 256.864290][ T9152] RSP: 002b:00007fffd41dc320 EFLAGS: 00010206 [ 256.870365][ T9152] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 256.878369][ T9152] RDX: 0000555556c6c930 RSI: 0000555556c74970 RDI: 0000000000000003 [ 256.878383][ T9152] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556c6b940 [ 256.894344][ T9152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 256.894351][ T9152] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 256.894855][ T9152] memory: usage 900kB, limit 0kB, failcnt 450067 [ 256.917054][ T9152] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 256.923912][ T9152] Memory cgroup stats for /syz2: [ 256.924009][ T9152] anon 57344 [ 256.924009][ T9152] file 0 [ 256.924009][ T9152] kernel_stack 0 [ 256.924009][ T9152] slab 540672 [ 256.924009][ T9152] sock 0 [ 256.924009][ T9152] shmem 0 [ 256.924009][ T9152] file_mapped 0 [ 256.924009][ T9152] file_dirty 0 [ 256.924009][ T9152] file_writeback 0 [ 256.924009][ T9152] anon_thp 0 [ 256.924009][ T9152] inactive_anon 0 [ 256.924009][ T9152] active_anon 57344 [ 256.924009][ T9152] inactive_file 0 [ 256.924009][ T9152] active_file 0 [ 256.924009][ T9152] unevictable 0 [ 256.924009][ T9152] slab_reclaimable 135168 [ 256.924009][ T9152] slab_unreclaimable 405504 [ 256.924009][ T9152] pgfault 627 [ 256.924009][ T9152] pgmajfault 0 [ 256.924009][ T9152] workingset_refault 0 [ 256.924009][ T9152] workingset_activate 0 [ 256.924009][ T9152] workingset_nodereclaim 0 [ 256.924009][ T9152] pgrefill 0 [ 256.924009][ T9152] pgscan 0 [ 256.924009][ T9152] pgsteal 0 [ 256.924009][ T9152] pgactivate 0 [ 256.924009][ T9152] pgdeactivate 0 10:56:50 executing program 5: 10:56:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 257.019823][ T9152] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9152,uid=0 [ 257.019905][ T9152] Memory cgroup out of memory: Killed process 9152 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 257.059349][ T1061] oom_reaper: reaped process 9152 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:56:50 executing program 5: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 10:56:52 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:52 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:56:52 executing program 5: 10:56:52 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:52 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:52 executing program 5: 10:56:52 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:52 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:52 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:52 executing program 5: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:56:52 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:52 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:56:52 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000340)) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:52 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:56:53 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:53 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:53 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 260.924881][ T280] device bridge_slave_1 left promiscuous mode [ 260.931347][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.965008][ T280] device bridge_slave_0 left promiscuous mode [ 260.971238][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.794721][ T280] device hsr_slave_0 left promiscuous mode [ 262.834341][ T280] device hsr_slave_1 left promiscuous mode [ 262.921552][ T280] team0 (unregistering): Port device team_slave_1 removed [ 262.933794][ T280] team0 (unregistering): Port device team_slave_0 removed [ 262.944498][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.999882][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 263.084977][ T280] bond0 (unregistering): Released all slaves [ 263.202589][ T9266] IPVS: ftp: loaded support on port[0] = 21 [ 263.266979][ T9266] chnl_net:caif_netlink_parms(): no params data found [ 263.296606][ T9266] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.303706][ T9266] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.311786][ T9266] device bridge_slave_0 entered promiscuous mode [ 263.319905][ T9266] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.327061][ T9266] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.335074][ T9266] device bridge_slave_1 entered promiscuous mode [ 263.352900][ T9266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.364777][ T9266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 263.382481][ T9266] team0: Port device team_slave_0 added [ 263.389780][ T9266] team0: Port device team_slave_1 added [ 263.437094][ T9266] device hsr_slave_0 entered promiscuous mode [ 263.484648][ T9266] device hsr_slave_1 entered promiscuous mode [ 263.578284][ T9266] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.585466][ T9266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.592854][ T9266] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.600030][ T9266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.660788][ T9266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.685290][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 263.698880][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.706950][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.726803][ T9266] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.738879][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.747436][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.754574][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.786169][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.794679][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.801764][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.810507][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.819691][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.828351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 263.836823][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 263.847745][ T9266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 263.866850][ T9266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.876337][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 264.091068][ T9274] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 264.101832][ T9274] CPU: 0 PID: 9274 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 264.109411][ T9274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.119494][ T9274] Call Trace: [ 264.122814][ T9274] dump_stack+0x1d8/0x2f8 [ 264.127175][ T9274] dump_header+0xd8/0x970 [ 264.131561][ T9274] oom_kill_process+0xcd/0x320 [ 264.136355][ T9274] out_of_memory+0x5e1/0x8a0 [ 264.140986][ T9274] ? unregister_oom_notifier+0x20/0x20 [ 264.146493][ T9274] memory_max_write+0x537/0x6a0 [ 264.151403][ T9274] ? memory_max_show+0xa0/0xa0 [ 264.156207][ T9274] ? trace_lock_acquire+0x154/0x1b0 [ 264.161436][ T9274] ? lock_acquire+0x158/0x250 [ 264.166144][ T9274] ? kernfs_fop_write+0x22e/0x4f0 [ 264.171199][ T9274] ? memory_max_show+0xa0/0xa0 [ 264.175989][ T9274] cgroup_file_write+0x27b/0x6e0 [ 264.181040][ T9274] ? cgroup_seqfile_stop+0xc0/0xc0 [ 264.186186][ T9274] ? cgroup_seqfile_stop+0xc0/0xc0 [ 264.191348][ T9274] kernfs_fop_write+0x3e4/0x4f0 [ 264.196229][ T9274] ? kernfs_fop_read+0x580/0x580 [ 264.201200][ T9274] __vfs_write+0xf9/0x7d0 [ 264.205581][ T9274] ? __lock_acquire+0x4750/0x4750 [ 264.210637][ T9274] ? __kernel_write+0x350/0x350 [ 264.215599][ T9274] ? trace_lock_acquire+0x154/0x1b0 [ 264.220854][ T9274] ? __sb_start_write+0x39c/0x440 [ 264.225991][ T9274] ? __kasan_check_read+0x11/0x20 [ 264.231039][ T9274] vfs_write+0x275/0x590 [ 264.235340][ T9274] ksys_write+0x16b/0x2a0 [ 264.239693][ T9274] ? __ia32_sys_read+0x90/0x90 [ 264.244486][ T9274] ? prepare_exit_to_usermode+0x1f7/0x580 [ 264.250239][ T9274] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 264.255994][ T9274] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 264.261482][ T9274] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 264.267230][ T9274] ? do_syscall_64+0x1d/0x140 [ 264.271937][ T9274] __x64_sys_write+0x7b/0x90 [ 264.276566][ T9274] do_syscall_64+0xfe/0x140 [ 264.281096][ T9274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.287011][ T9274] RIP: 0033:0x459819 [ 264.290920][ T9274] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.310656][ T9274] RSP: 002b:00007f50e7ee7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 264.319098][ T9274] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 264.327092][ T9274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 264.335085][ T9274] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 264.343085][ T9274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f50e7ee86d4 [ 264.351077][ T9274] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 264.374177][ T9274] memory: usage 5240kB, limit 0kB, failcnt 450068 [ 264.380893][ T9274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 264.387935][ T9274] Memory cgroup stats for /syz2: [ 264.388158][ T9274] anon 4259840 [ 264.388158][ T9274] file 0 [ 264.388158][ T9274] kernel_stack 65536 [ 264.388158][ T9274] slab 540672 [ 264.388158][ T9274] sock 0 [ 264.388158][ T9274] shmem 0 [ 264.388158][ T9274] file_mapped 0 [ 264.388158][ T9274] file_dirty 0 [ 264.388158][ T9274] file_writeback 0 [ 264.388158][ T9274] anon_thp 4194304 [ 264.388158][ T9274] inactive_anon 0 [ 264.388158][ T9274] active_anon 4259840 [ 264.388158][ T9274] inactive_file 0 [ 264.388158][ T9274] active_file 0 [ 264.388158][ T9274] unevictable 0 [ 264.388158][ T9274] slab_reclaimable 135168 [ 264.388158][ T9274] slab_unreclaimable 405504 [ 264.388158][ T9274] pgfault 660 [ 264.388158][ T9274] pgmajfault 0 [ 264.388158][ T9274] workingset_refault 0 [ 264.388158][ T9274] workingset_activate 0 [ 264.388158][ T9274] workingset_nodereclaim 0 [ 264.388158][ T9274] pgrefill 0 [ 264.388158][ T9274] pgscan 0 [ 264.388158][ T9274] pgsteal 0 [ 264.388158][ T9274] pgactivate 0 [ 264.481887][ T9274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9273,uid=0 [ 264.497372][ T9274] Memory cgroup out of memory: Killed process 9273 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 264.516320][ T1061] oom_reaper: reaped process 9273 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 264.708491][ T9266] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 264.718543][ T9266] CPU: 1 PID: 9266 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 264.726106][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.736175][ T9266] Call Trace: [ 264.739489][ T9266] dump_stack+0x1d8/0x2f8 [ 264.743934][ T9266] dump_header+0xd8/0x970 [ 264.748296][ T9266] oom_kill_process+0xcd/0x320 [ 264.753084][ T9266] out_of_memory+0x5e1/0x8a0 [ 264.757699][ T9266] ? unregister_oom_notifier+0x20/0x20 [ 264.763178][ T9266] ? __kasan_check_read+0x11/0x20 [ 264.768242][ T9266] try_charge+0x134a/0x17b0 [ 264.773161][ T9266] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 264.778999][ T9266] ? __lock_acquire+0x4750/0x4750 [ 264.784053][ T9266] ? rcu_lock_release+0x15/0x20 [ 264.789025][ T9266] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 264.794586][ T9266] mem_cgroup_try_charge+0x216/0x560 [ 264.799896][ T9266] mem_cgroup_try_charge_delay+0x25/0xa0 [ 264.805551][ T9266] handle_mm_fault+0x31f3/0x6080 [ 264.810525][ T9266] ? finish_fault+0x230/0x230 [ 264.815240][ T9266] ? vmacache_find+0x251/0x5b0 [ 264.820036][ T9266] do_user_addr_fault+0x589/0xaf0 [ 264.825092][ T9266] __do_page_fault+0xd3/0x1f0 [ 264.829808][ T9266] do_page_fault+0x99/0xb0 [ 264.834241][ T9266] page_fault+0x39/0x40 [ 264.838405][ T9266] RIP: 0033:0x403442 [ 264.842312][ T9266] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 264.861928][ T9266] RSP: 002b:00007fffab0a0f80 EFLAGS: 00010246 [ 264.868014][ T9266] RAX: 0000000000000000 RBX: 0000000000040783 RCX: 0000000000413420 [ 264.876011][ T9266] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffab0a20b0 [ 264.884022][ T9266] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ea5940 [ 264.892015][ T9266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffab0a20b0 [ 264.900005][ T9266] R13: 00007fffab0a20a0 R14: 0000000000000000 R15: 00007fffab0a20b0 10:56:58 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:56:58 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:58 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:58 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 264.908270][ T9266] memory: usage 856kB, limit 0kB, failcnt 450076 [ 264.914678][ T9266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 264.921550][ T9266] Memory cgroup stats for /syz2: [ 264.921635][ T9266] anon 61440 [ 264.921635][ T9266] file 0 [ 264.921635][ T9266] kernel_stack 65536 [ 264.921635][ T9266] slab 540672 [ 264.921635][ T9266] sock 0 [ 264.921635][ T9266] shmem 0 [ 264.921635][ T9266] file_mapped 0 [ 264.921635][ T9266] file_dirty 0 [ 264.921635][ T9266] file_writeback 0 [ 264.921635][ T9266] anon_thp 0 10:56:58 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 264.921635][ T9266] inactive_anon 0 [ 264.921635][ T9266] active_anon 61440 [ 264.921635][ T9266] inactive_file 0 [ 264.921635][ T9266] active_file 0 [ 264.921635][ T9266] unevictable 0 [ 264.921635][ T9266] slab_reclaimable 135168 [ 264.921635][ T9266] slab_unreclaimable 405504 [ 264.921635][ T9266] pgfault 660 [ 264.921635][ T9266] pgmajfault 0 [ 264.921635][ T9266] workingset_refault 0 [ 264.921635][ T9266] workingset_activate 0 [ 264.921635][ T9266] workingset_nodereclaim 0 [ 264.921635][ T9266] pgrefill 0 [ 264.921635][ T9266] pgscan 0 [ 264.921635][ T9266] pgsteal 0 [ 264.921635][ T9266] pgactivate 0 [ 264.921635][ T9266] pgdeactivate 0 [ 265.017960][ T9266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9266,uid=0 [ 265.018048][ T9266] Memory cgroup out of memory: Killed process 9266 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 265.028790][ T9285] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 265.049365][ T9285] CPU: 1 PID: 9285 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 265.067074][ T9285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.073030][ T1061] oom_reaper: reaped process 9266 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 265.077141][ T9285] Call Trace: [ 265.077169][ T9285] dump_stack+0x1d8/0x2f8 [ 265.077183][ T9285] dump_header+0xd8/0x970 [ 265.077203][ T9285] oom_kill_process+0xcd/0x320 [ 265.077221][ T9285] out_of_memory+0x5e1/0x8a0 [ 265.109586][ T9285] ? unregister_oom_notifier+0x20/0x20 [ 265.115156][ T9285] ? trace_hardirqs_on+0x74/0x80 [ 265.120242][ T9285] memory_max_write+0x537/0x6a0 [ 265.125128][ T9285] ? memory_max_show+0xa0/0xa0 [ 265.129911][ T9285] ? trace_lock_acquire+0x154/0x1b0 [ 265.135122][ T9285] ? lock_acquire+0x158/0x250 [ 265.141358][ T9285] ? kernfs_fop_write+0x22e/0x4f0 [ 265.146391][ T9285] ? memory_max_show+0xa0/0xa0 [ 265.151160][ T9285] cgroup_file_write+0x27b/0x6e0 [ 265.156115][ T9285] ? cgroup_seqfile_stop+0xc0/0xc0 [ 265.161265][ T9285] ? cgroup_seqfile_stop+0xc0/0xc0 [ 265.166390][ T9285] kernfs_fop_write+0x3e4/0x4f0 [ 265.171256][ T9285] ? kernfs_fop_read+0x580/0x580 [ 265.176208][ T9285] __vfs_write+0xf9/0x7d0 [ 265.180552][ T9285] ? __lock_acquire+0x4750/0x4750 [ 265.185592][ T9285] ? __kernel_write+0x350/0x350 [ 265.190467][ T9285] ? trace_lock_acquire+0x154/0x1b0 [ 265.195688][ T9285] ? __sb_start_write+0x39c/0x440 [ 265.200727][ T9285] ? __kasan_check_read+0x11/0x20 [ 265.205760][ T9285] vfs_write+0x275/0x590 [ 265.210012][ T9285] ksys_write+0x16b/0x2a0 [ 265.214347][ T9285] ? __ia32_sys_read+0x90/0x90 [ 265.219126][ T9285] ? prepare_exit_to_usermode+0x1f7/0x580 [ 265.224861][ T9285] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 265.230596][ T9285] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 265.236054][ T9285] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 265.241774][ T9285] ? do_syscall_64+0x1d/0x140 [ 265.246459][ T9285] __x64_sys_write+0x7b/0x90 [ 265.251058][ T9285] do_syscall_64+0xfe/0x140 [ 265.255575][ T9285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.261471][ T9285] RIP: 0033:0x459819 [ 265.265362][ T9285] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.285237][ T9285] RSP: 002b:00007f56d24fac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 265.293667][ T9285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 265.301657][ T9285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 265.309647][ T9285] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 265.317628][ T9285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56d24fb6d4 [ 265.325606][ T9285] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 265.333855][ T9285] memory: usage 12192kB, limit 0kB, failcnt 0 [ 265.340047][ T9285] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 265.346958][ T9285] Memory cgroup stats for /syz5: [ 265.347046][ T9285] anon 8843264 [ 265.347046][ T9285] file 0 [ 265.347046][ T9285] kernel_stack 196608 [ 265.347046][ T9285] slab 3125248 [ 265.347046][ T9285] sock 0 [ 265.347046][ T9285] shmem 0 [ 265.347046][ T9285] file_mapped 0 [ 265.347046][ T9285] file_dirty 0 [ 265.347046][ T9285] file_writeback 0 [ 265.347046][ T9285] anon_thp 8388608 [ 265.347046][ T9285] inactive_anon 0 [ 265.347046][ T9285] active_anon 8769536 [ 265.347046][ T9285] inactive_file 0 [ 265.347046][ T9285] active_file 0 [ 265.347046][ T9285] unevictable 0 [ 265.347046][ T9285] slab_reclaimable 1216512 [ 265.347046][ T9285] slab_unreclaimable 1908736 [ 265.347046][ T9285] pgfault 3399 [ 265.347046][ T9285] pgmajfault 0 [ 265.347046][ T9285] workingset_refault 0 [ 265.347046][ T9285] workingset_activate 0 [ 265.347046][ T9285] workingset_nodereclaim 0 [ 265.347046][ T9285] pgrefill 0 [ 265.347046][ T9285] pgscan 0 [ 265.347046][ T9285] pgsteal 0 [ 265.347046][ T9285] pgactivate 0 [ 265.441090][ T9285] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8415,uid=0 [ 265.457061][ T9285] Memory cgroup out of memory: Killed process 8415 (syz-executor.5) total-vm:72968kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB [ 265.473213][ T1061] oom_reaper: reaped process 8415 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 265.484348][ T9285] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 265.494606][ T9285] CPU: 1 PID: 9285 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 265.502168][ T9285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.512241][ T9285] Call Trace: [ 265.515543][ T9285] dump_stack+0x1d8/0x2f8 [ 265.519907][ T9285] dump_header+0xd8/0x970 [ 265.524251][ T9285] oom_kill_process+0xcd/0x320 [ 265.529028][ T9285] out_of_memory+0x5e1/0x8a0 [ 265.533623][ T9285] ? unregister_oom_notifier+0x20/0x20 [ 265.539203][ T9285] ? trace_hardirqs_on+0x74/0x80 [ 265.544331][ T9285] memory_max_write+0x537/0x6a0 [ 265.549216][ T9285] ? memory_max_show+0xa0/0xa0 [ 265.554082][ T9285] ? trace_lock_acquire+0x154/0x1b0 [ 265.559301][ T9285] ? lock_acquire+0x158/0x250 [ 265.563988][ T9285] ? kernfs_fop_write+0x22e/0x4f0 [ 265.569024][ T9285] ? memory_max_show+0xa0/0xa0 [ 265.573805][ T9285] cgroup_file_write+0x27b/0x6e0 [ 265.578792][ T9285] ? cgroup_seqfile_stop+0xc0/0xc0 [ 265.583930][ T9285] ? cgroup_seqfile_stop+0xc0/0xc0 [ 265.589061][ T9285] kernfs_fop_write+0x3e4/0x4f0 [ 265.593914][ T9285] ? kernfs_fop_read+0x580/0x580 [ 265.598885][ T9285] __vfs_write+0xf9/0x7d0 [ 265.603236][ T9285] ? __lock_acquire+0x4750/0x4750 [ 265.608272][ T9285] ? __kernel_write+0x350/0x350 [ 265.613133][ T9285] ? trace_lock_acquire+0x154/0x1b0 [ 265.618366][ T9285] ? __sb_start_write+0x39c/0x440 [ 265.623403][ T9285] ? __kasan_check_read+0x11/0x20 [ 265.628437][ T9285] vfs_write+0x275/0x590 [ 265.632724][ T9285] ksys_write+0x16b/0x2a0 [ 265.637063][ T9285] ? __ia32_sys_read+0x90/0x90 [ 265.641835][ T9285] ? prepare_exit_to_usermode+0x1f7/0x580 [ 265.647567][ T9285] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 265.653390][ T9285] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 265.658868][ T9285] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 265.664599][ T9285] ? do_syscall_64+0x1d/0x140 [ 265.669292][ T9285] __x64_sys_write+0x7b/0x90 [ 265.673898][ T9285] do_syscall_64+0xfe/0x140 [ 265.678413][ T9285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.684311][ T9285] RIP: 0033:0x459819 [ 265.688217][ T9285] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.707828][ T9285] RSP: 002b:00007f56d24fac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 265.716250][ T9285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 265.724233][ T9285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 265.732224][ T9285] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 265.740217][ T9285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56d24fb6d4 [ 265.748382][ T9285] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 265.756454][ T9285] memory: usage 7976kB, limit 0kB, failcnt 0 [ 265.762490][ T9285] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 265.769399][ T9285] Memory cgroup stats for /syz5: [ 265.769486][ T9285] anon 4591616 [ 265.769486][ T9285] file 0 [ 265.769486][ T9285] kernel_stack 196608 [ 265.769486][ T9285] slab 3125248 [ 265.769486][ T9285] sock 0 [ 265.769486][ T9285] shmem 0 [ 265.769486][ T9285] file_mapped 0 [ 265.769486][ T9285] file_dirty 0 [ 265.769486][ T9285] file_writeback 0 [ 265.769486][ T9285] anon_thp 4194304 [ 265.769486][ T9285] inactive_anon 0 [ 265.769486][ T9285] active_anon 4517888 [ 265.769486][ T9285] inactive_file 0 [ 265.769486][ T9285] active_file 0 [ 265.769486][ T9285] unevictable 0 [ 265.769486][ T9285] slab_reclaimable 1216512 [ 265.769486][ T9285] slab_unreclaimable 1908736 [ 265.769486][ T9285] pgfault 3399 [ 265.769486][ T9285] pgmajfault 0 [ 265.769486][ T9285] workingset_refault 0 [ 265.769486][ T9285] workingset_activate 0 [ 265.769486][ T9285] workingset_nodereclaim 0 [ 265.769486][ T9285] pgrefill 0 [ 265.769486][ T9285] pgscan 0 [ 265.769486][ T9285] pgsteal 0 [ 265.769486][ T9285] pgactivate 0 10:56:59 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 265.863809][ T9285] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9275,uid=0 [ 265.879395][ T9285] Memory cgroup out of memory: Killed process 9275 (syz-executor.5) total-vm:72704kB, anon-rss:4200kB, file-rss:34816kB, shmem-rss:0kB [ 265.896834][ T1061] oom_reaper: reaped process 9275 (syz-executor.5), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 10:56:59 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:56:59 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:56:59 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:56:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) [ 266.095186][ T8272] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 266.107310][ T8272] CPU: 0 PID: 8272 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 266.114862][ T8272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.125587][ T8272] Call Trace: [ 266.129152][ T8272] dump_stack+0x1d8/0x2f8 [ 266.133491][ T8272] dump_header+0xd8/0x970 [ 266.133506][ T8272] oom_kill_process+0xcd/0x320 [ 266.133522][ T8272] out_of_memory+0x5e1/0x8a0 [ 266.142606][ T8272] ? unregister_oom_notifier+0x20/0x20 [ 266.152639][ T8272] ? __kasan_check_read+0x11/0x20 [ 266.157736][ T8272] try_charge+0x134a/0x17b0 [ 266.162259][ T8272] ? rmqueue+0x2248/0x2810 [ 266.166708][ T8272] ? __lock_acquire+0x4750/0x4750 [ 266.171756][ T8272] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 266.177578][ T8272] ? rcu_lock_release+0x4/0x20 [ 266.182365][ T8272] __memcg_kmem_charge_memcg+0x78/0x180 [ 266.187920][ T8272] ? memcg_kmem_put_cache+0x50/0x50 [ 266.193129][ T8272] ? rcu_lock_release+0x15/0x20 [ 266.197997][ T8272] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 266.203583][ T8272] __memcg_kmem_charge+0x105/0x340 [ 266.208711][ T8272] __alloc_pages_nodemask+0x377/0x790 [ 266.214104][ T8272] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 266.219648][ T8272] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 266.225360][ T8272] ? copy_process+0x599/0x5a00 [ 266.230113][ T8272] copy_process+0x620/0x5a00 [ 266.234695][ T8272] ? do_wp_page+0x12d0/0x1ce0 [ 266.239377][ T8272] ? __rwlock_init+0x130/0x130 [ 266.244145][ T8272] ? count_memcg_event_mm+0x300/0x300 [ 266.249617][ T8272] ? fork_idle+0x290/0x290 [ 266.254038][ T8272] ? __lock_acquire+0x4750/0x4750 [ 266.259062][ T8272] ? lock_acquire+0x158/0x250 [ 266.263736][ T8272] _do_fork+0x179/0x630 [ 266.267983][ T8272] ? dup_mm+0x340/0x340 [ 266.272132][ T8272] ? __kasan_check_read+0x11/0x20 [ 266.277147][ T8272] ? _copy_to_user+0x104/0x150 [ 266.281913][ T8272] ? put_timespec64+0x106/0x150 [ 266.286853][ T8272] ? ktime_get_raw+0xf0/0xf0 [ 266.291446][ T8272] __x64_sys_clone+0x247/0x2b0 [ 266.296216][ T8272] ? __ia32_sys_vfork+0x110/0x110 [ 266.301243][ T8272] ? prepare_exit_to_usermode+0x1f7/0x580 [ 266.306966][ T8272] ? do_syscall_64+0x1d/0x140 [ 266.311643][ T8272] do_syscall_64+0xfe/0x140 [ 266.316144][ T8272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 266.322028][ T8272] RIP: 0033:0x457dea [ 266.325911][ T8272] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 266.345603][ T8272] RSP: 002b:00007fffd0e23960 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 266.354022][ T8272] RAX: ffffffffffffffda RBX: 00007fffd0e23960 RCX: 0000000000457dea [ 266.363476][ T8272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 266.371460][ T8272] RBP: 00007fffd0e239a0 R08: 0000000000000001 R09: 0000555556252940 [ 266.379453][ T8272] R10: 0000555556252c10 R11: 0000000000000246 R12: 0000000000000001 [ 266.387432][ T8272] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffd0e239f0 [ 266.396469][ T8272] memory: usage 3368kB, limit 0kB, failcnt 8 [ 266.402484][ T8272] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 266.402496][ T8272] Memory cgroup stats for /syz5: [ 266.402597][ T8272] anon 278528 [ 266.402597][ T8272] file 0 [ 266.402597][ T8272] kernel_stack 65536 [ 266.402597][ T8272] slab 3125248 [ 266.402597][ T8272] sock 0 [ 266.402597][ T8272] shmem 0 [ 266.402597][ T8272] file_mapped 0 [ 266.402597][ T8272] file_dirty 0 [ 266.402597][ T8272] file_writeback 0 [ 266.402597][ T8272] anon_thp 0 [ 266.402597][ T8272] inactive_anon 0 [ 266.402597][ T8272] active_anon 204800 [ 266.402597][ T8272] inactive_file 0 [ 266.402597][ T8272] active_file 0 [ 266.402597][ T8272] unevictable 0 [ 266.402597][ T8272] slab_reclaimable 1216512 [ 266.402597][ T8272] slab_unreclaimable 1908736 [ 266.402597][ T8272] pgfault 3399 [ 266.402597][ T8272] pgmajfault 0 [ 266.402597][ T8272] workingset_refault 0 [ 266.402597][ T8272] workingset_activate 0 [ 266.402597][ T8272] workingset_nodereclaim 0 [ 266.402597][ T8272] pgrefill 0 [ 266.402597][ T8272] pgscan 0 [ 266.402597][ T8272] pgsteal 0 [ 266.402597][ T8272] pgactivate 0 [ 266.414444][ T8272] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8272,uid=0 [ 266.517976][ T8272] Memory cgroup out of memory: Killed process 8272 (syz-executor.5) total-vm:72440kB, anon-rss:104kB, file-rss:35776kB, shmem-rss:0kB [ 266.533733][ T1061] oom_reaper: reaped process 8272 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 10:57:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:00 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:00 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) 10:57:00 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:00 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) 10:57:00 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:01 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) 10:57:01 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:01 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:01 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) dup(0xffffffffffffffff) 10:57:01 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:01 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000400)={0x0, 0xfb, 0x8a, 0x3, 0x4, "86497b42048526c40a4ec32c249d94b0", "03e50c4be9c978a25aaee6156941a801b637035f1e7fe5b51c1c53da2794c8924832449a3d958f0cde8bf8a9a21b385cad3063d13defd4565adf7b45cb80dc4184dfbf09405ddcc95d0602e4464eb4db22987166fe728630742e201d4ff697417176942409fa7ef18ed4514196ad4458cb56eace13"}, 0x8a, 0xe3ac3e804fad798d) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) dup(0xffffffffffffffff) [ 269.192230][ T9371] IPVS: ftp: loaded support on port[0] = 21 [ 269.373229][ T9371] chnl_net:caif_netlink_parms(): no params data found [ 269.537572][ T9371] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.544991][ T9371] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.552936][ T9371] device bridge_slave_0 entered promiscuous mode [ 269.716916][ T9371] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.724530][ T9371] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.732181][ T9371] device bridge_slave_1 entered promiscuous mode [ 269.752922][ T9371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 269.764753][ T9371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.788436][ T9371] team0: Port device team_slave_0 added [ 269.796036][ T9371] team0: Port device team_slave_1 added [ 269.796692][ T9374] IPVS: ftp: loaded support on port[0] = 21 [ 269.987089][ T9371] device hsr_slave_0 entered promiscuous mode [ 270.024600][ T9371] device hsr_slave_1 entered promiscuous mode [ 270.074308][ T9371] debugfs: Directory 'hsr0' with parent '/' already present! [ 270.272191][ T280] device bridge_slave_1 left promiscuous mode [ 270.278582][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.306738][ T280] device bridge_slave_0 left promiscuous mode [ 270.312944][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.358270][ T280] device bridge_slave_1 left promiscuous mode [ 270.364560][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.425034][ T280] device bridge_slave_0 left promiscuous mode [ 270.431233][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.905424][ T280] device hsr_slave_0 left promiscuous mode [ 273.974405][ T280] device hsr_slave_1 left promiscuous mode [ 274.023157][ T280] team0 (unregistering): Port device team_slave_1 removed [ 274.033749][ T280] team0 (unregistering): Port device team_slave_0 removed [ 274.045127][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.097866][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 274.162526][ T280] bond0 (unregistering): Released all slaves [ 274.295126][ T280] device hsr_slave_0 left promiscuous mode [ 274.334867][ T280] device hsr_slave_1 left promiscuous mode [ 274.382828][ T280] team0 (unregistering): Port device team_slave_1 removed [ 274.396569][ T280] team0 (unregistering): Port device team_slave_0 removed [ 274.407981][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.448515][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 274.522309][ T280] bond0 (unregistering): Released all slaves [ 274.630184][ T9374] chnl_net:caif_netlink_parms(): no params data found [ 274.677135][ T9374] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.684323][ T9374] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.691950][ T9374] device bridge_slave_0 entered promiscuous mode [ 274.700793][ T9374] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.707975][ T9374] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.715991][ T9374] device bridge_slave_1 entered promiscuous mode [ 274.745461][ T9374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.756792][ T9374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.778643][ T9374] team0: Port device team_slave_0 added [ 274.786307][ T9374] team0: Port device team_slave_1 added [ 274.871355][ T9371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.916973][ T9374] device hsr_slave_0 entered promiscuous mode [ 274.954600][ T9374] device hsr_slave_1 entered promiscuous mode [ 275.052428][ T9371] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.062646][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.070753][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.116598][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.126308][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.134905][ T8322] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.142805][ T8322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.151072][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.160170][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.168686][ T8322] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.175923][ T8322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.183692][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.192729][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.231043][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.239351][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.248237][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.256861][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.266215][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.274865][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 275.283393][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.293908][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 275.302467][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.311772][ T9371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.322797][ T9374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.344955][ T9374] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.377128][ T9371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.400308][ T9374] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 275.410807][ T9374] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 275.439913][ T9374] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.449724][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.458708][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 275.468770][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.477115][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.485645][ T8322] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.492755][ T8322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.500491][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.509040][ T8322] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.516184][ T8322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.524622][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.533449][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.542159][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.551008][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.562091][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.570234][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.578248][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.820253][ T9389] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 275.833012][ T9389] CPU: 0 PID: 9389 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 275.840588][ T9389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.850661][ T9389] Call Trace: [ 275.853985][ T9389] dump_stack+0x1d8/0x2f8 [ 275.858378][ T9389] dump_header+0xd8/0x970 [ 275.862821][ T9389] oom_kill_process+0xcd/0x320 [ 275.867609][ T9389] out_of_memory+0x5e1/0x8a0 [ 275.872218][ T9389] ? retint_kernel+0x10/0x10 [ 275.876834][ T9389] ? unregister_oom_notifier+0x20/0x20 [ 275.882332][ T9389] memory_max_write+0x537/0x6a0 [ 275.887322][ T9389] ? memory_max_show+0xa0/0xa0 [ 275.892119][ T9389] ? trace_lock_acquire+0x154/0x1b0 [ 275.897351][ T9389] ? lock_acquire+0x158/0x250 [ 275.902047][ T9389] ? kernfs_fop_write+0x22e/0x4f0 [ 275.907094][ T9389] ? memory_max_show+0xa0/0xa0 [ 275.911901][ T9389] cgroup_file_write+0x27b/0x6e0 10:57:09 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) 10:57:09 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:09 executing program 1: socket(0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 275.916874][ T9389] ? cgroup_seqfile_stop+0xc0/0xc0 [ 275.922124][ T9389] ? cgroup_seqfile_stop+0xc0/0xc0 [ 275.927264][ T9389] kernfs_fop_write+0x3e4/0x4f0 [ 275.927283][ T9389] ? kernfs_fop_read+0x580/0x580 [ 275.927299][ T9389] __vfs_write+0xf9/0x7d0 [ 275.927313][ T9389] ? __lock_acquire+0x4750/0x4750 [ 275.927333][ T9389] ? __kernel_write+0x350/0x350 [ 275.927347][ T9389] ? trace_lock_acquire+0x154/0x1b0 [ 275.927386][ T9389] ? __sb_start_write+0x39c/0x440 [ 275.927401][ T9389] ? __kasan_check_read+0x11/0x20 [ 275.927418][ T9389] vfs_write+0x275/0x590 [ 275.927448][ T9389] ksys_write+0x16b/0x2a0 [ 275.937279][ T9389] ? __ia32_sys_read+0x90/0x90 [ 275.937293][ T9389] ? prepare_exit_to_usermode+0x1f7/0x580 [ 275.937307][ T9389] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 275.937320][ T9389] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 275.937330][ T9389] ? do_syscall_64+0x1d/0x140 [ 275.937345][ T9389] __x64_sys_write+0x7b/0x90 [ 275.937360][ T9389] do_syscall_64+0xfe/0x140 [ 275.937378][ T9389] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 275.937396][ T9389] RIP: 0033:0x459819 [ 276.021148][ T9389] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.041253][ T9389] RSP: 002b:00007f36e80dac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 276.049786][ T9389] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 276.057909][ T9389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 276.065908][ T9389] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 276.073907][ T9389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36e80db6d4 [ 276.081899][ T9389] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 276.090123][ T9389] memory: usage 5220kB, limit 0kB, failcnt 450077 [ 276.096854][ T9389] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 276.103862][ T9389] Memory cgroup stats for /syz2: [ 276.104321][ T9389] anon 4329472 [ 276.104321][ T9389] file 0 [ 276.104321][ T9389] kernel_stack 65536 [ 276.104321][ T9389] slab 679936 [ 276.104321][ T9389] sock 0 [ 276.104321][ T9389] shmem 0 [ 276.104321][ T9389] file_mapped 0 [ 276.104321][ T9389] file_dirty 0 [ 276.104321][ T9389] file_writeback 0 [ 276.104321][ T9389] anon_thp 4194304 [ 276.104321][ T9389] inactive_anon 0 [ 276.104321][ T9389] active_anon 4329472 [ 276.104321][ T9389] inactive_file 0 [ 276.104321][ T9389] active_file 0 [ 276.104321][ T9389] unevictable 0 [ 276.104321][ T9389] slab_reclaimable 135168 [ 276.104321][ T9389] slab_unreclaimable 544768 [ 276.104321][ T9389] pgfault 726 [ 276.104321][ T9389] pgmajfault 0 [ 276.104321][ T9389] workingset_refault 0 [ 276.104321][ T9389] workingset_activate 0 [ 276.104321][ T9389] workingset_nodereclaim 0 [ 276.104321][ T9389] pgrefill 0 [ 276.104321][ T9389] pgscan 0 [ 276.104321][ T9389] pgsteal 0 [ 276.104321][ T9389] pgactivate 0 [ 276.198204][ T9389] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9388,uid=0 [ 276.214048][ T9389] Memory cgroup out of memory: Killed process 9388 (syz-executor.2) total-vm:72576kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB [ 276.235000][ T1061] oom_reaper: reaped process 9388 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:57:10 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:10 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) dup(0xffffffffffffffff) 10:57:10 executing program 1: socket(0x15, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) 10:57:10 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 276.958607][ T9374] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 276.968986][ T9374] CPU: 0 PID: 9374 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 276.976550][ T9374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.986616][ T9374] Call Trace: [ 276.989917][ T9374] dump_stack+0x1d8/0x2f8 [ 276.994262][ T9374] dump_header+0xd8/0x970 [ 276.998630][ T9374] oom_kill_process+0xcd/0x320 [ 277.003413][ T9374] out_of_memory+0x5e1/0x8a0 [ 277.008011][ T9374] ? unregister_oom_notifier+0x20/0x20 [ 277.013488][ T9374] ? __kasan_check_read+0x11/0x20 [ 277.018534][ T9374] try_charge+0x134a/0x17b0 [ 277.023077][ T9374] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 277.028914][ T9374] ? __lock_acquire+0x4750/0x4750 [ 277.035476][ T9374] ? rcu_lock_release+0x15/0x20 [ 277.040325][ T9374] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 277.045866][ T9374] mem_cgroup_try_charge+0x216/0x560 [ 277.051162][ T9374] mem_cgroup_try_charge_delay+0x25/0xa0 [ 277.056804][ T9374] wp_page_copy+0x367/0x18c0 [ 277.061406][ T9374] ? rcu_lock_release+0x30/0x30 [ 277.066273][ T9374] ? __lock_acquire+0x4750/0x4750 [ 277.071307][ T9374] ? __kasan_check_read+0x11/0x20 [ 277.076353][ T9374] ? do_raw_spin_unlock+0x49/0x260 [ 277.081482][ T9374] do_wp_page+0x2c9/0x1ce0 [ 277.085916][ T9374] ? __rwlock_init+0x130/0x130 [ 277.090781][ T9374] ? count_memcg_event_mm+0x300/0x300 [ 277.096174][ T9374] handle_mm_fault+0x2bcf/0x6080 [ 277.101129][ T9374] ? finish_fault+0x230/0x230 [ 277.105821][ T9374] ? vmacache_find+0x566/0x5b0 [ 277.110599][ T9374] ? vmacache_update+0xb7/0x120 [ 277.115468][ T9374] do_user_addr_fault+0x589/0xaf0 [ 277.120502][ T9374] __do_page_fault+0xd3/0x1f0 [ 277.125179][ T9374] do_page_fault+0x99/0xb0 [ 277.129597][ T9374] page_fault+0x39/0x40 [ 277.133771][ T9374] RIP: 0033:0x4308f6 [ 277.137685][ T9374] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 277.158265][ T9374] RSP: 002b:00007ffdabb36950 EFLAGS: 00010206 [ 277.164340][ T9374] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 277.172322][ T9374] RDX: 0000555556868930 RSI: 0000555556870970 RDI: 0000000000000003 [ 277.180309][ T9374] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556867940 [ 277.188293][ T9374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 277.196268][ T9374] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 277.204392][ T9374] memory: usage 828kB, limit 0kB, failcnt 450085 [ 277.210752][ T9374] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 277.217674][ T9374] Memory cgroup stats for /syz2: [ 277.217773][ T9374] anon 69632 [ 277.217773][ T9374] file 0 [ 277.217773][ T9374] kernel_stack 0 [ 277.217773][ T9374] slab 679936 [ 277.217773][ T9374] sock 0 [ 277.217773][ T9374] shmem 0 [ 277.217773][ T9374] file_mapped 0 [ 277.217773][ T9374] file_dirty 0 [ 277.217773][ T9374] file_writeback 0 [ 277.217773][ T9374] anon_thp 0 [ 277.217773][ T9374] inactive_anon 0 [ 277.217773][ T9374] active_anon 69632 [ 277.217773][ T9374] inactive_file 0 [ 277.217773][ T9374] active_file 0 [ 277.217773][ T9374] unevictable 0 [ 277.217773][ T9374] slab_reclaimable 135168 [ 277.217773][ T9374] slab_unreclaimable 544768 [ 277.217773][ T9374] pgfault 759 [ 277.217773][ T9374] pgmajfault 0 [ 277.217773][ T9374] workingset_refault 0 [ 277.217773][ T9374] workingset_activate 0 [ 277.217773][ T9374] workingset_nodereclaim 0 [ 277.217773][ T9374] pgrefill 0 [ 277.217773][ T9374] pgscan 0 [ 277.217773][ T9374] pgsteal 0 [ 277.217773][ T9374] pgactivate 0 [ 277.217773][ T9374] pgdeactivate 0 [ 277.222742][ T9374] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9374,uid=0 [ 277.329111][ T9374] Memory cgroup out of memory: Killed process 9374 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 277.365595][ T1061] oom_reaper: reaped process 9374 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:57:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) 10:57:11 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:11 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x1c) [ 277.857265][ T9429] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 277.867852][ T9429] CPU: 1 PID: 9429 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 277.875443][ T9429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 277.885571][ T9429] Call Trace: [ 277.888890][ T9429] dump_stack+0x1d8/0x2f8 [ 277.893251][ T9429] dump_header+0xd8/0x970 [ 277.897615][ T9429] oom_kill_process+0xcd/0x320 [ 277.902415][ T9429] out_of_memory+0x5e1/0x8a0 [ 277.907024][ T9429] ? retint_kernel+0x10/0x10 [ 277.911640][ T9429] ? unregister_oom_notifier+0x20/0x20 [ 277.917136][ T9429] memory_max_write+0x537/0x6a0 [ 277.922117][ T9429] ? memory_max_show+0xa0/0xa0 [ 277.926909][ T9429] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 277.932233][ T9429] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 277.937714][ T9429] ? retint_kernel+0x10/0x10 [ 277.942318][ T9429] ? memory_max_show+0xa0/0xa0 [ 277.947107][ T9429] cgroup_file_write+0x27b/0x6e0 [ 277.952193][ T9429] ? cgroup_seqfile_stop+0xc0/0xc0 [ 277.957332][ T9429] ? cgroup_seqfile_stop+0xc0/0xc0 [ 277.962463][ T9429] ? kernfs_fop_write+0x349/0x4f0 [ 277.967609][ T9429] ? cgroup_seqfile_stop+0xc0/0xc0 [ 277.972745][ T9429] kernfs_fop_write+0x3e4/0x4f0 [ 277.977742][ T9429] ? kernfs_fop_read+0x580/0x580 [ 277.982704][ T9429] __vfs_write+0xf9/0x7d0 [ 277.987065][ T9429] ? __kernel_write+0x350/0x350 [ 277.991941][ T9429] ? retint_kernel+0x10/0x10 [ 277.996572][ T9429] ? __sb_start_write+0x39c/0x440 [ 278.001644][ T9429] vfs_write+0x275/0x590 [ 278.005923][ T9429] ksys_write+0x16b/0x2a0 [ 278.010283][ T9429] ? __ia32_sys_read+0x90/0x90 [ 278.015070][ T9429] ? prepare_exit_to_usermode+0x1f7/0x580 [ 278.020985][ T9429] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 278.026730][ T9429] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 278.032222][ T9429] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 278.037972][ T9429] ? do_syscall_64+0x1d/0x140 [ 278.042670][ T9429] __x64_sys_write+0x7b/0x90 [ 278.047285][ T9429] do_syscall_64+0xfe/0x140 [ 278.051814][ T9429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 278.057726][ T9429] RIP: 0033:0x459819 [ 278.061638][ T9429] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 278.081374][ T9429] RSP: 002b:00007fd6db645c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 278.089910][ T9429] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 278.097937][ T9429] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 10:57:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x1c) [ 278.105949][ T9429] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 278.113998][ T9429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6db6466d4 [ 278.122007][ T9429] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 278.130733][ T9429] memory: usage 7140kB, limit 0kB, failcnt 11 [ 278.137093][ T9429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 278.144203][ T9429] Memory cgroup stats for /syz5 [ 278.144257][ T9429] : [ 278.145314][ T9429] anon 4317184 [ 278.145314][ T9429] file 0 [ 278.145314][ T9429] kernel_stack 0 [ 278.145314][ T9429] slab 2854912 [ 278.145314][ T9429] sock 0 [ 278.145314][ T9429] shmem 0 [ 278.145314][ T9429] file_mapped 0 [ 278.145314][ T9429] file_dirty 0 [ 278.145314][ T9429] file_writeback 0 [ 278.145314][ T9429] anon_thp 4194304 [ 278.145314][ T9429] inactive_anon 0 [ 278.145314][ T9429] active_anon 4317184 [ 278.145314][ T9429] inactive_file 0 [ 278.145314][ T9429] active_file 0 [ 278.145314][ T9429] unevictable 0 [ 278.145314][ T9429] slab_reclaimable 1081344 [ 278.145314][ T9429] slab_unreclaimable 1773568 [ 278.145314][ T9429] pgfault 3630 [ 278.145314][ T9429] pgmajfault 0 [ 278.145314][ T9429] workingset_refault 0 [ 278.145314][ T9429] workingset_activate 0 [ 278.145314][ T9429] workingset_nodereclaim 0 [ 278.145314][ T9429] pgrefill 0 [ 278.145314][ T9429] pgscan 0 [ 278.145314][ T9429] pgsteal 0 [ 278.145314][ T9429] pgactivate 0 [ 278.244520][ T9429] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9428,uid=0 [ 278.260475][ T9429] Memory cgroup out of memory: Killed process 9428 (syz-executor.5) total-vm:72572kB, anon-rss:4196kB, file-rss:34816kB, shmem-rss:0kB [ 278.277270][ T1061] oom_reaper: reaped process 9428 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 278.701321][ T9371] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 278.712662][ T9371] CPU: 0 PID: 9371 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 278.720218][ T9371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.730285][ T9371] Call Trace: [ 278.733600][ T9371] dump_stack+0x1d8/0x2f8 [ 278.737944][ T9371] dump_header+0xd8/0x970 [ 278.742287][ T9371] oom_kill_process+0xcd/0x320 [ 278.747062][ T9371] out_of_memory+0x5e1/0x8a0 [ 278.751668][ T9371] ? unregister_oom_notifier+0x20/0x20 [ 278.757144][ T9371] ? __kasan_check_read+0x11/0x20 [ 278.762184][ T9371] try_charge+0x134a/0x17b0 [ 278.766722][ T9371] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 278.772545][ T9371] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 278.778280][ T9371] ? trace_mm_page_alloc+0x187/0x1d0 [ 278.783594][ T9371] __memcg_kmem_charge_memcg+0x78/0x180 [ 278.789154][ T9371] ? memcg_kmem_put_cache+0x50/0x50 [ 278.794398][ T9371] ? kmem_freepages+0x580/0x580 [ 278.799265][ T9371] kmem_getpages+0x411/0x970 [ 278.803856][ T9371] cache_grow_begin+0x7e/0x2c0 [ 278.808622][ T9371] ? __cpuset_node_allowed+0x198/0x530 [ 278.814094][ T9371] fallback_alloc+0x134/0x1c0 [ 278.818798][ T9371] ____cache_alloc_node+0x22a/0x250 [ 278.824003][ T9371] kmem_cache_alloc_node_trace+0x1eb/0x2c0 [ 278.829814][ T9371] ? __kmalloc_node+0x3c/0x60 [ 278.834502][ T9371] __kmalloc_node+0x3c/0x60 [ 278.839050][ T9371] kvmalloc_node+0xcc/0x130 [ 278.843573][ T9371] xt_alloc_table_info+0x45/0xb0 [ 278.848523][ T9371] do_ip6t_set_ctl+0x285/0x5b0 [ 278.853295][ T9371] ? mutex_lock_io_nested+0x60/0x60 [ 278.858506][ T9371] ? cleanup_entry+0x4d0/0x4d0 [ 278.863304][ T9371] ? __mutex_unlock_slowpath+0x18c/0x630 [ 278.868963][ T9371] nf_setsockopt+0x286/0x2b0 [ 278.873567][ T9371] ipv6_setsockopt+0x9e/0x170 [ 278.878267][ T9371] tcp_setsockopt+0xbe/0xd0 [ 278.882783][ T9371] sock_common_setsockopt+0x99/0xb0 [ 278.887986][ T9371] ? sock_common_recvmsg+0x240/0x240 [ 278.893270][ T9371] __sys_setsockopt+0x683/0x870 [ 278.898127][ T9371] ? rcu_lock_release+0x30/0x30 [ 278.902985][ T9371] ? up_read+0x22/0x30 [ 278.907171][ T9371] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 278.912643][ T9371] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 278.918377][ T9371] __x64_sys_setsockopt+0xbf/0xd0 [ 278.923587][ T9371] do_syscall_64+0xfe/0x140 [ 278.928285][ T9371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 278.934190][ T9371] RIP: 0033:0x45c34a [ 278.938092][ T9371] Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ba 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 278.958878][ T9371] RSP: 002b:00007ffc2e250488 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 278.967394][ T9371] RAX: ffffffffffffffda RBX: 00007ffc2e2504b0 RCX: 000000000045c34a [ 278.975385][ T9371] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 278.983380][ T9371] RBP: 0000000000712cc0 R08: 00000000000003b8 R09: 0000000000004000 [ 278.991551][ T9371] R10: 0000000000712660 R11: 0000000000000206 R12: 0000000000000003 [ 278.999540][ T9371] R13: 0000000000000000 R14: 0000000000000029 R15: 0000000000712600 [ 279.007640][ T9371] memory: usage 2752kB, limit 0kB, failcnt 23 [ 279.016783][ T9371] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 279.024550][ T9371] Memory cgroup stats for /syz5: [ 279.024661][ T9371] anon 73728 [ 279.024661][ T9371] file 0 [ 279.024661][ T9371] kernel_stack 0 [ 279.024661][ T9371] slab 2854912 [ 279.024661][ T9371] sock 0 [ 279.024661][ T9371] shmem 0 [ 279.024661][ T9371] file_mapped 0 [ 279.024661][ T9371] file_dirty 0 [ 279.024661][ T9371] file_writeback 0 [ 279.024661][ T9371] anon_thp 0 [ 279.024661][ T9371] inactive_anon 0 [ 279.024661][ T9371] active_anon 73728 [ 279.024661][ T9371] inactive_file 0 [ 279.024661][ T9371] active_file 0 [ 279.024661][ T9371] unevictable 0 [ 279.024661][ T9371] slab_reclaimable 1081344 [ 279.024661][ T9371] slab_unreclaimable 1773568 [ 279.024661][ T9371] pgfault 3663 [ 279.024661][ T9371] pgmajfault 0 [ 279.024661][ T9371] workingset_refault 0 [ 279.024661][ T9371] workingset_activate 0 [ 279.024661][ T9371] workingset_nodereclaim 0 [ 279.024661][ T9371] pgrefill 0 [ 279.024661][ T9371] pgscan 0 [ 279.024661][ T9371] pgsteal 0 [ 279.024661][ T9371] pgactivate 0 [ 279.024661][ T9371] pgdeactivate 0 [ 279.122361][ T9371] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9371,uid=0 [ 279.138078][ T9371] Memory cgroup out of memory: Killed process 9371 (syz-executor.5) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 279.154648][ T1061] oom_reaper: reaped process 9371 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 279.214680][ T9371] ip6_tables: ip6tables: counters copy to user failed while replacing table 10:57:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x1c) 10:57:13 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:13 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:13 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:13 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:13 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, 0x0, 0x0) 10:57:13 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, 0x0, 0x0) 10:57:14 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:14 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:14 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x7a7, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, 0x0, 0x0) 10:57:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:14 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 282.291411][ T9506] IPVS: ftp: loaded support on port[0] = 21 [ 282.412138][ T9506] chnl_net:caif_netlink_parms(): no params data found [ 282.421552][ T280] device bridge_slave_1 left promiscuous mode [ 282.427932][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.495413][ T280] device bridge_slave_0 left promiscuous mode [ 282.501624][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.265515][ T280] device hsr_slave_0 left promiscuous mode [ 284.314845][ T280] device hsr_slave_1 left promiscuous mode [ 284.370577][ T280] team0 (unregistering): Port device team_slave_1 removed [ 284.383518][ T280] team0 (unregistering): Port device team_slave_0 removed [ 284.393743][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.427599][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.497977][ T280] bond0 (unregistering): Released all slaves [ 284.623309][ T9506] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.623977][ T9509] IPVS: ftp: loaded support on port[0] = 21 [ 284.630557][ T9506] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.644648][ T9506] device bridge_slave_0 entered promiscuous mode [ 284.672934][ T9506] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.680121][ T9506] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.688390][ T9506] device bridge_slave_1 entered promiscuous mode [ 284.710519][ T9506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.721737][ T9506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.753038][ T9506] team0: Port device team_slave_0 added [ 284.762567][ T9506] team0: Port device team_slave_1 added [ 284.806004][ T9506] device hsr_slave_0 entered promiscuous mode [ 284.854657][ T9506] device hsr_slave_1 entered promiscuous mode [ 284.956175][ T9506] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.963307][ T9506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.970908][ T9506] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.978055][ T9506] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.022166][ T9509] chnl_net:caif_netlink_parms(): no params data found [ 285.082910][ T9509] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.090232][ T9509] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.098380][ T9509] device bridge_slave_0 entered promiscuous mode [ 285.106569][ T9509] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.113667][ T9509] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.121849][ T9509] device bridge_slave_1 entered promiscuous mode [ 285.151515][ T9509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.175608][ T9506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.183974][ T9509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.200409][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 285.215756][ T8322] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.223648][ T8322] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.240039][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 285.265112][ T9509] team0: Port device team_slave_0 added [ 285.281184][ T9506] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.289326][ T9509] team0: Port device team_slave_1 added [ 285.303871][ T8322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 285.312870][ T8322] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.320018][ T8322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.456895][ T9509] device hsr_slave_0 entered promiscuous mode [ 285.524618][ T9509] device hsr_slave_1 entered promiscuous mode [ 285.574237][ T9509] debugfs: Directory 'hsr0' with parent '/' already present! [ 285.591554][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 285.600101][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.607234][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.635390][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 285.656110][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 285.664347][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 285.672777][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 285.685552][ T9506] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 285.696989][ T9506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 285.705457][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 285.713851][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 285.733534][ T9506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 285.816682][ T9509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.853016][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 285.860997][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 285.872288][ T9509] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.918373][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 285.927682][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 285.936218][ T2620] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.943278][ T2620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.958652][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 285.989429][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 285.998222][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.007862][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.014970][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.061606][ T9509] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 286.072513][ T9509] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 286.094579][ T9517] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 286.104981][ T9517] CPU: 0 PID: 9517 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 286.112533][ T9517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.122598][ T9517] Call Trace: [ 286.125768][ T9509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.125901][ T9517] dump_stack+0x1d8/0x2f8 [ 286.136988][ T9517] dump_header+0xd8/0x970 [ 286.137006][ T9517] oom_kill_process+0xcd/0x320 [ 286.137023][ T9517] out_of_memory+0x5e1/0x8a0 [ 286.137039][ T9517] ? retint_kernel+0x10/0x10 [ 286.155814][ T9517] ? unregister_oom_notifier+0x20/0x20 [ 286.161314][ T9517] memory_max_write+0x537/0x6a0 [ 286.166203][ T9517] ? memory_max_show+0xa0/0xa0 [ 286.171010][ T9517] ? memory_max_show+0xa0/0xa0 [ 286.175795][ T9517] cgroup_file_write+0x27b/0x6e0 [ 286.180755][ T9517] ? cgroup_seqfile_stop+0xc0/0xc0 [ 286.185896][ T9517] ? cgroup_seqfile_stop+0xc0/0xc0 [ 286.191030][ T9517] kernfs_fop_write+0x3e4/0x4f0 [ 286.195905][ T9517] ? kernfs_fop_read+0x580/0x580 [ 286.200864][ T9517] __vfs_write+0xf9/0x7d0 [ 286.205218][ T9517] ? __kernel_write+0x350/0x350 [ 286.210120][ T9517] ? __sb_start_write+0x39c/0x440 [ 286.215160][ T9517] ? __kasan_check_read+0x11/0x20 [ 286.220203][ T9517] vfs_write+0x275/0x590 [ 286.224474][ T9517] ksys_write+0x16b/0x2a0 [ 286.228824][ T9517] ? __ia32_sys_read+0x90/0x90 [ 286.233605][ T9517] ? retint_kernel+0x10/0x10 [ 286.238217][ T9517] __x64_sys_write+0x7b/0x90 [ 286.242915][ T9517] do_syscall_64+0xfe/0x140 [ 286.247443][ T9517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.253345][ T9517] RIP: 0033:0x459819 [ 286.257247][ T9517] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 286.276879][ T9517] RSP: 002b:00007f633ffc2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.285321][ T9517] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 286.293320][ T9517] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 286.301347][ T9517] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 286.309344][ T9517] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f633ffc36d4 [ 286.317326][ T9517] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 286.323751][ T9517] memory: usage 5240kB, limit 0kB, failcnt 450086 [ 286.332114][ T9517] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 286.339117][ T9517] Memory cgroup stats for /syz2: [ 286.339405][ T9517] anon 4337664 [ 286.339405][ T9517] file 0 [ 286.339405][ T9517] kernel_stack 65536 [ 286.339405][ T9517] slab 679936 [ 286.339405][ T9517] sock 0 [ 286.339405][ T9517] shmem 0 [ 286.339405][ T9517] file_mapped 0 [ 286.339405][ T9517] file_dirty 0 [ 286.339405][ T9517] file_writeback 0 [ 286.339405][ T9517] anon_thp 4194304 [ 286.339405][ T9517] inactive_anon 0 [ 286.339405][ T9517] active_anon 4337664 [ 286.339405][ T9517] inactive_file 0 [ 286.339405][ T9517] active_file 0 [ 286.339405][ T9517] unevictable 0 [ 286.339405][ T9517] slab_reclaimable 135168 [ 286.339405][ T9517] slab_unreclaimable 544768 [ 286.339405][ T9517] pgfault 792 [ 286.339405][ T9517] pgmajfault 0 [ 286.339405][ T9517] workingset_refault 0 [ 286.339405][ T9517] workingset_activate 0 [ 286.339405][ T9517] workingset_nodereclaim 0 [ 286.339405][ T9517] pgrefill 0 [ 286.339405][ T9517] pgscan 0 [ 286.339405][ T9517] pgsteal 0 [ 286.339405][ T9517] pgactivate 0 [ 286.433088][ T9517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9516,uid=0 [ 286.449265][ T9517] Memory cgroup out of memory: Killed process 9516 (syz-executor.2) total-vm:72708kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 286.465397][ T9524] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 286.468514][ T1061] oom_reaper: reaped process 9516 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 286.478749][ T9524] CPU: 1 PID: 9524 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 286.487053][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 286.494250][ T9524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.494257][ T9524] Call Trace: [ 286.494283][ T9524] dump_stack+0x1d8/0x2f8 [ 286.494297][ T9524] dump_header+0xd8/0x970 [ 286.494310][ T9524] oom_kill_process+0xcd/0x320 [ 286.494321][ T9524] out_of_memory+0x5e1/0x8a0 [ 286.494332][ T9524] ? unregister_oom_notifier+0x20/0x20 [ 286.494342][ T9524] ? trace_hardirqs_on+0x74/0x80 [ 286.494360][ T9524] memory_max_write+0x537/0x6a0 [ 286.494381][ T9524] ? memory_max_show+0xa0/0xa0 [ 286.503257][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 286.512358][ T9524] ? trace_lock_acquire+0x154/0x1b0 [ 286.512370][ T9524] ? lock_acquire+0x158/0x250 [ 286.512381][ T9524] ? kernfs_fop_write+0x22e/0x4f0 [ 286.512390][ T9524] ? memory_max_show+0xa0/0xa0 [ 286.512401][ T9524] cgroup_file_write+0x27b/0x6e0 [ 286.512416][ T9524] ? cgroup_seqfile_stop+0xc0/0xc0 [ 286.512430][ T9524] ? cgroup_seqfile_stop+0xc0/0xc0 [ 286.512441][ T9524] kernfs_fop_write+0x3e4/0x4f0 [ 286.512457][ T9524] ? kernfs_fop_read+0x580/0x580 [ 286.516898][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 286.520083][ T9524] __vfs_write+0xf9/0x7d0 [ 286.525290][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.529152][ T9524] ? __kernel_write+0x350/0x350 [ 286.534538][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.539204][ T9524] ? retint_kernel+0x10/0x10 [ 286.545076][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.548988][ T9524] ? __sb_start_write+0x39c/0x440 [ 286.554553][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 286.561636][ T9524] vfs_write+0x275/0x590 [ 286.567585][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 286.571504][ T9524] ksys_write+0x16b/0x2a0 [ 286.577448][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 286.581278][ T9524] ? __ia32_sys_read+0x90/0x90 [ 286.587088][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 286.591403][ T9524] ? do_syscall_64+0xc0/0x140 [ 286.606992][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 286.614149][ T9524] __x64_sys_write+0x7b/0x90 [ 286.614166][ T9524] do_syscall_64+0xfe/0x140 [ 286.614180][ T9524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.614191][ T9524] RIP: 0033:0x459819 [ 286.614210][ T9524] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 286.614216][ T9524] RSP: 002b:00007fef4c0ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.614226][ T9524] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 286.614231][ T9524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 286.614237][ T9524] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 286.614243][ T9524] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef4c0ec6d4 [ 286.614249][ T9524] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 286.614428][ T9524] memory: usage 6928kB, limit 0kB, failcnt 28 [ 286.614466][ T9524] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 286.614503][ T9524] Memory cgroup stats for /syz5: [ 286.615433][ T9524] anon 4390912 [ 286.615433][ T9524] file 0 [ 286.615433][ T9524] kernel_stack 65536 [ 286.615433][ T9524] slab 2719744 [ 286.615433][ T9524] sock 0 [ 286.615433][ T9524] shmem 0 [ 286.615433][ T9524] file_mapped 0 [ 286.615433][ T9524] file_dirty 0 [ 286.615433][ T9524] file_writeback 0 [ 286.615433][ T9524] anon_thp 4194304 [ 286.615433][ T9524] inactive_anon 0 [ 286.615433][ T9524] active_anon 4390912 [ 286.615433][ T9524] inactive_file 0 [ 286.615433][ T9524] active_file 0 [ 286.615433][ T9524] unevictable 0 [ 286.615433][ T9524] slab_reclaimable 1081344 [ 286.615433][ T9524] slab_unreclaimable 1638400 [ 286.615433][ T9524] pgfault 3729 [ 286.615433][ T9524] pgmajfault 0 [ 286.615433][ T9524] workingset_refault 0 [ 286.615433][ T9524] workingset_activate 0 [ 286.615433][ T9524] workingset_nodereclaim 0 [ 286.615433][ T9524] pgrefill 0 [ 286.615433][ T9524] pgscan 0 [ 286.615433][ T9524] pgsteal 0 [ 286.615433][ T9524] pgactivate 0 [ 286.619682][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 10:57:20 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:20 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:20 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 286.626860][ T9524] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9523,uid=0 [ 286.932743][ T9524] Memory cgroup out of memory: Killed process 9523 (syz-executor.5) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 286.950846][ T1061] oom_reaper: reaped process 9523 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 286.962054][ T9506] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 286.972537][ T9506] CPU: 0 PID: 9506 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 286.980191][ T9506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.990275][ T9506] Call Trace: [ 286.993591][ T9506] dump_stack+0x1d8/0x2f8 [ 286.997951][ T9506] dump_header+0xd8/0x970 [ 287.002295][ T9506] oom_kill_process+0xcd/0x320 [ 287.007076][ T9506] out_of_memory+0x5e1/0x8a0 [ 287.011689][ T9506] ? unregister_oom_notifier+0x20/0x20 [ 287.017192][ T9506] ? __kasan_check_read+0x11/0x20 [ 287.022246][ T9506] try_charge+0x134a/0x17b0 [ 287.026812][ T9506] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 287.034046][ T9506] ? __lock_acquire+0x4750/0x4750 [ 287.039108][ T9506] ? rcu_lock_release+0x15/0x20 [ 287.043984][ T9506] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 287.049551][ T9506] mem_cgroup_try_charge+0x216/0x560 [ 287.054869][ T9506] mem_cgroup_try_charge_delay+0x25/0xa0 [ 287.060539][ T9506] handle_mm_fault+0x31f3/0x6080 [ 287.065506][ T9506] ? finish_fault+0x230/0x230 [ 287.070213][ T9506] ? vmacache_find+0x251/0x5b0 [ 287.075095][ T9506] do_user_addr_fault+0x589/0xaf0 [ 287.080355][ T9506] __do_page_fault+0xd3/0x1f0 [ 287.085085][ T9506] do_page_fault+0x99/0xb0 [ 287.089523][ T9506] page_fault+0x39/0x40 [ 287.093704][ T9506] RIP: 0033:0x403442 [ 287.097608][ T9506] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 287.117233][ T9506] RSP: 002b:00007ffe7c722e60 EFLAGS: 00010246 [ 287.123343][ T9506] RAX: 0000000000000000 RBX: 0000000000045d6e RCX: 0000000000413420 [ 287.131334][ T9506] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe7c723f90 [ 287.140260][ T9506] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555566d5940 [ 287.148250][ T9506] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7c723f90 [ 287.156240][ T9506] R13: 00007ffe7c723f80 R14: 0000000000000000 R15: 00007ffe7c723f90 [ 287.164435][ T9506] memory: usage 812kB, limit 0kB, failcnt 450094 [ 287.170785][ T9506] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 287.177702][ T9506] Memory cgroup stats for /syz2: [ 287.177801][ T9506] anon 73728 [ 287.177801][ T9506] file 0 [ 287.177801][ T9506] kernel_stack 0 [ 287.177801][ T9506] slab 679936 [ 287.177801][ T9506] sock 0 [ 287.177801][ T9506] shmem 0 [ 287.177801][ T9506] file_mapped 0 [ 287.177801][ T9506] file_dirty 0 [ 287.177801][ T9506] file_writeback 0 [ 287.177801][ T9506] anon_thp 0 [ 287.177801][ T9506] inactive_anon 0 [ 287.177801][ T9506] active_anon 73728 [ 287.177801][ T9506] inactive_file 0 [ 287.177801][ T9506] active_file 0 [ 287.177801][ T9506] unevictable 0 [ 287.177801][ T9506] slab_reclaimable 135168 [ 287.177801][ T9506] slab_unreclaimable 544768 [ 287.177801][ T9506] pgfault 825 [ 287.177801][ T9506] pgmajfault 0 [ 287.177801][ T9506] workingset_refault 0 [ 287.177801][ T9506] workingset_activate 0 [ 287.177801][ T9506] workingset_nodereclaim 0 [ 287.177801][ T9506] pgrefill 0 [ 287.177801][ T9506] pgscan 0 [ 287.177801][ T9506] pgsteal 0 [ 287.177801][ T9506] pgactivate 0 [ 287.177801][ T9506] pgdeactivate 0 [ 287.273556][ T9506] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9506,uid=0 [ 287.274164][ T9506] Memory cgroup out of memory: Killed process 9506 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 287.339604][ T1061] oom_reaper: reaped process 9506 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 287.425148][ T9509] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 287.435156][ T9509] CPU: 0 PID: 9509 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 287.442750][ T9509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.452821][ T9509] Call Trace: [ 287.456129][ T9509] dump_stack+0x1d8/0x2f8 [ 287.460482][ T9509] dump_header+0xd8/0x970 [ 287.464836][ T9509] oom_kill_process+0xcd/0x320 [ 287.469633][ T9509] out_of_memory+0x5e1/0x8a0 [ 287.474250][ T9509] ? unregister_oom_notifier+0x20/0x20 [ 287.479741][ T9509] ? __kasan_check_read+0x11/0x20 [ 287.484793][ T9509] try_charge+0x134a/0x17b0 [ 287.489335][ T9509] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 287.495162][ T9509] ? __lock_acquire+0x4750/0x4750 [ 287.500212][ T9509] ? rcu_lock_release+0x15/0x20 [ 287.505081][ T9509] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 287.510732][ T9509] mem_cgroup_try_charge+0x216/0x560 [ 287.516038][ T9509] mem_cgroup_try_charge_delay+0x25/0xa0 [ 287.521684][ T9509] wp_page_copy+0x367/0x18c0 [ 287.526291][ T9509] ? rcu_lock_release+0x30/0x30 [ 287.531146][ T9509] ? __lock_acquire+0x4750/0x4750 [ 287.536174][ T9509] ? __kasan_check_read+0x11/0x20 [ 287.541209][ T9509] ? do_raw_spin_unlock+0x49/0x260 [ 287.546336][ T9509] do_wp_page+0x2c9/0x1ce0 [ 287.550946][ T9509] ? __rwlock_init+0x130/0x130 [ 287.555727][ T9509] ? count_memcg_event_mm+0x300/0x300 [ 287.561125][ T9509] handle_mm_fault+0x2bcf/0x6080 [ 287.566083][ T9509] ? finish_fault+0x230/0x230 [ 287.570890][ T9509] ? vmacache_find+0x251/0x5b0 [ 287.575674][ T9509] do_user_addr_fault+0x589/0xaf0 [ 287.580738][ T9509] __do_page_fault+0xd3/0x1f0 [ 287.585430][ T9509] do_page_fault+0x99/0xb0 [ 287.589907][ T9509] page_fault+0x39/0x40 [ 287.594162][ T9509] RIP: 0033:0x4308f6 [ 287.598069][ T9509] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 287.617726][ T9509] RSP: 002b:00007ffca60c4760 EFLAGS: 00010206 [ 287.623860][ T9509] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 287.631847][ T9509] RDX: 00005555564c1930 RSI: 00005555564c9970 RDI: 0000000000000003 [ 287.639853][ T9509] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555564c0940 [ 287.647927][ T9509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 287.655908][ T9509] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 287.664135][ T9509] memory: usage 2540kB, limit 0kB, failcnt 36 [ 287.670243][ T9509] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 287.677166][ T9509] Memory cgroup stats for /syz5: [ 287.677258][ T9509] anon 57344 [ 287.677258][ T9509] file 0 [ 287.677258][ T9509] kernel_stack 0 [ 287.677258][ T9509] slab 2719744 [ 287.677258][ T9509] sock 0 [ 287.677258][ T9509] shmem 0 [ 287.677258][ T9509] file_mapped 0 [ 287.677258][ T9509] file_dirty 0 [ 287.677258][ T9509] file_writeback 0 [ 287.677258][ T9509] anon_thp 0 [ 287.677258][ T9509] inactive_anon 0 [ 287.677258][ T9509] active_anon 57344 [ 287.677258][ T9509] inactive_file 0 [ 287.677258][ T9509] active_file 0 [ 287.677258][ T9509] unevictable 0 [ 287.677258][ T9509] slab_reclaimable 1081344 [ 287.677258][ T9509] slab_unreclaimable 1638400 [ 287.677258][ T9509] pgfault 3729 [ 287.677258][ T9509] pgmajfault 0 [ 287.677258][ T9509] workingset_refault 0 [ 287.677258][ T9509] workingset_activate 0 [ 287.677258][ T9509] workingset_nodereclaim 0 [ 287.677258][ T9509] pgrefill 0 [ 287.677258][ T9509] pgscan 0 [ 287.677258][ T9509] pgsteal 0 [ 287.677258][ T9509] pgactivate 0 [ 287.677258][ T9509] pgdeactivate 0 10:57:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:21 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:21 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 287.682312][ T9509] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9509,uid=0 [ 287.788845][ T9509] Memory cgroup out of memory: Killed process 9509 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 287.807531][ T1061] oom_reaper: reaped process 9509 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 287.819553][ T9529] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 287.832342][ T9529] CPU: 0 PID: 9529 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 287.839937][ T9529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.850029][ T9529] Call Trace: [ 287.853362][ T9529] dump_stack+0x1d8/0x2f8 [ 287.857822][ T9529] dump_header+0xd8/0x970 [ 287.862198][ T9529] oom_kill_process+0xcd/0x320 [ 287.867003][ T9529] out_of_memory+0x5e1/0x8a0 [ 287.871623][ T9529] ? retint_kernel+0x10/0x10 10:57:21 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x0, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 287.876256][ T9529] ? unregister_oom_notifier+0x20/0x20 [ 287.882122][ T9529] memory_max_write+0x537/0x6a0 [ 287.887044][ T9529] ? memory_max_show+0xa0/0xa0 [ 287.891870][ T9529] ? lock_acquire+0x1b2/0x250 [ 287.896582][ T9529] ? memory_max_show+0xa0/0xa0 [ 287.901391][ T9529] cgroup_file_write+0x27b/0x6e0 [ 287.906378][ T9529] ? cgroup_seqfile_stop+0xc0/0xc0 [ 287.911531][ T9529] ? cgroup_seqfile_stop+0xc0/0xc0 [ 287.916682][ T9529] kernfs_fop_write+0x3e4/0x4f0 [ 287.921584][ T9529] ? kernfs_fop_read+0x580/0x580 [ 287.926561][ T9529] __vfs_write+0xf9/0x7d0 [ 287.930941][ T9529] ? __kernel_write+0x350/0x350 [ 287.935857][ T9529] ? __sb_start_write+0x39c/0x440 [ 287.941002][ T9529] ? __kasan_check_read+0x11/0x20 [ 287.946066][ T9529] vfs_write+0x275/0x590 [ 287.950352][ T9529] ksys_write+0x16b/0x2a0 [ 287.954717][ T9529] ? __ia32_sys_read+0x90/0x90 [ 287.959510][ T9529] ? prepare_exit_to_usermode+0x1f7/0x580 [ 287.965269][ T9529] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 287.971018][ T9529] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 287.976502][ T9529] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 287.982285][ T9529] ? do_syscall_64+0x1d/0x140 [ 287.986998][ T9529] __x64_sys_write+0x7b/0x90 [ 287.991624][ T9529] do_syscall_64+0xfe/0x140 [ 287.996170][ T9529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.002091][ T9529] RIP: 0033:0x459819 [ 288.006010][ T9529] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 288.025642][ T9529] RSP: 002b:00007fecec28ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 288.034095][ T9529] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 288.042097][ T9529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 288.050103][ T9529] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 288.058108][ T9529] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fecec28f6d4 [ 288.066114][ T9529] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 288.074394][ T9529] memory: usage 8280kB, limit 0kB, failcnt 0 [ 288.080634][ T9529] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 288.087743][ T9529] Memory cgroup stats for /syz3: [ 288.088827][ T9529] anon 4288512 [ 288.088827][ T9529] file 12288 [ 288.088827][ T9529] kernel_stack 65536 [ 288.088827][ T9529] slab 3747840 [ 288.088827][ T9529] sock 0 [ 288.088827][ T9529] shmem 8192 [ 288.088827][ T9529] file_mapped 0 [ 288.088827][ T9529] file_dirty 0 [ 288.088827][ T9529] file_writeback 0 [ 288.088827][ T9529] anon_thp 4194304 10:57:21 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x0, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 288.088827][ T9529] inactive_anon 0 [ 288.088827][ T9529] active_anon 4288512 [ 288.088827][ T9529] inactive_file 0 [ 288.088827][ T9529] active_file 0 [ 288.088827][ T9529] unevictable 0 [ 288.088827][ T9529] slab_reclaimable 1351680 [ 288.088827][ T9529] slab_unreclaimable 2396160 [ 288.088827][ T9529] pgfault 5412 [ 288.088827][ T9529] pgmajfault 0 [ 288.088827][ T9529] workingset_refault 0 [ 288.088827][ T9529] workingset_activate 0 [ 288.088827][ T9529] workingset_nodereclaim 0 [ 288.088827][ T9529] pgrefill 0 [ 288.088827][ T9529] pgscan 0 [ 288.088827][ T9529] pgsteal 0 [ 288.088827][ T9529] pgactivate 0 [ 288.183367][ T9529] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9527,uid=0 [ 288.199409][ T9529] Memory cgroup out of memory: Killed process 9527 (syz-executor.3) total-vm:72704kB, anon-rss:4196kB, file-rss:34816kB, shmem-rss:0kB [ 288.237228][ T1061] oom_reaper: reaped process 9527 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 10:57:22 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x0, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:22 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 288.505548][ T8259] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 288.517584][ T8259] CPU: 0 PID: 8259 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 288.525247][ T8259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.535688][ T8259] Call Trace: [ 288.539004][ T8259] dump_stack+0x1d8/0x2f8 [ 288.543348][ T8259] dump_header+0xd8/0x970 [ 288.547776][ T8259] oom_kill_process+0xcd/0x320 [ 288.552539][ T8259] out_of_memory+0x5e1/0x8a0 [ 288.557149][ T8259] ? unregister_oom_notifier+0x20/0x20 [ 288.562631][ T8259] ? __kasan_check_read+0x11/0x20 [ 288.567668][ T8259] try_charge+0x134a/0x17b0 [ 288.572182][ T8259] ? rmqueue+0x2248/0x2810 [ 288.576607][ T8259] ? __lock_acquire+0x4750/0x4750 [ 288.581646][ T8259] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 288.587464][ T8259] ? rcu_lock_release+0x4/0x20 [ 288.592238][ T8259] __memcg_kmem_charge_memcg+0x78/0x180 [ 288.597806][ T8259] ? memcg_kmem_put_cache+0x50/0x50 [ 288.603005][ T8259] ? rcu_lock_release+0x15/0x20 [ 288.607862][ T8259] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 288.613417][ T8259] __memcg_kmem_charge+0x105/0x340 [ 288.618539][ T8259] __alloc_pages_nodemask+0x377/0x790 [ 288.623920][ T8259] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 288.629467][ T8259] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 288.635194][ T8259] ? copy_process+0x599/0x5a00 [ 288.639962][ T8259] copy_process+0x620/0x5a00 [ 288.644553][ T8259] ? do_wp_page+0x12d0/0x1ce0 [ 288.649255][ T8259] ? __rwlock_init+0x130/0x130 [ 288.654021][ T8259] ? count_memcg_event_mm+0x300/0x300 [ 288.659397][ T8259] ? fork_idle+0x290/0x290 [ 288.663824][ T8259] ? __lock_acquire+0x4750/0x4750 [ 288.668860][ T8259] ? lock_acquire+0x158/0x250 [ 288.673539][ T8259] _do_fork+0x179/0x630 [ 288.677718][ T8259] ? dup_mm+0x340/0x340 [ 288.681877][ T8259] ? __kasan_check_read+0x11/0x20 [ 288.686900][ T8259] ? _copy_to_user+0x104/0x150 [ 288.691669][ T8259] ? put_timespec64+0x106/0x150 [ 288.696529][ T8259] ? ktime_get_raw+0xf0/0xf0 [ 288.701128][ T8259] __x64_sys_clone+0x247/0x2b0 [ 288.706007][ T8259] ? __ia32_sys_vfork+0x110/0x110 [ 288.711217][ T8259] ? prepare_exit_to_usermode+0x1f7/0x580 [ 288.716953][ T8259] ? do_syscall_64+0x1d/0x140 [ 288.721652][ T8259] do_syscall_64+0xfe/0x140 [ 288.726269][ T8259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.732173][ T8259] RIP: 0033:0x457dea [ 288.736092][ T8259] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 288.755709][ T8259] RSP: 002b:00007ffe6aeb5d00 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 288.764162][ T8259] RAX: ffffffffffffffda RBX: 00007ffe6aeb5d00 RCX: 0000000000457dea [ 288.772153][ T8259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 288.780138][ T8259] RBP: 00007ffe6aeb5d40 R08: 0000000000000001 R09: 0000555556d08940 [ 288.788120][ T8259] R10: 0000555556d08c10 R11: 0000000000000246 R12: 0000000000000001 [ 288.796190][ T8259] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe6aeb5d90 [ 288.805347][ T8259] memory: usage 3848kB, limit 0kB, failcnt 12 [ 288.811447][ T8259] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 288.811460][ T8259] Memory cgroup stats for /syz3: [ 288.811563][ T8259] anon 81920 [ 288.811563][ T8259] file 12288 [ 288.811563][ T8259] kernel_stack 65536 [ 288.811563][ T8259] slab 3747840 [ 288.811563][ T8259] sock 0 [ 288.811563][ T8259] shmem 8192 [ 288.811563][ T8259] file_mapped 0 [ 288.811563][ T8259] file_dirty 0 [ 288.811563][ T8259] file_writeback 0 [ 288.811563][ T8259] anon_thp 0 [ 288.811563][ T8259] inactive_anon 0 [ 288.811563][ T8259] active_anon 81920 [ 288.811563][ T8259] inactive_file 0 [ 288.811563][ T8259] active_file 0 [ 288.811563][ T8259] unevictable 0 [ 288.811563][ T8259] slab_reclaimable 1351680 [ 288.811563][ T8259] slab_unreclaimable 2396160 [ 288.811563][ T8259] pgfault 5412 [ 288.811563][ T8259] pgmajfault 0 [ 288.811563][ T8259] workingset_refault 0 [ 288.811563][ T8259] workingset_activate 0 [ 288.811563][ T8259] workingset_nodereclaim 0 [ 288.811563][ T8259] pgrefill 0 [ 288.811563][ T8259] pgscan 0 [ 288.811563][ T8259] pgsteal 0 [ 288.811563][ T8259] pgactivate 0 [ 288.823388][ T8259] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8259,uid=0 [ 288.927634][ T8259] Memory cgroup out of memory: Killed process 8259 (syz-executor.3) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 288.950821][ T1061] oom_reaper: reaped process 8259 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 10:57:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:23 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:23 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:23 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) 10:57:23 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:23 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:24 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:24 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r0, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 292.496966][ T9611] IPVS: ftp: loaded support on port[0] = 21 [ 292.849165][ T9615] IPVS: ftp: loaded support on port[0] = 21 [ 292.850118][ T9616] IPVS: ftp: loaded support on port[0] = 21 [ 293.296670][ T9611] chnl_net:caif_netlink_parms(): no params data found [ 293.586841][ T9615] chnl_net:caif_netlink_parms(): no params data found [ 293.616755][ T9616] chnl_net:caif_netlink_parms(): no params data found [ 293.953099][ T9615] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.960356][ T9615] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.968233][ T9615] device bridge_slave_0 entered promiscuous mode [ 293.976709][ T9615] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.983800][ T9615] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.992565][ T9615] device bridge_slave_1 entered promiscuous mode [ 294.305550][ T9616] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.312662][ T9616] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.320749][ T9616] device bridge_slave_0 entered promiscuous mode [ 294.617252][ T9615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.627404][ T9616] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.634591][ T9616] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.642540][ T9616] device bridge_slave_1 entered promiscuous mode [ 294.649952][ T9611] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.657165][ T9611] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.665242][ T9611] device bridge_slave_0 entered promiscuous mode [ 294.679362][ T9615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.966006][ T9611] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.973179][ T9611] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.981296][ T9611] device bridge_slave_1 entered promiscuous mode [ 294.990184][ T9616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.023982][ T9611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.035905][ T9615] team0: Port device team_slave_0 added [ 295.043246][ T9616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.320009][ T9611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.337960][ T9615] team0: Port device team_slave_1 added [ 295.358263][ T9611] team0: Port device team_slave_0 added [ 295.382083][ T9616] team0: Port device team_slave_0 added [ 295.448424][ T9615] device hsr_slave_0 entered promiscuous mode [ 295.494490][ T9615] device hsr_slave_1 entered promiscuous mode [ 295.544377][ T9615] debugfs: Directory 'hsr0' with parent '/' already present! [ 295.553217][ T280] device bridge_slave_1 left promiscuous mode [ 295.559808][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.595541][ T280] device bridge_slave_0 left promiscuous mode [ 295.601959][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.645446][ T280] device bridge_slave_1 left promiscuous mode [ 295.651588][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.684945][ T280] device bridge_slave_0 left promiscuous mode [ 295.691129][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.746283][ T280] device bridge_slave_1 left promiscuous mode [ 295.752537][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.789038][ T280] device bridge_slave_0 left promiscuous mode [ 295.795358][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.845370][ T280] device bridge_slave_1 left promiscuous mode [ 295.851528][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.884960][ T280] device bridge_slave_0 left promiscuous mode [ 295.891143][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.234931][ T280] device hsr_slave_0 left promiscuous mode [ 303.274358][ T280] device hsr_slave_1 left promiscuous mode [ 303.340765][ T280] team0 (unregistering): Port device team_slave_1 removed [ 303.353947][ T280] team0 (unregistering): Port device team_slave_0 removed [ 303.367336][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.399842][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.463616][ T280] bond0 (unregistering): Released all slaves [ 303.625320][ T280] device hsr_slave_0 left promiscuous mode [ 303.664899][ T280] device hsr_slave_1 left promiscuous mode [ 303.740650][ T280] team0 (unregistering): Port device team_slave_1 removed [ 303.752915][ T280] team0 (unregistering): Port device team_slave_0 removed [ 303.767153][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.819836][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.902039][ T280] bond0 (unregistering): Released all slaves [ 304.025350][ T280] device hsr_slave_0 left promiscuous mode [ 304.065090][ T280] device hsr_slave_1 left promiscuous mode [ 304.113145][ T280] team0 (unregistering): Port device team_slave_1 removed [ 304.125808][ T280] team0 (unregistering): Port device team_slave_0 removed [ 304.137616][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.187622][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.253367][ T280] bond0 (unregistering): Released all slaves [ 304.374786][ T280] device hsr_slave_0 left promiscuous mode [ 304.424876][ T280] device hsr_slave_1 left promiscuous mode [ 304.475149][ T280] team0 (unregistering): Port device team_slave_1 removed [ 304.495072][ T280] team0 (unregistering): Port device team_slave_0 removed [ 304.506492][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.571530][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.656060][ T280] bond0 (unregistering): Released all slaves [ 304.739220][ T9611] team0: Port device team_slave_1 added [ 304.747330][ T9616] team0: Port device team_slave_1 added [ 304.827047][ T9611] device hsr_slave_0 entered promiscuous mode [ 304.854714][ T9611] device hsr_slave_1 entered promiscuous mode [ 304.937066][ T9616] device hsr_slave_0 entered promiscuous mode [ 304.974854][ T9616] device hsr_slave_1 entered promiscuous mode [ 305.014302][ T9616] debugfs: Directory 'hsr0' with parent '/' already present! [ 305.121632][ T9611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.136492][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 305.145928][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 305.157772][ T9611] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.168946][ T9615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.184659][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 305.192607][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 305.205461][ T9615] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.305396][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 305.315278][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 305.323639][ T8434] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.331061][ T8434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.339340][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 305.348154][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 305.356546][ T8434] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.363602][ T8434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.373149][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 305.494793][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 305.503654][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 305.512382][ T8434] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.519528][ T8434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.527438][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 305.536279][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 305.545099][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 305.553610][ T8434] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.560974][ T8434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.568719][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 305.577901][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 305.586817][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 305.595691][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 305.604442][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 305.613282][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 305.635588][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 305.643789][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 305.652419][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 305.662099][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 305.674935][ T9611] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 305.695329][ T9616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.706862][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 305.716353][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 305.725291][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 305.733948][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 305.742919][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 305.753179][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 305.761671][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 305.770244][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 305.785458][ T9615] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 305.797330][ T9615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 305.806028][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 305.816659][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 305.838819][ T9616] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.865842][ T9611] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.885629][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 305.893612][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 305.902116][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 305.911053][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 305.919813][ T3720] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.927043][ T3720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.935004][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 305.944038][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 305.952629][ T3720] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.959800][ T3720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.967911][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 305.976801][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 305.988933][ T9615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.996831][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 306.022159][ T9616] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 306.033570][ T9616] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 306.049871][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 306.058970][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 306.068058][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 306.077688][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 306.086432][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 306.094999][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 306.103629][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 306.112343][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 306.133139][ T9616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 306.141767][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 306.150191][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 306.448358][ T9637] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 306.459111][ T9637] CPU: 1 PID: 9637 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 306.466680][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.476761][ T9637] Call Trace: [ 306.480081][ T9637] dump_stack+0x1d8/0x2f8 [ 306.484463][ T9637] dump_header+0xd8/0x970 [ 306.488829][ T9637] oom_kill_process+0xcd/0x320 [ 306.493619][ T9637] out_of_memory+0x5e1/0x8a0 [ 306.498500][ T9637] ? retint_kernel+0x10/0x10 [ 306.503127][ T9637] ? unregister_oom_notifier+0x20/0x20 [ 306.509125][ T9637] memory_max_write+0x537/0x6a0 [ 306.514018][ T9637] ? memory_max_show+0xa0/0xa0 [ 306.519067][ T9637] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 306.524552][ T9637] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 306.530044][ T9637] ? retint_kernel+0x10/0x10 [ 306.534666][ T9637] ? memory_max_show+0xa0/0xa0 [ 306.539456][ T9637] cgroup_file_write+0x27b/0x6e0 [ 306.544509][ T9637] ? cgroup_seqfile_stop+0xc0/0xc0 [ 306.549733][ T9637] ? cgroup_seqfile_stop+0xc0/0xc0 [ 306.554881][ T9637] ? kernfs_fop_write+0x349/0x4f0 [ 306.559941][ T9637] ? cgroup_seqfile_stop+0xc0/0xc0 [ 306.565086][ T9637] kernfs_fop_write+0x3e4/0x4f0 [ 306.569992][ T9637] ? kernfs_fop_read+0x580/0x580 [ 306.575064][ T9637] __vfs_write+0xf9/0x7d0 [ 306.579431][ T9637] ? __kernel_write+0x350/0x350 [ 306.584341][ T9637] ? __sb_start_write+0x39c/0x440 [ 306.589432][ T9637] ? __kasan_check_read+0x11/0x20 [ 306.596588][ T9637] vfs_write+0x275/0x590 [ 306.600951][ T9637] ksys_write+0x16b/0x2a0 [ 306.605300][ T9637] ? __ia32_sys_read+0x90/0x90 [ 306.610097][ T9637] ? prepare_exit_to_usermode+0x1f7/0x580 [ 306.615940][ T9637] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 306.621445][ T9637] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 306.627212][ T9637] ? do_syscall_64+0x1d/0x140 [ 306.631943][ T9637] __x64_sys_write+0x7b/0x90 [ 306.636571][ T9637] do_syscall_64+0xfe/0x140 [ 306.641101][ T9637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.647024][ T9637] RIP: 0033:0x459819 [ 306.650931][ T9637] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 306.670557][ T9637] RSP: 002b:00007f7590b12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 306.678995][ T9637] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 306.687023][ T9637] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 306.695023][ T9637] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 306.703008][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7590b136d4 [ 306.711168][ T9637] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 306.726154][ T9637] memory: usage 5144kB, limit 0kB, failcnt 450095 [ 306.732808][ T9637] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 306.739812][ T9637] Memory cgroup stats for /syz2: [ 306.740719][ T9637] anon 4333568 [ 306.740719][ T9637] file 0 [ 306.740719][ T9637] kernel_stack 0 [ 306.740719][ T9637] slab 544768 [ 306.740719][ T9637] sock 0 [ 306.740719][ T9637] shmem 0 [ 306.740719][ T9637] file_mapped 0 [ 306.740719][ T9637] file_dirty 0 [ 306.740719][ T9637] file_writeback 0 [ 306.740719][ T9637] anon_thp 4194304 [ 306.740719][ T9637] inactive_anon 0 [ 306.740719][ T9637] active_anon 4333568 [ 306.740719][ T9637] inactive_file 0 [ 306.740719][ T9637] active_file 0 [ 306.740719][ T9637] unevictable 0 [ 306.740719][ T9637] slab_reclaimable 135168 [ 306.740719][ T9637] slab_unreclaimable 409600 [ 306.740719][ T9637] pgfault 891 [ 306.740719][ T9637] pgmajfault 0 [ 306.740719][ T9637] workingset_refault 0 [ 306.740719][ T9637] workingset_activate 0 [ 306.740719][ T9637] workingset_nodereclaim 0 [ 306.740719][ T9637] pgrefill 0 [ 306.740719][ T9637] pgscan 0 [ 306.740719][ T9637] pgsteal 0 [ 306.740719][ T9637] pgactivate 0 [ 306.834927][ T9637] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9636,uid=0 [ 306.851148][ T9637] Memory cgroup out of memory: Killed process 9636 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 306.868918][ T1061] oom_reaper: reaped process 9636 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 306.884930][ T9641] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 306.898189][ T9641] CPU: 0 PID: 9641 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 306.905784][ T9641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.915860][ T9641] Call Trace: [ 306.919175][ T9641] dump_stack+0x1d8/0x2f8 [ 306.923533][ T9641] dump_header+0xd8/0x970 [ 306.927887][ T9641] oom_kill_process+0xcd/0x320 [ 306.932665][ T9641] out_of_memory+0x5e1/0x8a0 [ 306.937370][ T9641] ? unregister_oom_notifier+0x20/0x20 [ 306.942849][ T9641] memory_max_write+0x537/0x6a0 [ 306.947841][ T9641] ? memory_max_show+0xa0/0xa0 [ 306.952628][ T9641] ? trace_lock_acquire+0x154/0x1b0 [ 306.957845][ T9641] ? lock_acquire+0x158/0x250 [ 306.962536][ T9641] ? kernfs_fop_write+0x22e/0x4f0 [ 306.967576][ T9641] ? memory_max_show+0xa0/0xa0 [ 306.972374][ T9641] cgroup_file_write+0x27b/0x6e0 [ 306.977331][ T9641] ? cgroup_seqfile_stop+0xc0/0xc0 [ 306.982463][ T9641] ? cgroup_seqfile_stop+0xc0/0xc0 [ 306.987590][ T9641] kernfs_fop_write+0x3e4/0x4f0 [ 306.992555][ T9641] ? kernfs_fop_read+0x580/0x580 [ 306.997525][ T9641] __vfs_write+0xf9/0x7d0 [ 307.001872][ T9641] ? __kernel_write+0x350/0x350 [ 307.006772][ T9641] ? __sb_start_write+0x39c/0x440 [ 307.011823][ T9641] ? retint_kernel+0x10/0x10 [ 307.016452][ T9641] vfs_write+0x275/0x590 [ 307.020726][ T9641] ksys_write+0x16b/0x2a0 [ 307.025067][ T9641] ? __ia32_sys_read+0x90/0x90 [ 307.029860][ T9641] ? prepare_exit_to_usermode+0x1f7/0x580 [ 307.037137][ T9641] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 307.042906][ T9641] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 307.052828][ T9641] ? do_syscall_64+0x1d/0x140 [ 307.057624][ T9641] __x64_sys_write+0x7b/0x90 [ 307.062257][ T9641] do_syscall_64+0xfe/0x140 [ 307.066868][ T9641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 307.072788][ T9641] RIP: 0033:0x459819 [ 307.076703][ T9641] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 307.096445][ T9641] RSP: 002b:00007fdc732bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 307.104879][ T9641] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 307.112959][ T9641] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 307.120950][ T9641] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 307.128940][ T9641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdc732bc6d4 [ 307.136929][ T9641] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 307.146170][ T9641] memory: usage 4300kB, limit 0kB, failcnt 37 [ 307.152338][ T9641] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 307.159359][ T9641] Memory cgroup stats for /syz5: [ 307.160599][ T9641] anon 2158592 [ 307.160599][ T9641] file 0 [ 307.160599][ T9641] kernel_stack 0 [ 307.160599][ T9641] slab 2174976 [ 307.160599][ T9641] sock 0 [ 307.160599][ T9641] shmem 0 [ 307.160599][ T9641] file_mapped 0 [ 307.160599][ T9641] file_dirty 0 [ 307.160599][ T9641] file_writeback 0 [ 307.160599][ T9641] anon_thp 2097152 [ 307.160599][ T9641] inactive_anon 0 [ 307.160599][ T9641] active_anon 2158592 [ 307.160599][ T9641] inactive_file 0 [ 307.160599][ T9641] active_file 0 [ 307.160599][ T9641] unevictable 0 [ 307.160599][ T9641] slab_reclaimable 811008 [ 307.160599][ T9641] slab_unreclaimable 1363968 [ 307.160599][ T9641] pgfault 3795 [ 307.160599][ T9641] pgmajfault 0 [ 307.160599][ T9641] workingset_refault 0 [ 307.160599][ T9641] workingset_activate 0 [ 307.160599][ T9641] workingset_nodereclaim 0 [ 307.160599][ T9641] pgrefill 0 [ 307.160599][ T9641] pgscan 0 [ 307.160599][ T9641] pgsteal 0 [ 307.160599][ T9641] pgactivate 0 [ 307.254476][ T9641] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9640,uid=0 [ 307.270565][ T9641] Memory cgroup out of memory: Killed process 9640 (syz-executor.5) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 307.386665][ T9616] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 307.396784][ T9616] CPU: 0 PID: 9616 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 307.404366][ T9616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.414438][ T9616] Call Trace: [ 307.417759][ T9616] dump_stack+0x1d8/0x2f8 [ 307.422123][ T9616] dump_header+0xd8/0x970 [ 307.426459][ T9616] oom_kill_process+0xcd/0x320 [ 307.431230][ T9616] out_of_memory+0x5e1/0x8a0 [ 307.435850][ T9616] ? unregister_oom_notifier+0x20/0x20 [ 307.441330][ T9616] ? __kasan_check_read+0x11/0x20 [ 307.446382][ T9616] try_charge+0x134a/0x17b0 [ 307.450934][ T9616] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 307.456865][ T9616] ? __lock_acquire+0x4750/0x4750 [ 307.461921][ T9616] ? rcu_lock_release+0x15/0x20 [ 307.466791][ T9616] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 307.472360][ T9616] mem_cgroup_try_charge+0x216/0x560 [ 307.477679][ T9616] mem_cgroup_try_charge_delay+0x25/0xa0 [ 307.483371][ T9616] wp_page_copy+0x367/0x18c0 [ 307.488003][ T9616] ? rcu_lock_release+0x30/0x30 [ 307.492879][ T9616] ? __lock_acquire+0x4750/0x4750 [ 307.497928][ T9616] ? __kasan_check_read+0x11/0x20 [ 307.502961][ T9616] ? do_raw_spin_unlock+0x49/0x260 [ 307.508086][ T9616] do_wp_page+0x2c9/0x1ce0 [ 307.512521][ T9616] ? __rwlock_init+0x130/0x130 [ 307.517319][ T9616] ? count_memcg_event_mm+0x300/0x300 [ 307.522736][ T9616] handle_mm_fault+0x2bcf/0x6080 [ 307.527721][ T9616] ? finish_fault+0x230/0x230 [ 307.532452][ T9616] ? vmacache_find+0x50f/0x5b0 [ 307.537218][ T9616] ? vmacache_update+0xb7/0x120 [ 307.542085][ T9616] do_user_addr_fault+0x589/0xaf0 [ 307.547156][ T9616] __do_page_fault+0xd3/0x1f0 [ 307.551853][ T9616] do_page_fault+0x99/0xb0 [ 307.556281][ T9616] page_fault+0x39/0x40 [ 307.560436][ T9616] RIP: 0033:0x4308f6 [ 307.564332][ T9616] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 307.583948][ T9616] RSP: 002b:00007ffde08813e0 EFLAGS: 00010206 [ 307.590143][ T9616] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 307.598130][ T9616] RDX: 0000555556a0c930 RSI: 0000555556a14970 RDI: 0000000000000003 [ 307.606116][ T9616] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556a0b940 [ 307.614093][ T9616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 307.622079][ T9616] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 307.630854][ T9616] memory: usage 1972kB, limit 0kB, failcnt 45 [ 307.636995][ T9616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 307.643837][ T9616] Memory cgroup stats for /syz5: [ 307.643946][ T9616] anon 57344 [ 307.643946][ T9616] file 0 [ 307.643946][ T9616] kernel_stack 0 [ 307.643946][ T9616] slab 2174976 [ 307.643946][ T9616] sock 0 [ 307.643946][ T9616] shmem 0 [ 307.643946][ T9616] file_mapped 0 [ 307.643946][ T9616] file_dirty 0 [ 307.643946][ T9616] file_writeback 0 [ 307.643946][ T9616] anon_thp 0 [ 307.643946][ T9616] inactive_anon 0 [ 307.643946][ T9616] active_anon 57344 [ 307.643946][ T9616] inactive_file 0 [ 307.643946][ T9616] active_file 0 [ 307.643946][ T9616] unevictable 0 [ 307.643946][ T9616] slab_reclaimable 811008 [ 307.643946][ T9616] slab_unreclaimable 1363968 [ 307.643946][ T9616] pgfault 3795 [ 307.643946][ T9616] pgmajfault 0 [ 307.643946][ T9616] workingset_refault 0 [ 307.643946][ T9616] workingset_activate 0 [ 307.643946][ T9616] workingset_nodereclaim 0 [ 307.643946][ T9616] pgrefill 0 [ 307.643946][ T9616] pgscan 0 [ 307.643946][ T9616] pgsteal 0 [ 307.643946][ T9616] pgactivate 0 [ 307.643946][ T9616] pgdeactivate 0 [ 307.739960][ T9616] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9616,uid=0 [ 307.755470][ T9616] Memory cgroup out of memory: Killed process 9616 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 307.778079][ T1061] oom_reaper: reaped process 9616 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 307.790564][ T9611] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 307.800916][ T9611] CPU: 1 PID: 9611 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 307.809042][ T9611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.819793][ T9611] Call Trace: [ 307.823106][ T9611] dump_stack+0x1d8/0x2f8 [ 307.827455][ T9611] dump_header+0xd8/0x970 [ 307.831818][ T9611] oom_kill_process+0xcd/0x320 [ 307.836686][ T9611] out_of_memory+0x5e1/0x8a0 [ 307.841383][ T9611] ? unregister_oom_notifier+0x20/0x20 [ 307.847027][ T9611] ? __kasan_check_read+0x11/0x20 [ 307.852078][ T9611] try_charge+0x134a/0x17b0 [ 307.856618][ T9611] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 307.862516][ T9611] ? __lock_acquire+0x4750/0x4750 [ 307.867545][ T9611] ? rcu_lock_release+0x15/0x20 [ 307.872488][ T9611] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 307.878037][ T9611] mem_cgroup_try_charge+0x216/0x560 [ 307.883329][ T9611] mem_cgroup_try_charge_delay+0x25/0xa0 [ 307.888968][ T9611] handle_mm_fault+0x31f3/0x6080 [ 307.893921][ T9611] ? finish_fault+0x230/0x230 [ 307.898602][ T9611] ? vmacache_find+0x251/0x5b0 [ 307.903368][ T9611] do_user_addr_fault+0x589/0xaf0 [ 307.908395][ T9611] __do_page_fault+0xd3/0x1f0 [ 307.913069][ T9611] do_page_fault+0x99/0xb0 [ 307.917484][ T9611] page_fault+0x39/0x40 [ 307.921633][ T9611] RIP: 0033:0x403442 [ 307.925516][ T9611] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 307.945116][ T9611] RSP: 002b:00007ffdb5da7f50 EFLAGS: 00010246 [ 307.951181][ T9611] RAX: 0000000000000000 RBX: 000000000004acdd RCX: 0000000000413420 [ 307.959163][ T9611] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdb5da9080 [ 307.967136][ T9611] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556b3d940 [ 307.975109][ T9611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb5da9080 10:57:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:41 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:41 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r0, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:41 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) 10:57:41 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 307.983097][ T9611] R13: 00007ffdb5da9070 R14: 0000000000000000 R15: 00007ffdb5da9080 [ 307.991973][ T9611] memory: usage 764kB, limit 0kB, failcnt 450103 [ 307.998366][ T9611] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 307.998371][ T9611] Memory cgroup stats for /syz2: [ 307.998460][ T9611] anon 57344 [ 307.998460][ T9611] file 0 [ 307.998460][ T9611] kernel_stack 0 [ 307.998460][ T9611] slab 544768 [ 307.998460][ T9611] sock 0 [ 307.998460][ T9611] shmem 0 [ 307.998460][ T9611] file_mapped 0 [ 307.998460][ T9611] file_dirty 0 [ 307.998460][ T9611] file_writeback 0 [ 307.998460][ T9611] anon_thp 0 [ 307.998460][ T9611] inactive_anon 0 [ 307.998460][ T9611] active_anon 57344 [ 307.998460][ T9611] inactive_file 0 [ 307.998460][ T9611] active_file 0 [ 307.998460][ T9611] unevictable 0 [ 307.998460][ T9611] slab_reclaimable 135168 [ 307.998460][ T9611] slab_unreclaimable 409600 [ 307.998460][ T9611] pgfault 891 [ 307.998460][ T9611] pgmajfault 0 [ 307.998460][ T9611] workingset_refault 0 [ 307.998460][ T9611] workingset_activate 0 [ 307.998460][ T9611] workingset_nodereclaim 0 [ 307.998460][ T9611] pgrefill 0 [ 307.998460][ T9611] pgscan 0 [ 307.998460][ T9611] pgsteal 0 [ 307.998460][ T9611] pgactivate 0 [ 307.998460][ T9611] pgdeactivate 0 [ 307.998476][ T9611] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9611,uid=0 [ 307.998545][ T9611] Memory cgroup out of memory: Killed process 9611 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 308.013541][ T1061] oom_reaper: reaped process 9611 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:57:41 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:42 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) 10:57:42 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:42 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:42 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 308.834331][ T9667] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 308.844839][ T9667] CPU: 0 PID: 9667 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 308.852718][ T9667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.862812][ T9667] Call Trace: [ 308.866134][ T9667] dump_stack+0x1d8/0x2f8 [ 308.870502][ T9667] dump_header+0xd8/0x970 [ 308.874884][ T9667] oom_kill_process+0xcd/0x320 [ 308.879700][ T9667] out_of_memory+0x5e1/0x8a0 [ 308.884331][ T9667] ? unregister_oom_notifier+0x20/0x20 [ 308.889857][ T9667] memory_max_write+0x537/0x6a0 [ 308.894767][ T9667] ? memory_max_show+0xa0/0xa0 [ 308.899572][ T9667] ? trace_lock_acquire+0x154/0x1b0 [ 308.904809][ T9667] ? lock_acquire+0x158/0x250 [ 308.909631][ T9667] ? kernfs_fop_write+0x22e/0x4f0 [ 308.914700][ T9667] ? memory_max_show+0xa0/0xa0 [ 308.919687][ T9667] cgroup_file_write+0x27b/0x6e0 [ 308.924726][ T9667] ? cgroup_seqfile_stop+0xc0/0xc0 [ 308.930151][ T9667] ? cgroup_seqfile_stop+0xc0/0xc0 [ 308.935304][ T9667] kernfs_fop_write+0x3e4/0x4f0 [ 308.940202][ T9667] ? kernfs_fop_read+0x580/0x580 [ 308.945183][ T9667] __vfs_write+0xf9/0x7d0 [ 308.949547][ T9667] ? retint_kernel+0x10/0x10 [ 308.954183][ T9667] ? __kernel_write+0x350/0x350 [ 308.959184][ T9667] ? rcu_irq_exit+0xe3/0x260 [ 308.963853][ T9667] ? __sb_start_write+0x39c/0x440 [ 308.968923][ T9667] ? __kasan_check_read+0x11/0x20 [ 308.973992][ T9667] vfs_write+0x275/0x590 [ 308.978294][ T9667] ksys_write+0x16b/0x2a0 [ 308.982677][ T9667] ? __ia32_sys_read+0x90/0x90 [ 308.987487][ T9667] ? prepare_exit_to_usermode+0x1f7/0x580 [ 308.993250][ T9667] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 308.999017][ T9667] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 309.004514][ T9667] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 309.015052][ T9667] ? do_syscall_64+0x1d/0x140 [ 309.019774][ T9667] __x64_sys_write+0x7b/0x90 [ 309.024425][ T9667] do_syscall_64+0xfe/0x140 [ 309.028968][ T9667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.036372][ T9667] RIP: 0033:0x459819 [ 309.040294][ T9667] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 309.060102][ T9667] RSP: 002b:00007fcce9949c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 309.068839][ T9667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 309.076919][ T9667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 309.084946][ T9667] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 309.092948][ T9667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcce994a6d4 [ 309.101046][ T9667] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 309.116097][ T9667] memory: usage 7692kB, limit 0kB, failcnt 15 [ 309.122360][ T9667] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 309.129471][ T9667] Memory cgroup stats for /syz3: [ 309.129650][ T9667] anon 4415488 [ 309.129650][ T9667] file 12288 [ 309.129650][ T9667] kernel_stack 0 [ 309.129650][ T9667] slab 3473408 [ 309.129650][ T9667] sock 0 [ 309.129650][ T9667] shmem 8192 [ 309.129650][ T9667] file_mapped 0 [ 309.129650][ T9667] file_dirty 0 [ 309.129650][ T9667] file_writeback 0 [ 309.129650][ T9667] anon_thp 4194304 [ 309.129650][ T9667] inactive_anon 0 [ 309.129650][ T9667] active_anon 4345856 [ 309.129650][ T9667] inactive_file 0 [ 309.129650][ T9667] active_file 0 [ 309.129650][ T9667] unevictable 0 [ 309.129650][ T9667] slab_reclaimable 1216512 [ 309.129650][ T9667] slab_unreclaimable 2256896 [ 309.129650][ T9667] pgfault 5676 [ 309.129650][ T9667] pgmajfault 0 [ 309.129650][ T9667] workingset_refault 0 [ 309.129650][ T9667] workingset_activate 0 [ 309.129650][ T9667] workingset_nodereclaim 0 [ 309.129650][ T9667] pgrefill 0 [ 309.129650][ T9667] pgscan 0 [ 309.129650][ T9667] pgsteal 0 [ 309.129650][ T9667] pgactivate 0 [ 309.225631][ T9667] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9666,uid=0 [ 309.241640][ T9667] Memory cgroup out of memory: Killed process 9666 (syz-executor.3) total-vm:72572kB, anon-rss:4196kB, file-rss:34816kB, shmem-rss:0kB [ 309.258578][ T1061] oom_reaper: reaped process 9666 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:57:43 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:43 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r0, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:43 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:43 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:43 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 309.787234][ T9615] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 309.799697][ T9615] CPU: 1 PID: 9615 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 309.807514][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.817732][ T9615] Call Trace: [ 309.821040][ T9615] dump_stack+0x1d8/0x2f8 [ 309.825550][ T9615] dump_header+0xd8/0x970 [ 309.830062][ T9615] oom_kill_process+0xcd/0x320 [ 309.834847][ T9615] out_of_memory+0x5e1/0x8a0 [ 309.839497][ T9615] ? unregister_oom_notifier+0x20/0x20 [ 309.845133][ T9615] ? __kasan_check_read+0x11/0x20 [ 309.850318][ T9615] try_charge+0x134a/0x17b0 [ 309.854994][ T9615] ? rmqueue+0x2248/0x2810 [ 309.859671][ T9615] ? __lock_acquire+0x4750/0x4750 [ 309.864760][ T9615] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 309.870916][ T9615] ? rcu_lock_release+0x4/0x20 [ 309.875844][ T9615] __memcg_kmem_charge_memcg+0x78/0x180 [ 309.881453][ T9615] ? memcg_kmem_put_cache+0x50/0x50 [ 309.886679][ T9615] ? rcu_lock_release+0x15/0x20 [ 309.891567][ T9615] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 309.897149][ T9615] __memcg_kmem_charge+0x105/0x340 [ 309.902290][ T9615] __alloc_pages_nodemask+0x377/0x790 [ 309.907682][ T9615] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 309.913352][ T9615] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 309.919339][ T9615] ? copy_process+0x599/0x5a00 [ 309.919352][ T9615] copy_process+0x620/0x5a00 [ 309.919366][ T9615] ? do_wp_page+0x12d0/0x1ce0 [ 309.919381][ T9615] ? __rwlock_init+0x130/0x130 [ 309.919390][ T9615] ? count_memcg_event_mm+0x300/0x300 [ 309.919404][ T9615] ? fork_idle+0x290/0x290 [ 309.919428][ T9615] ? __lock_acquire+0x4750/0x4750 [ 309.955227][ T9615] ? lock_acquire+0x158/0x250 [ 309.959929][ T9615] _do_fork+0x179/0x630 [ 309.964205][ T9615] ? dup_mm+0x340/0x340 [ 309.968382][ T9615] ? __kasan_check_read+0x11/0x20 [ 309.973434][ T9615] ? _copy_to_user+0x104/0x150 [ 309.978411][ T9615] ? put_timespec64+0x106/0x150 [ 309.984629][ T9615] ? ktime_get_raw+0xf0/0xf0 [ 309.989501][ T9615] __x64_sys_clone+0x247/0x2b0 [ 309.994474][ T9615] ? __ia32_sys_vfork+0x110/0x110 [ 309.999559][ T9615] ? prepare_exit_to_usermode+0x1f7/0x580 [ 310.005306][ T9615] ? do_syscall_64+0x1d/0x140 [ 310.010011][ T9615] do_syscall_64+0xfe/0x140 [ 310.014543][ T9615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.020714][ T9615] RIP: 0033:0x457dea [ 310.024637][ T9615] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 310.044418][ T9615] RSP: 002b:00007fff6e077bc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 310.052859][ T9615] RAX: ffffffffffffffda RBX: 00007fff6e077bc0 RCX: 0000000000457dea [ 310.060954][ T9615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 310.068945][ T9615] RBP: 00007fff6e077c00 R08: 0000000000000001 R09: 000055555635d940 [ 310.076939][ T9615] R10: 000055555635dc10 R11: 0000000000000246 R12: 0000000000000001 10:57:43 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 10:57:43 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 310.085016][ T9615] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff6e077c50 [ 310.093536][ T9615] memory: usage 3304kB, limit 0kB, failcnt 23 [ 310.099943][ T9615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 310.107643][ T9615] Memory cgroup stats for /syz3: [ 310.107727][ T9615] anon 151552 [ 310.107727][ T9615] file 12288 [ 310.107727][ T9615] kernel_stack 0 [ 310.107727][ T9615] slab 3473408 [ 310.107727][ T9615] sock 0 [ 310.107727][ T9615] shmem 8192 [ 310.107727][ T9615] file_mapped 0 [ 310.107727][ T9615] file_dirty 0 [ 310.107727][ T9615] file_writeback 0 [ 310.107727][ T9615] anon_thp 0 [ 310.107727][ T9615] inactive_anon 0 [ 310.107727][ T9615] active_anon 81920 [ 310.107727][ T9615] inactive_file 0 [ 310.107727][ T9615] active_file 0 [ 310.107727][ T9615] unevictable 0 [ 310.107727][ T9615] slab_reclaimable 1216512 [ 310.107727][ T9615] slab_unreclaimable 2256896 [ 310.107727][ T9615] pgfault 5676 [ 310.107727][ T9615] pgmajfault 0 [ 310.107727][ T9615] workingset_refault 0 [ 310.107727][ T9615] workingset_activate 0 [ 310.107727][ T9615] workingset_nodereclaim 0 [ 310.107727][ T9615] pgrefill 0 [ 310.107727][ T9615] pgscan 0 [ 310.107727][ T9615] pgsteal 0 [ 310.107727][ T9615] pgactivate 0 [ 310.201887][ T9615] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9615,uid=0 [ 310.217648][ T9615] Memory cgroup out of memory: Killed process 9615 (syz-executor.3) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB 10:57:43 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 310.237978][ T1061] oom_reaper: reaped process 9615 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 10:57:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040), 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040), 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:45 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:45 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040), 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 312.321688][ T9723] IPVS: ftp: loaded support on port[0] = 21 [ 312.511375][ T9723] chnl_net:caif_netlink_parms(): no params data found [ 312.551828][ T9723] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.559104][ T9723] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.567327][ T9723] device bridge_slave_0 entered promiscuous mode [ 312.575663][ T9723] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.582748][ T9723] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.590799][ T9723] device bridge_slave_1 entered promiscuous mode [ 312.610865][ T9723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.622246][ T9723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.643880][ T9723] team0: Port device team_slave_0 added [ 312.666069][ T9723] team0: Port device team_slave_1 added [ 312.746986][ T9723] device hsr_slave_0 entered promiscuous mode [ 312.894620][ T9723] device hsr_slave_1 entered promiscuous mode [ 312.984347][ T9723] debugfs: Directory 'hsr0' with parent '/' already present! [ 312.998546][ T9731] IPVS: ftp: loaded support on port[0] = 21 [ 313.002702][ T9723] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.011641][ T9723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.018993][ T9723] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.026122][ T9723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.100229][ T9723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.119986][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 313.128658][ T9606] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.136434][ T9606] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.177029][ T9731] chnl_net:caif_netlink_parms(): no params data found [ 313.187658][ T9723] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.219211][ T9731] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.226478][ T9731] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.234567][ T9731] device bridge_slave_0 entered promiscuous mode [ 313.242500][ T9731] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.249740][ T9731] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.257801][ T9731] device bridge_slave_1 entered promiscuous mode [ 313.279711][ T9731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.290827][ T9731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.314350][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 313.322797][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.329952][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.347122][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 313.356067][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 313.364730][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.372065][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.384929][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 313.393636][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 313.405360][ T9731] team0: Port device team_slave_0 added [ 313.412566][ T9731] team0: Port device team_slave_1 added [ 313.442702][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 313.452370][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 313.497311][ T9731] device hsr_slave_0 entered promiscuous mode [ 313.534639][ T9731] device hsr_slave_1 entered promiscuous mode [ 313.574269][ T9731] debugfs: Directory 'hsr0' with parent '/' already present! [ 313.583450][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 313.600252][ T9723] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 313.610713][ T9723] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 313.623618][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 313.632305][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 313.641041][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 313.649776][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 313.658618][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 313.667217][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 313.676643][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 314.083686][ T9723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.358087][ T9731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.379625][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 314.387901][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 10:57:48 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:57:48 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 314.746631][ T9731] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.769656][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 314.779564][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 314.788123][ T3720] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.795254][ T3720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.278635][ T9731] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 315.289232][ T9731] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 315.302118][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 315.310384][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 315.319392][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 315.327878][ T9606] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.335034][ T9606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.342591][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 315.351344][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 315.360087][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 315.369019][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 315.377472][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 315.386354][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 315.395021][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 315.403488][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 315.412034][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 315.420416][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 315.433272][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 315.441386][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 315.672012][ T9731] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.880623][ T9758] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 315.891014][ T9758] CPU: 1 PID: 9758 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 315.898614][ T9758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.908869][ T9758] Call Trace: [ 315.912227][ T9758] dump_stack+0x1d8/0x2f8 [ 315.916619][ T9758] dump_header+0xd8/0x970 [ 315.920971][ T9758] oom_kill_process+0xcd/0x320 [ 315.925749][ T9758] out_of_memory+0x5e1/0x8a0 [ 315.930361][ T9758] ? unregister_oom_notifier+0x20/0x20 [ 315.935843][ T9758] ? trace_hardirqs_on+0x74/0x80 [ 315.940816][ T9758] memory_max_write+0x537/0x6a0 [ 315.945698][ T9758] ? memory_max_show+0xa0/0xa0 [ 315.950496][ T9758] ? trace_lock_acquire+0x154/0x1b0 [ 315.955715][ T9758] ? lock_acquire+0x158/0x250 [ 315.960608][ T9758] ? kernfs_fop_write+0x22e/0x4f0 [ 315.965729][ T9758] ? memory_max_show+0xa0/0xa0 [ 315.970510][ T9758] cgroup_file_write+0x27b/0x6e0 [ 315.975554][ T9758] ? cgroup_seqfile_stop+0xc0/0xc0 [ 315.980693][ T9758] ? cgroup_seqfile_stop+0xc0/0xc0 [ 315.985870][ T9758] kernfs_fop_write+0x3e4/0x4f0 [ 315.990924][ T9758] ? kernfs_fop_read+0x580/0x580 [ 315.995887][ T9758] __vfs_write+0xf9/0x7d0 [ 316.000255][ T9758] ? __lock_acquire+0x4750/0x4750 [ 316.005394][ T9758] ? __kernel_write+0x350/0x350 [ 316.010274][ T9758] ? trace_lock_acquire+0x154/0x1b0 [ 316.015522][ T9758] ? __sb_start_write+0x39c/0x440 [ 316.020573][ T9758] ? __kasan_check_read+0x11/0x20 [ 316.025638][ T9758] vfs_write+0x275/0x590 [ 316.029920][ T9758] ksys_write+0x16b/0x2a0 [ 316.034281][ T9758] ? __ia32_sys_read+0x90/0x90 [ 316.039080][ T9758] ? prepare_exit_to_usermode+0x1f7/0x580 [ 316.044825][ T9758] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 316.050546][ T9758] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 316.056018][ T9758] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 316.061752][ T9758] ? do_syscall_64+0x1d/0x140 [ 316.066430][ T9758] __x64_sys_write+0x7b/0x90 [ 316.071062][ T9758] do_syscall_64+0xfe/0x140 [ 316.075611][ T9758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.081662][ T9758] RIP: 0033:0x459819 [ 316.085560][ T9758] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.105179][ T9758] RSP: 002b:00007fd0f0001c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 316.113598][ T9758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 316.121683][ T9758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 316.129656][ T9758] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 316.139145][ T9758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0f00026d4 [ 316.147112][ T9758] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 316.156218][ T9758] memory: usage 6040kB, limit 0kB, failcnt 46 [ 316.162300][ T9758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 316.169177][ T9758] Memory cgroup stats for /syz5: [ 316.169274][ T9758] anon 4268032 [ 316.169274][ T9758] file 0 [ 316.169274][ T9758] kernel_stack 65536 [ 316.169274][ T9758] slab 1769472 [ 316.169274][ T9758] sock 0 [ 316.169274][ T9758] shmem 0 [ 316.169274][ T9758] file_mapped 0 [ 316.169274][ T9758] file_dirty 0 [ 316.169274][ T9758] file_writeback 0 [ 316.169274][ T9758] anon_thp 4194304 [ 316.169274][ T9758] inactive_anon 0 [ 316.169274][ T9758] active_anon 4268032 [ 316.169274][ T9758] inactive_file 0 [ 316.169274][ T9758] active_file 0 [ 316.169274][ T9758] unevictable 0 [ 316.169274][ T9758] slab_reclaimable 675840 [ 316.169274][ T9758] slab_unreclaimable 1093632 [ 316.169274][ T9758] pgfault 3894 [ 316.169274][ T9758] pgmajfault 0 [ 316.169274][ T9758] workingset_refault 0 [ 316.169274][ T9758] workingset_activate 0 [ 316.169274][ T9758] workingset_nodereclaim 0 [ 316.169274][ T9758] pgrefill 0 [ 316.169274][ T9758] pgscan 0 [ 316.169274][ T9758] pgsteal 0 [ 316.169274][ T9758] pgactivate 0 [ 316.263325][ T9758] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9755,uid=0 [ 316.278843][ T9758] Memory cgroup out of memory: Killed process 9755 (syz-executor.5) total-vm:72708kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 316.295855][ T1061] oom_reaper: reaped process 9755 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:57:50 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:57:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 316.369534][ T9731] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 316.379646][ T9731] CPU: 0 PID: 9731 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 316.387282][ T9731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.397349][ T9731] Call Trace: [ 316.400651][ T9731] dump_stack+0x1d8/0x2f8 [ 316.404990][ T9731] dump_header+0xd8/0x970 [ 316.409330][ T9731] oom_kill_process+0xcd/0x320 [ 316.414107][ T9731] out_of_memory+0x5e1/0x8a0 [ 316.418726][ T9731] ? unregister_oom_notifier+0x20/0x20 [ 316.424462][ T9731] ? __kasan_check_read+0x11/0x20 [ 316.429513][ T9731] try_charge+0x134a/0x17b0 [ 316.434048][ T9731] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 316.439878][ T9731] ? __lock_acquire+0x4750/0x4750 [ 316.444923][ T9731] ? rcu_lock_release+0x15/0x20 [ 316.449830][ T9731] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 316.455396][ T9731] mem_cgroup_try_charge+0x216/0x560 [ 316.460710][ T9731] mem_cgroup_try_charge_delay+0x25/0xa0 [ 316.466360][ T9731] wp_page_copy+0x367/0x18c0 [ 316.470974][ T9731] ? rcu_lock_release+0x30/0x30 [ 316.475842][ T9731] ? __lock_acquire+0x4750/0x4750 [ 316.480876][ T9731] ? __kasan_check_read+0x11/0x20 [ 316.485910][ T9731] ? do_raw_spin_unlock+0x49/0x260 [ 316.491039][ T9731] do_wp_page+0x2c9/0x1ce0 [ 316.495481][ T9731] ? __rwlock_init+0x130/0x130 [ 316.500257][ T9731] ? count_memcg_event_mm+0x300/0x300 [ 316.505664][ T9731] handle_mm_fault+0x2bcf/0x6080 [ 316.510630][ T9731] ? finish_fault+0x230/0x230 [ 316.515322][ T9731] ? vmacache_find+0x251/0x5b0 [ 316.520100][ T9731] do_user_addr_fault+0x589/0xaf0 [ 316.525134][ T9731] __do_page_fault+0xd3/0x1f0 [ 316.529844][ T9731] do_page_fault+0x99/0xb0 [ 316.534273][ T9731] page_fault+0x39/0x40 [ 316.538437][ T9731] RIP: 0033:0x4308f6 [ 316.542332][ T9731] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 316.562123][ T9731] RSP: 002b:00007fff62629840 EFLAGS: 00010206 [ 316.568200][ T9731] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 316.576183][ T9731] RDX: 0000555557476930 RSI: 000055555747e970 RDI: 0000000000000003 [ 316.584163][ T9731] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557475940 [ 316.592150][ T9731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 316.600133][ T9731] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 316.609319][ T9731] memory: usage 1620kB, limit 0kB, failcnt 54 10:57:50 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:57:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:50 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 10:57:50 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 316.615476][ T9731] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 316.622331][ T9731] Memory cgroup stats for /syz5: [ 316.622419][ T9731] anon 8192 [ 316.622419][ T9731] file 0 [ 316.622419][ T9731] kernel_stack 0 [ 316.622419][ T9731] slab 1769472 [ 316.622419][ T9731] sock 0 [ 316.622419][ T9731] shmem 0 [ 316.622419][ T9731] file_mapped 0 [ 316.622419][ T9731] file_dirty 0 [ 316.622419][ T9731] file_writeback 0 [ 316.622419][ T9731] anon_thp 0 [ 316.622419][ T9731] inactive_anon 0 [ 316.622419][ T9731] active_anon 8192 [ 316.622419][ T9731] inactive_file 0 [ 316.622419][ T9731] active_file 0 [ 316.622419][ T9731] unevictable 0 [ 316.622419][ T9731] slab_reclaimable 675840 [ 316.622419][ T9731] slab_unreclaimable 1093632 [ 316.622419][ T9731] pgfault 3894 [ 316.622419][ T9731] pgmajfault 0 [ 316.622419][ T9731] workingset_refault 0 [ 316.622419][ T9731] workingset_activate 0 [ 316.622419][ T9731] workingset_nodereclaim 0 [ 316.622419][ T9731] pgrefill 0 [ 316.622419][ T9731] pgscan 0 [ 316.622419][ T9731] pgsteal 0 [ 316.622419][ T9731] pgactivate 0 [ 316.622419][ T9731] pgdeactivate 0 [ 316.718397][ T9731] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9731,uid=0 [ 316.733868][ T9731] Memory cgroup out of memory: Killed process 9731 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 316.749600][ T1061] oom_reaper: reaped process 9731 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:57:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:50 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) 10:57:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 317.187404][ T9777] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 317.197874][ T9777] CPU: 0 PID: 9777 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 317.205572][ T9777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.215665][ T9777] Call Trace: [ 317.218986][ T9777] dump_stack+0x1d8/0x2f8 [ 317.223342][ T9777] dump_header+0xd8/0x970 [ 317.227712][ T9777] oom_kill_process+0xcd/0x320 [ 317.232492][ T9777] out_of_memory+0x5e1/0x8a0 10:57:50 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 317.237101][ T9777] ? unregister_oom_notifier+0x20/0x20 [ 317.242591][ T9777] memory_max_write+0x537/0x6a0 [ 317.247478][ T9777] ? memory_max_show+0xa0/0xa0 [ 317.252269][ T9777] ? trace_hardirqs_on_caller+0x74/0x80 [ 317.257859][ T9777] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 317.263173][ T9777] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 317.268664][ T9777] ? trace_hardirqs_on_caller+0x74/0x80 [ 317.274236][ T9777] ? memory_max_show+0xa0/0xa0 [ 317.279022][ T9777] cgroup_file_write+0x27b/0x6e0 [ 317.283974][ T9777] ? rcu_irq_exit+0xe3/0x260 [ 317.288586][ T9777] ? cgroup_seqfile_stop+0xc0/0xc0 [ 317.293715][ T9777] ? cgroup_seqfile_stop+0xc0/0xc0 [ 317.298924][ T9777] ? kernfs_fop_write+0x349/0x4f0 [ 317.303960][ T9777] ? cgroup_file_write+0x1/0x6e0 [ 317.309005][ T9777] ? cgroup_seqfile_stop+0xc0/0xc0 [ 317.314140][ T9777] kernfs_fop_write+0x3e4/0x4f0 [ 317.319040][ T9777] ? kernfs_fop_read+0x580/0x580 [ 317.324097][ T9777] __vfs_write+0xf9/0x7d0 [ 317.329071][ T9777] ? __kernel_write+0x350/0x350 [ 317.334122][ T9777] ? __sb_start_write+0x39c/0x440 [ 317.339162][ T9777] vfs_write+0x275/0x590 [ 317.343444][ T9777] ksys_write+0x16b/0x2a0 [ 317.347798][ T9777] ? __ia32_sys_read+0x90/0x90 [ 317.352588][ T9777] ? do_syscall_64+0xc0/0x140 [ 317.357289][ T9777] __x64_sys_write+0x7b/0x90 [ 317.361897][ T9777] do_syscall_64+0xfe/0x140 [ 317.366433][ T9777] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.372541][ T9777] RIP: 0033:0x459819 [ 317.376485][ T9777] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.396124][ T9777] RSP: 002b:00007fb276fd8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 317.404564][ T9777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 317.412559][ T9777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 317.420553][ T9777] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 317.428645][ T9777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb276fd96d4 [ 317.436656][ T9777] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 317.444881][ T9777] memory: usage 5368kB, limit 0kB, failcnt 450104 [ 317.451432][ T9777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 317.458552][ T9777] Memory cgroup stats for /syz2: [ 317.458851][ T9777] anon 4276224 [ 317.458851][ T9777] file 0 [ 317.458851][ T9777] kernel_stack 65536 [ 317.458851][ T9777] slab 544768 [ 317.458851][ T9777] sock 0 [ 317.458851][ T9777] shmem 0 [ 317.458851][ T9777] file_mapped 0 [ 317.458851][ T9777] file_dirty 0 [ 317.458851][ T9777] file_writeback 0 [ 317.458851][ T9777] anon_thp 4194304 [ 317.458851][ T9777] inactive_anon 0 [ 317.458851][ T9777] active_anon 4276224 [ 317.458851][ T9777] inactive_file 0 [ 317.458851][ T9777] active_file 0 [ 317.458851][ T9777] unevictable 0 [ 317.458851][ T9777] slab_reclaimable 135168 [ 317.458851][ T9777] slab_unreclaimable 409600 [ 317.458851][ T9777] pgfault 1155 [ 317.458851][ T9777] pgmajfault 0 [ 317.458851][ T9777] workingset_refault 0 [ 317.458851][ T9777] workingset_activate 0 [ 317.458851][ T9777] workingset_nodereclaim 0 [ 317.458851][ T9777] pgrefill 0 [ 317.458851][ T9777] pgscan 0 [ 317.458851][ T9777] pgsteal 0 [ 317.458851][ T9777] pgactivate 0 [ 317.552954][ T9777] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 317.553106][ T9777] ,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9776,uid=0 [ 317.571408][ T9777] Memory cgroup out of memory: Killed process 9776 (syz-executor.2) total-vm:72572kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB [ 317.587911][ T1061] oom_reaper: reaped process 9776 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:57:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:57:51 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 317.779839][ T9723] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 317.790989][ T9723] CPU: 0 PID: 9723 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 317.798552][ T9723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.808631][ T9723] Call Trace: [ 317.811932][ T9723] dump_stack+0x1d8/0x2f8 [ 317.816272][ T9723] dump_header+0xd8/0x970 [ 317.820608][ T9723] oom_kill_process+0xcd/0x320 [ 317.825372][ T9723] out_of_memory+0x5e1/0x8a0 [ 317.830033][ T9723] ? unregister_oom_notifier+0x20/0x20 [ 317.835496][ T9723] ? __kasan_check_read+0x11/0x20 [ 317.840516][ T9723] try_charge+0x134a/0x17b0 [ 317.845117][ T9723] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 317.850923][ T9723] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 317.856644][ T9723] ? rcu_lock_acquire+0x30/0x30 [ 317.861504][ T9723] __memcg_kmem_charge_memcg+0x78/0x180 [ 317.867044][ T9723] ? __lock_acquire+0x4750/0x4750 [ 317.872079][ T9723] ? memcg_kmem_put_cache+0x50/0x50 [ 317.877367][ T9723] kmem_getpages+0x411/0x970 [ 317.881958][ T9723] cache_grow_begin+0x7e/0x2c0 [ 317.886830][ T9723] ? __cpuset_node_allowed+0x198/0x530 [ 317.892292][ T9723] fallback_alloc+0x134/0x1c0 [ 317.896968][ T9723] ____cache_alloc_node+0x22a/0x250 [ 317.902267][ T9723] kmem_cache_alloc+0x157/0x2e0 [ 317.907113][ T9723] ? __alloc_file+0x29/0x350 [ 317.911700][ T9723] __alloc_file+0x29/0x350 [ 317.916115][ T9723] ? alloc_empty_file+0x4c/0x1b0 [ 317.921580][ T9723] alloc_empty_file+0xac/0x1b0 [ 317.926347][ T9723] path_openat+0x12b/0x4440 [ 317.930856][ T9723] ? trace_lock_acquire+0x1b0/0x1b0 [ 317.936053][ T9723] ? trace_lock_acquire+0x1b0/0x1b0 [ 317.941245][ T9723] ? trace_hardirqs_off+0x74/0x80 [ 317.946266][ T9723] ? do_filp_open+0x430/0x430 [ 317.951192][ T9723] ? __kasan_kmalloc+0x178/0x1b0 [ 317.956130][ T9723] ? __kasan_kmalloc+0x11c/0x1b0 [ 317.961065][ T9723] ? kasan_slab_alloc+0xf/0x20 [ 317.965819][ T9723] ? kmem_cache_alloc+0x1e9/0x2e0 [ 317.970839][ T9723] ? getname_flags+0xba/0x640 [ 317.975506][ T9723] ? getname+0x19/0x20 [ 317.979563][ T9723] ? do_sys_open+0x2fc/0x620 [ 317.984138][ T9723] ? __x64_sys_open+0x87/0x90 [ 317.988808][ T9723] ? do_syscall_64+0xfe/0x140 [ 317.993476][ T9723] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.999647][ T9723] do_filp_open+0x1f7/0x430 [ 318.004148][ T9723] ? vfs_tmpfile+0x230/0x230 [ 318.008736][ T9723] ? __lock_acquire+0x4750/0x4750 [ 318.013775][ T9723] ? do_raw_spin_unlock+0x49/0x260 [ 318.018893][ T9723] ? _raw_spin_unlock+0x22/0x30 [ 318.023759][ T9723] ? __alloc_fd+0x58f/0x630 [ 318.028374][ T9723] ? get_unused_fd_flags+0x97/0xb0 [ 318.033924][ T9723] do_sys_open+0x343/0x620 [ 318.038334][ T9723] ? file_open_root+0x440/0x440 [ 318.043185][ T9723] ? prepare_exit_to_usermode+0x1f7/0x580 [ 318.048923][ T9723] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 318.054665][ T9723] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 318.060119][ T9723] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 318.065831][ T9723] ? do_syscall_64+0x1d/0x140 [ 318.070511][ T9723] __x64_sys_open+0x87/0x90 [ 318.075009][ T9723] do_syscall_64+0xfe/0x140 [ 318.079512][ T9723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.085400][ T9723] RIP: 0033:0x457790 [ 318.089295][ T9723] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 318.108996][ T9723] RSP: 002b:00007fff3f488990 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 318.117424][ T9723] RAX: ffffffffffffffda RBX: 000000000004d6e3 RCX: 0000000000457790 [ 318.125399][ T9723] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007fff3f489b70 [ 318.133378][ T9723] RBP: 0000000000000008 R08: 0000000000000001 R09: 000055555577e940 [ 318.141351][ T9723] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fff3f489b70 [ 318.149314][ T9723] R13: 00007fff3f489b60 R14: 0000000000000000 R15: 00007fff3f489b70 [ 318.157619][ T9723] memory: usage 976kB, limit 0kB, failcnt 450116 [ 318.163982][ T9723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 318.170883][ T9723] Memory cgroup stats for /syz2: [ 318.170962][ T9723] anon 73728 [ 318.170962][ T9723] file 0 [ 318.170962][ T9723] kernel_stack 65536 [ 318.170962][ T9723] slab 544768 [ 318.170962][ T9723] sock 0 [ 318.170962][ T9723] shmem 0 [ 318.170962][ T9723] file_mapped 0 [ 318.170962][ T9723] file_dirty 0 [ 318.170962][ T9723] file_writeback 0 [ 318.170962][ T9723] anon_thp 0 [ 318.170962][ T9723] inactive_anon 0 [ 318.170962][ T9723] active_anon 73728 [ 318.170962][ T9723] inactive_file 0 [ 318.170962][ T9723] active_file 0 [ 318.170962][ T9723] unevictable 0 [ 318.170962][ T9723] slab_reclaimable 135168 [ 318.170962][ T9723] slab_unreclaimable 409600 [ 318.170962][ T9723] pgfault 1155 [ 318.170962][ T9723] pgmajfault 0 [ 318.170962][ T9723] workingset_refault 0 [ 318.170962][ T9723] workingset_activate 0 [ 318.170962][ T9723] workingset_nodereclaim 0 [ 318.170962][ T9723] pgrefill 0 [ 318.170962][ T9723] pgscan 0 [ 318.170962][ T9723] pgsteal 0 [ 318.170962][ T9723] pgactivate 0 [ 318.170962][ T9723] pgdeactivate 0 [ 318.175950][ T9723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9723,uid=0 [ 318.282462][ T9723] Memory cgroup out of memory: Killed process 9723 (syz-executor.2) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB [ 318.298845][ T1061] oom_reaper: reaped process 9723 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 10:57:52 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 319.014339][ T9793] IPVS: ftp: loaded support on port[0] = 21 [ 319.368137][ T280] device bridge_slave_1 left promiscuous mode [ 319.374570][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.405330][ T280] device bridge_slave_0 left promiscuous mode [ 319.411546][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.455482][ T280] device bridge_slave_1 left promiscuous mode [ 319.461701][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.495041][ T280] device bridge_slave_0 left promiscuous mode [ 319.501230][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.536671][ T280] device bridge_slave_1 left promiscuous mode [ 319.542890][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.585204][ T280] device bridge_slave_0 left promiscuous mode [ 319.591518][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.844690][ T280] device hsr_slave_0 left promiscuous mode [ 324.884377][ T280] device hsr_slave_1 left promiscuous mode [ 324.963611][ T280] team0 (unregistering): Port device team_slave_1 removed [ 324.974487][ T280] team0 (unregistering): Port device team_slave_0 removed [ 324.986380][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.017776][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.093535][ T280] bond0 (unregistering): Released all slaves [ 325.225079][ T280] device hsr_slave_0 left promiscuous mode [ 325.264442][ T280] device hsr_slave_1 left promiscuous mode [ 325.312711][ T280] team0 (unregistering): Port device team_slave_1 removed [ 325.325998][ T280] team0 (unregistering): Port device team_slave_0 removed [ 325.338320][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.377822][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.459430][ T280] bond0 (unregistering): Released all slaves [ 325.585342][ T280] device hsr_slave_0 left promiscuous mode [ 325.624843][ T280] device hsr_slave_1 left promiscuous mode [ 325.678533][ T280] team0 (unregistering): Port device team_slave_1 removed [ 325.691035][ T280] team0 (unregistering): Port device team_slave_0 removed [ 325.702481][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.767839][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.838677][ T280] bond0 (unregistering): Released all slaves [ 325.961984][ T9793] chnl_net:caif_netlink_parms(): no params data found [ 325.998008][ T9793] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.005207][ T9793] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.012873][ T9793] device bridge_slave_0 entered promiscuous mode [ 326.021131][ T9793] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.028349][ T9793] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.036514][ T9793] device bridge_slave_1 entered promiscuous mode [ 326.061991][ T9793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.073320][ T9793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.093012][ T9793] team0: Port device team_slave_0 added [ 326.100584][ T9793] team0: Port device team_slave_1 added [ 326.157144][ T9793] device hsr_slave_0 entered promiscuous mode [ 326.194510][ T9793] device hsr_slave_1 entered promiscuous mode [ 326.283642][ T9793] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.290852][ T9793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.298311][ T9793] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.305465][ T9793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.339206][ T9793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.404749][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 326.412970][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.421838][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.483069][ T9793] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.500632][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 326.509272][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.516430][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.560034][ T9793] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 326.570651][ T9793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 326.589577][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 326.598411][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.605596][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.613973][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 326.622894][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 326.631582][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 326.640632][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 326.659450][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 326.667501][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 326.679522][ T9793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 326.914775][ T9804] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 326.925173][ T9804] CPU: 1 PID: 9804 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 326.940467][ T9804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.950553][ T9804] Call Trace: [ 326.953864][ T9804] dump_stack+0x1d8/0x2f8 [ 326.958213][ T9804] dump_header+0xd8/0x970 [ 326.962566][ T9804] oom_kill_process+0xcd/0x320 [ 326.967353][ T9804] out_of_memory+0x5e1/0x8a0 [ 326.971959][ T9804] ? unregister_oom_notifier+0x20/0x20 [ 326.977430][ T9804] ? trace_hardirqs_on+0x74/0x80 [ 326.982412][ T9804] memory_max_write+0x537/0x6a0 [ 326.987316][ T9804] ? lock_acquire+0x158/0x250 [ 326.992046][ T9804] ? memory_max_show+0xa0/0xa0 [ 326.996869][ T9804] ? trace_lock_acquire+0x154/0x1b0 [ 327.002126][ T9804] ? lock_acquire+0x158/0x250 [ 327.006849][ T9804] ? kernfs_fop_write+0x22e/0x4f0 [ 327.011925][ T9804] ? memory_max_show+0xa0/0xa0 [ 327.016709][ T9804] cgroup_file_write+0x27b/0x6e0 [ 327.021673][ T9804] ? cgroup_seqfile_stop+0xc0/0xc0 [ 327.026811][ T9804] ? cgroup_seqfile_stop+0xc0/0xc0 [ 327.032607][ T9804] kernfs_fop_write+0x3e4/0x4f0 [ 327.037484][ T9804] ? kernfs_fop_read+0x580/0x580 [ 327.042441][ T9804] __vfs_write+0xf9/0x7d0 [ 327.046802][ T9804] ? __lock_acquire+0x4750/0x4750 [ 327.051853][ T9804] ? __kernel_write+0x350/0x350 [ 327.056730][ T9804] ? trace_lock_acquire+0x154/0x1b0 [ 327.061964][ T9804] ? __sb_start_write+0x39c/0x440 [ 327.067003][ T9804] ? __kasan_check_read+0x11/0x20 [ 327.072138][ T9804] vfs_write+0x275/0x590 [ 327.076406][ T9804] ksys_write+0x16b/0x2a0 [ 327.080746][ T9804] ? __ia32_sys_read+0x90/0x90 [ 327.085535][ T9804] ? prepare_exit_to_usermode+0x1f7/0x580 [ 327.091276][ T9804] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 327.097027][ T9804] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 327.102503][ T9804] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 327.108268][ T9804] ? do_syscall_64+0x1d/0x140 [ 327.112967][ T9804] __x64_sys_write+0x7b/0x90 [ 327.117583][ T9804] do_syscall_64+0xfe/0x140 [ 327.122289][ T9804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 327.128297][ T9804] RIP: 0033:0x459819 [ 327.132211][ T9804] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 327.153422][ T9804] RSP: 002b:00007fa186f79c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 327.161850][ T9804] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 327.169855][ T9804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 327.177860][ T9804] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 327.185974][ T9804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa186f7a6d4 [ 327.194338][ T9804] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 327.204625][ T9804] memory: usage 5108kB, limit 0kB, failcnt 26 [ 327.210736][ T9804] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 327.217805][ T9804] Memory cgroup stats for /syz3: [ 327.217898][ T9804] anon 2195456 [ 327.217898][ T9804] file 12288 [ 327.217898][ T9804] kernel_stack 65536 [ 327.217898][ T9804] slab 2793472 [ 327.217898][ T9804] sock 0 [ 327.217898][ T9804] shmem 8192 [ 327.217898][ T9804] file_mapped 0 [ 327.217898][ T9804] file_dirty 0 [ 327.217898][ T9804] file_writeback 0 [ 327.217898][ T9804] anon_thp 2097152 [ 327.217898][ T9804] inactive_anon 0 [ 327.217898][ T9804] active_anon 2195456 [ 327.217898][ T9804] inactive_file 0 [ 327.217898][ T9804] active_file 0 [ 327.217898][ T9804] unevictable 0 [ 327.217898][ T9804] slab_reclaimable 946176 [ 327.217898][ T9804] slab_unreclaimable 1847296 [ 327.217898][ T9804] pgfault 5742 [ 327.217898][ T9804] pgmajfault 0 [ 327.217898][ T9804] workingset_refault 0 [ 327.217898][ T9804] workingset_activate 0 [ 327.217898][ T9804] workingset_nodereclaim 0 [ 327.217898][ T9804] pgrefill 0 [ 327.217898][ T9804] pgscan 0 [ 327.217898][ T9804] pgsteal 0 [ 327.217898][ T9804] pgactivate 0 10:58:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:01 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r2, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:01 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:01 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 327.313055][ T9804] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9801,uid=0 [ 327.328606][ T9804] Memory cgroup out of memory: Killed process 9801 (syz-executor.3) total-vm:72840kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 327.348883][ T1061] oom_reaper: reaped process 9801 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 327.411288][ T9793] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 327.421497][ T9793] CPU: 0 PID: 9793 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 327.429062][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.439141][ T9793] Call Trace: [ 327.442463][ T9793] dump_stack+0x1d8/0x2f8 [ 327.446907][ T9793] dump_header+0xd8/0x970 [ 327.451253][ T9793] oom_kill_process+0xcd/0x320 [ 327.456048][ T9793] out_of_memory+0x5e1/0x8a0 [ 327.460672][ T9793] ? unregister_oom_notifier+0x20/0x20 [ 327.466154][ T9793] ? __kasan_check_read+0x11/0x20 [ 327.471199][ T9793] try_charge+0x134a/0x17b0 [ 327.475747][ T9793] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 327.481670][ T9793] ? __lock_acquire+0x4750/0x4750 [ 327.486739][ T9793] ? rcu_lock_release+0x15/0x20 [ 327.491623][ T9793] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 327.497189][ T9793] mem_cgroup_try_charge+0x216/0x560 [ 327.502678][ T9793] mem_cgroup_try_charge_delay+0x25/0xa0 [ 327.508351][ T9793] wp_page_copy+0x367/0x18c0 [ 327.512978][ T9793] ? rcu_lock_release+0x30/0x30 [ 327.517855][ T9793] ? __lock_acquire+0x4750/0x4750 [ 327.522903][ T9793] ? __kasan_check_read+0x11/0x20 [ 327.527955][ T9793] ? do_raw_spin_unlock+0x49/0x260 [ 327.533105][ T9793] do_wp_page+0x2c9/0x1ce0 [ 327.537545][ T9793] ? __rwlock_init+0x130/0x130 [ 327.542329][ T9793] ? count_memcg_event_mm+0x300/0x300 [ 327.547732][ T9793] handle_mm_fault+0x2bcf/0x6080 [ 327.552710][ T9793] ? finish_fault+0x230/0x230 [ 327.557430][ T9793] ? vmacache_find+0x566/0x5b0 [ 327.562211][ T9793] ? vmacache_update+0xb7/0x120 [ 327.567083][ T9793] do_user_addr_fault+0x589/0xaf0 [ 327.572134][ T9793] __do_page_fault+0xd3/0x1f0 [ 327.576830][ T9793] do_page_fault+0x99/0xb0 [ 327.581268][ T9793] page_fault+0x39/0x40 [ 327.585434][ T9793] RIP: 0033:0x4308f6 [ 327.589354][ T9793] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 327.609058][ T9793] RSP: 002b:00007ffe7b0a3580 EFLAGS: 00010206 [ 327.615128][ T9793] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 327.623113][ T9793] RDX: 0000555555c02930 RSI: 0000555555c0a970 RDI: 0000000000000003 [ 327.631201][ T9793] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555c01940 [ 327.639186][ T9793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 327.647167][ T9793] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 327.655718][ T9793] memory: usage 2692kB, limit 0kB, failcnt 38 [ 327.661900][ T9793] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 327.661913][ T9793] Memory cgroup stats for /syz3: [ 327.662001][ T9793] anon 65536 [ 327.662001][ T9793] file 12288 [ 327.662001][ T9793] kernel_stack 0 [ 327.662001][ T9793] slab 2793472 [ 327.662001][ T9793] sock 0 [ 327.662001][ T9793] shmem 8192 [ 327.662001][ T9793] file_mapped 0 [ 327.662001][ T9793] file_dirty 0 [ 327.662001][ T9793] file_writeback 0 [ 327.662001][ T9793] anon_thp 0 [ 327.662001][ T9793] inactive_anon 0 [ 327.662001][ T9793] active_anon 65536 [ 327.662001][ T9793] inactive_file 0 [ 327.662001][ T9793] active_file 0 [ 327.662001][ T9793] unevictable 0 [ 327.662001][ T9793] slab_reclaimable 946176 [ 327.662001][ T9793] slab_unreclaimable 1847296 [ 327.662001][ T9793] pgfault 5742 [ 327.662001][ T9793] pgmajfault 0 [ 327.662001][ T9793] workingset_refault 0 [ 327.662001][ T9793] workingset_activate 0 [ 327.662001][ T9793] workingset_nodereclaim 0 [ 327.662001][ T9793] pgrefill 0 [ 327.662001][ T9793] pgscan 0 [ 327.662001][ T9793] pgsteal 0 [ 327.662001][ T9793] pgactivate 0 [ 327.673849][ T9793] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9793,uid=0 [ 327.778053][ T9793] Memory cgroup out of memory: Killed process 9793 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 327.792692][ T1061] oom_reaper: reaped process 9793 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:58:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r1, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:02 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:02 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r1, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r1, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:04 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:04 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 330.298729][ T9840] IPVS: ftp: loaded support on port[0] = 21 10:58:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 330.680645][ T9840] chnl_net:caif_netlink_parms(): no params data found [ 330.812280][ T9840] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.819516][ T9840] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.827601][ T9840] device bridge_slave_0 entered promiscuous mode [ 330.893176][ T9840] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.900447][ T9840] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.908478][ T9840] device bridge_slave_1 entered promiscuous mode [ 330.996639][ T9840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.024160][ T9840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.048485][ T9854] IPVS: ftp: loaded support on port[0] = 21 [ 331.093399][ T9840] team0: Port device team_slave_0 added [ 331.116299][ T9840] team0: Port device team_slave_1 added [ 331.247072][ T9840] device hsr_slave_0 entered promiscuous mode [ 331.284732][ T9840] device hsr_slave_1 entered promiscuous mode [ 331.325199][ T9840] debugfs: Directory 'hsr0' with parent '/' already present! [ 331.333088][ T9854] chnl_net:caif_netlink_parms(): no params data found [ 331.767137][ T9854] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.774318][ T9854] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.782267][ T9854] device bridge_slave_0 entered promiscuous mode [ 331.980449][ T9854] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.987764][ T9854] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.995947][ T9854] device bridge_slave_1 entered promiscuous mode [ 332.209046][ T9854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 332.220175][ T9854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 332.242240][ T9854] team0: Port device team_slave_0 added [ 332.250657][ T9854] team0: Port device team_slave_1 added [ 332.306943][ T9854] device hsr_slave_0 entered promiscuous mode [ 332.344507][ T9854] device hsr_slave_1 entered promiscuous mode [ 332.384277][ T9854] debugfs: Directory 'hsr0' with parent '/' already present! [ 332.593634][ T9858] IPVS: ftp: loaded support on port[0] = 21 [ 332.608861][ T9840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.843334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 332.851530][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.861675][ T9840] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.090548][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 333.099490][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 333.108294][ T9606] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.115421][ T9606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.123305][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 333.132117][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 333.141275][ T9606] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.148520][ T9606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.156082][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 333.174947][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 333.186142][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 333.206856][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 333.215973][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 333.224936][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 333.233931][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 333.242593][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 333.251136][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 333.259891][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 333.471599][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 333.480513][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 333.506673][ T9854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.515185][ T9840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 333.763923][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.771962][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.994804][ T9854] 8021q: adding VLAN 0 to HW filter on device team0 [ 334.013611][ T9858] chnl_net:caif_netlink_parms(): no params data found [ 334.024655][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 334.033551][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 334.042543][ T8254] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.049689][ T8254] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.066616][ T9840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.096834][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 334.105012][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 334.113799][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 334.122678][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.129955][ T8254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.138499][ T280] device bridge_slave_1 left promiscuous mode [ 334.144935][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.175808][ T280] device bridge_slave_0 left promiscuous mode [ 334.182032][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.225861][ T280] device bridge_slave_1 left promiscuous mode [ 334.232049][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.276425][ T280] device bridge_slave_0 left promiscuous mode [ 334.282720][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.325441][ T280] device bridge_slave_1 left promiscuous mode [ 334.331662][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.375453][ T280] device bridge_slave_0 left promiscuous mode [ 334.381641][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.795963][ T280] device hsr_slave_0 left promiscuous mode [ 339.854915][ T280] device hsr_slave_1 left promiscuous mode [ 339.904635][ T280] team0 (unregistering): Port device team_slave_1 removed [ 339.917019][ T280] team0 (unregistering): Port device team_slave_0 removed [ 339.928063][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 339.977907][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.057224][ T280] bond0 (unregistering): Released all slaves [ 340.174853][ T280] device hsr_slave_0 left promiscuous mode [ 340.224338][ T280] device hsr_slave_1 left promiscuous mode [ 340.290734][ T280] team0 (unregistering): Port device team_slave_1 removed [ 340.305481][ T280] team0 (unregistering): Port device team_slave_0 removed [ 340.318660][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 340.359000][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.427054][ T280] bond0 (unregistering): Released all slaves [ 340.546081][ T280] device hsr_slave_0 left promiscuous mode [ 340.594851][ T280] device hsr_slave_1 left promiscuous mode [ 340.663478][ T280] team0 (unregistering): Port device team_slave_1 removed [ 340.676400][ T280] team0 (unregistering): Port device team_slave_0 removed [ 340.687630][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 340.727760][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.815220][ T280] bond0 (unregistering): Released all slaves [ 340.888276][ T9858] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.895438][ T9858] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.903099][ T9858] device bridge_slave_0 entered promiscuous mode [ 340.915292][ T9858] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.922664][ T9858] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.930727][ T9858] device bridge_slave_1 entered promiscuous mode [ 340.940104][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 340.982172][ T9858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 340.994975][ T9858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 341.032040][ T9858] team0: Port device team_slave_0 added [ 341.042398][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 341.062201][ T9858] team0: Port device team_slave_1 added [ 341.130855][ T9866] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 341.141530][ T9866] CPU: 1 PID: 9866 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 341.149092][ T9866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.159147][ T9866] Call Trace: [ 341.162464][ T9866] dump_stack+0x1d8/0x2f8 [ 341.166897][ T9866] dump_header+0xd8/0x970 [ 341.171255][ T9866] oom_kill_process+0xcd/0x320 [ 341.176031][ T9866] out_of_memory+0x5e1/0x8a0 [ 341.180617][ T9866] ? unregister_oom_notifier+0x20/0x20 [ 341.186078][ T9866] memory_max_write+0x537/0x6a0 [ 341.191139][ T9866] ? memory_max_show+0xa0/0xa0 [ 341.195916][ T9866] ? memory_max_show+0xa0/0xa0 [ 341.200683][ T9866] cgroup_file_write+0x27b/0x6e0 [ 341.205669][ T9866] ? cgroup_seqfile_stop+0xc0/0xc0 [ 341.210802][ T9866] ? cgroup_seqfile_stop+0xc0/0xc0 [ 341.215925][ T9866] kernfs_fop_write+0x3e4/0x4f0 [ 341.221862][ T9866] ? kernfs_fop_read+0x580/0x580 [ 341.226815][ T9866] __vfs_write+0xf9/0x7d0 [ 341.231166][ T9866] ? retint_kernel+0x10/0x10 [ 341.235770][ T9866] ? __kernel_write+0x350/0x350 [ 341.240629][ T9866] ? rcu_irq_exit+0xe3/0x260 [ 341.245245][ T9866] ? __sb_start_write+0x39c/0x440 [ 341.250271][ T9866] ? __kasan_check_read+0x11/0x20 [ 341.255298][ T9866] vfs_write+0x275/0x590 [ 341.259546][ T9866] ksys_write+0x16b/0x2a0 [ 341.263983][ T9866] ? __ia32_sys_read+0x90/0x90 [ 341.268768][ T9866] ? do_syscall_64+0xc0/0x140 [ 341.273520][ T9866] __x64_sys_write+0x7b/0x90 [ 341.278122][ T9866] do_syscall_64+0xfe/0x140 [ 341.282615][ T9866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.288499][ T9866] RIP: 0033:0x459819 [ 341.292415][ T9866] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 341.313174][ T9866] RSP: 002b:00007fc10c2e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 341.321721][ T9866] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 341.329693][ T9866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 341.337668][ T9866] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 341.345641][ T9866] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc10c2e76d4 [ 341.353643][ T9866] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 341.363287][ T9866] memory: usage 5312kB, limit 0kB, failcnt 450119 [ 341.369868][ T9866] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 341.376884][ T9866] Memory cgroup stats for /syz2 [ 341.377011][ T9866] : [ 341.377841][ T9866] anon 4255744 [ 341.377841][ T9866] file 0 [ 341.377841][ T9866] kernel_stack 65536 [ 341.377841][ T9866] slab 544768 [ 341.377841][ T9866] sock 0 [ 341.377841][ T9866] shmem 0 [ 341.377841][ T9866] file_mapped 0 [ 341.377841][ T9866] file_dirty 0 [ 341.377841][ T9866] file_writeback 0 [ 341.377841][ T9866] anon_thp 4194304 [ 341.377841][ T9866] inactive_anon 0 [ 341.377841][ T9866] active_anon 4255744 [ 341.377841][ T9866] inactive_file 0 [ 341.377841][ T9866] active_file 0 [ 341.377841][ T9866] unevictable 0 [ 341.377841][ T9866] slab_reclaimable 135168 [ 341.377841][ T9866] slab_unreclaimable 409600 [ 341.377841][ T9866] pgfault 1221 [ 341.377841][ T9866] pgmajfault 0 [ 341.377841][ T9866] workingset_refault 0 [ 341.377841][ T9866] workingset_activate 0 [ 341.377841][ T9866] workingset_nodereclaim 0 [ 341.377841][ T9866] pgrefill 0 [ 341.377841][ T9866] pgscan 0 [ 341.377841][ T9866] pgsteal 0 [ 341.377841][ T9866] pgactivate 0 [ 341.384495][ T9866] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9865,uid=0 [ 341.489199][ T9866] Memory cgroup out of memory: Killed process 9865 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 341.504493][ T9858] device hsr_slave_0 entered promiscuous mode [ 341.508306][ T1061] oom_reaper: reaped process 9865 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 341.535112][ T9858] device hsr_slave_1 entered promiscuous mode [ 341.583952][ T9840] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 341.595233][ T9840] CPU: 0 PID: 9840 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 341.602966][ T9840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.613114][ T9840] Call Trace: [ 341.616410][ T9840] dump_stack+0x1d8/0x2f8 [ 341.620731][ T9840] dump_header+0xd8/0x970 [ 341.625083][ T9840] oom_kill_process+0xcd/0x320 [ 341.629848][ T9840] out_of_memory+0x5e1/0x8a0 [ 341.634438][ T9840] ? unregister_oom_notifier+0x20/0x20 [ 341.640102][ T9840] ? __kasan_check_read+0x11/0x20 [ 341.645126][ T9840] try_charge+0x134a/0x17b0 [ 341.649665][ T9840] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 341.655597][ T9840] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 341.661337][ T9840] ? rcu_lock_acquire+0x30/0x30 [ 341.666180][ T9840] __memcg_kmem_charge_memcg+0x78/0x180 [ 341.671735][ T9840] ? __lock_acquire+0x4750/0x4750 [ 341.676864][ T9840] ? memcg_kmem_put_cache+0x50/0x50 [ 341.682063][ T9840] kmem_getpages+0x411/0x970 [ 341.686663][ T9840] cache_grow_begin+0x7e/0x2c0 [ 341.691518][ T9840] ? __cpuset_node_allowed+0x198/0x530 [ 341.696993][ T9840] fallback_alloc+0x134/0x1c0 [ 341.701674][ T9840] ____cache_alloc_node+0x22a/0x250 [ 341.706884][ T9840] kmem_cache_alloc+0x157/0x2e0 [ 341.711742][ T9840] ? __alloc_file+0x29/0x350 [ 341.716329][ T9840] __alloc_file+0x29/0x350 [ 341.720743][ T9840] ? alloc_empty_file+0x4c/0x1b0 [ 341.725673][ T9840] alloc_empty_file+0xac/0x1b0 [ 341.730447][ T9840] path_openat+0x12b/0x4440 [ 341.734979][ T9840] ? trace_lock_acquire+0x1b0/0x1b0 [ 341.740205][ T9840] ? do_filp_open+0x430/0x430 [ 341.744869][ T9840] ? __kasan_kmalloc+0x178/0x1b0 [ 341.749813][ T9840] ? __kasan_kmalloc+0x11c/0x1b0 [ 341.754738][ T9840] ? kasan_slab_alloc+0xf/0x20 [ 341.759503][ T9840] ? kmem_cache_alloc+0x1e9/0x2e0 [ 341.764624][ T9840] ? getname_flags+0xba/0x640 [ 341.769330][ T9840] ? getname+0x19/0x20 [ 341.773390][ T9840] ? do_sys_open+0x2fc/0x620 [ 341.778269][ T9840] ? __x64_sys_open+0x87/0x90 [ 341.783202][ T9840] ? do_syscall_64+0xfe/0x140 [ 341.788001][ T9840] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.794118][ T9840] do_filp_open+0x1f7/0x430 [ 341.798635][ T9840] ? vfs_tmpfile+0x230/0x230 [ 341.803229][ T9840] ? __lock_acquire+0x4750/0x4750 [ 341.808256][ T9840] ? do_raw_spin_unlock+0x49/0x260 [ 341.813388][ T9840] ? _raw_spin_unlock+0x22/0x30 [ 341.818240][ T9840] ? __alloc_fd+0x58f/0x630 [ 341.822749][ T9840] ? get_unused_fd_flags+0x97/0xb0 [ 341.827956][ T9840] do_sys_open+0x343/0x620 [ 341.832371][ T9840] ? file_open_root+0x440/0x440 [ 341.837338][ T9840] ? prepare_exit_to_usermode+0x1f7/0x580 [ 341.843182][ T9840] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 341.848938][ T9840] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 341.854431][ T9840] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 341.860145][ T9840] ? do_syscall_64+0x1d/0x140 [ 341.864831][ T9840] __x64_sys_open+0x87/0x90 [ 341.869343][ T9840] do_syscall_64+0xfe/0x140 [ 341.873953][ T9840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.879855][ T9840] RIP: 0033:0x457790 [ 341.883782][ T9840] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 341.903490][ T9840] RSP: 002b:00007fffc1eb57f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 341.911964][ T9840] RAX: ffffffffffffffda RBX: 0000000000053475 RCX: 0000000000457790 [ 341.920130][ T9840] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007fffc1eb69d0 [ 341.928203][ T9840] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556a64940 [ 341.936184][ T9840] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fffc1eb69d0 [ 341.944251][ T9840] R13: 00007fffc1eb69c0 R14: 0000000000000000 R15: 00007fffc1eb69d0 [ 341.952850][ T9840] memory: usage 932kB, limit 0kB, failcnt 450135 [ 341.959336][ T9840] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 341.966265][ T9840] Memory cgroup stats for /syz2: [ 341.966339][ T9840] anon 57344 [ 341.966339][ T9840] file 0 [ 341.966339][ T9840] kernel_stack 0 [ 341.966339][ T9840] slab 544768 [ 341.966339][ T9840] sock 0 [ 341.966339][ T9840] shmem 0 [ 341.966339][ T9840] file_mapped 0 [ 341.966339][ T9840] file_dirty 0 [ 341.966339][ T9840] file_writeback 0 [ 341.966339][ T9840] anon_thp 0 [ 341.966339][ T9840] inactive_anon 0 [ 341.966339][ T9840] active_anon 57344 [ 341.966339][ T9840] inactive_file 0 [ 341.966339][ T9840] active_file 0 [ 341.966339][ T9840] unevictable 0 [ 341.966339][ T9840] slab_reclaimable 135168 [ 341.966339][ T9840] slab_unreclaimable 409600 [ 341.966339][ T9840] pgfault 1221 [ 341.966339][ T9840] pgmajfault 0 [ 341.966339][ T9840] workingset_refault 0 [ 341.966339][ T9840] workingset_activate 0 [ 341.966339][ T9840] workingset_nodereclaim 0 [ 341.966339][ T9840] pgrefill 0 [ 341.966339][ T9840] pgscan 0 [ 341.966339][ T9840] pgsteal 0 [ 341.966339][ T9840] pgactivate 0 [ 341.966339][ T9840] pgdeactivate 0 [ 342.069979][ T9840] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9840,uid=0 [ 342.085771][ T9840] Memory cgroup out of memory: Killed process 9840 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 342.100388][ T1061] oom_reaper: reaped process 9840 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 342.115011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 342.124577][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 342.134004][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 342.143474][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 342.152856][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 342.248562][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 342.257291][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 342.463827][ T9854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 342.475319][ T9854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 342.495519][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 342.504240][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 342.538575][ T9858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.553558][ T9854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.567283][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 342.576406][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 342.588281][ T9858] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.604898][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 342.613773][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 342.622584][ T9472] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.629763][ T9472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 342.660792][ T9858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 342.671351][ T9858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 342.683926][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 342.692372][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 342.701328][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 342.709907][ T9472] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.717322][ T9472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.725238][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 342.734186][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 342.743138][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 342.753263][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 342.761976][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 342.770924][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 342.779697][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 342.788368][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 342.797055][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 342.805668][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 342.825524][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 342.833614][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 342.857225][ T9858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 343.132842][ T9881] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 343.145343][ T9881] CPU: 0 PID: 9881 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 343.152913][ T9881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.162989][ T9881] Call Trace: [ 343.166311][ T9881] dump_stack+0x1d8/0x2f8 [ 343.170805][ T9881] dump_header+0xd8/0x970 [ 343.175163][ T9881] oom_kill_process+0xcd/0x320 [ 343.179953][ T9881] out_of_memory+0x5e1/0x8a0 [ 343.184569][ T9881] ? unregister_oom_notifier+0x20/0x20 [ 343.190585][ T9881] memory_max_write+0x537/0x6a0 [ 343.195509][ T9881] ? memory_max_show+0xa0/0xa0 [ 343.200516][ T9881] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 343.205917][ T9881] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 343.211410][ T9881] ? retint_kernel+0x10/0x10 [ 343.216771][ T9881] ? memory_max_show+0xa0/0xa0 [ 343.222090][ T9881] cgroup_file_write+0x27b/0x6e0 [ 343.227322][ T9881] ? cgroup_seqfile_stop+0xc0/0xc0 [ 343.232747][ T9881] ? cgroup_seqfile_stop+0xc0/0xc0 [ 343.237891][ T9881] ? kernfs_fop_write+0x349/0x4f0 [ 343.242943][ T9881] ? cgroup_seqfile_stop+0xc0/0xc0 [ 343.248085][ T9881] kernfs_fop_write+0x3e4/0x4f0 [ 343.253071][ T9881] ? kernfs_fop_read+0x580/0x580 [ 343.258065][ T9881] __vfs_write+0xf9/0x7d0 [ 343.262445][ T9881] ? retint_kernel+0x10/0x10 [ 343.267344][ T9881] ? __kernel_write+0x350/0x350 [ 343.272221][ T9881] ? rcu_irq_exit+0xe3/0x260 [ 343.276947][ T9881] ? __sb_start_write+0x39c/0x440 [ 343.282001][ T9881] vfs_write+0x275/0x590 [ 343.286279][ T9881] ksys_write+0x16b/0x2a0 [ 343.290634][ T9881] ? __ia32_sys_read+0x90/0x90 [ 343.295428][ T9881] ? do_syscall_64+0xc0/0x140 [ 343.300133][ T9881] __x64_sys_write+0x7b/0x90 [ 343.304759][ T9881] do_syscall_64+0xfe/0x140 [ 343.309464][ T9881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 343.315508][ T9881] RIP: 0033:0x459819 [ 343.319602][ T9881] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.339392][ T9881] RSP: 002b:00007f44ae0e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 343.348540][ T9881] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 343.356714][ T9881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 343.365054][ T9881] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 343.373052][ T9881] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44ae0e46d4 [ 343.381311][ T9881] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 343.403126][ T9881] memory: usage 4348kB, limit 0kB, failcnt 39 [ 343.409673][ T9881] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 343.416844][ T9881] Memory cgroup stats for /syz3: [ 343.418391][ T9881] anon 2224128 [ 343.418391][ T9881] file 12288 [ 343.418391][ T9881] kernel_stack 0 [ 343.418391][ T9881] slab 2248704 [ 343.418391][ T9881] sock 0 [ 343.418391][ T9881] shmem 8192 [ 343.418391][ T9881] file_mapped 0 [ 343.418391][ T9881] file_dirty 0 [ 343.418391][ T9881] file_writeback 0 [ 343.418391][ T9881] anon_thp 2097152 [ 343.418391][ T9881] inactive_anon 0 [ 343.418391][ T9881] active_anon 2224128 [ 343.418391][ T9881] inactive_file 0 [ 343.418391][ T9881] active_file 0 [ 343.418391][ T9881] unevictable 0 [ 343.418391][ T9881] slab_reclaimable 811008 [ 343.418391][ T9881] slab_unreclaimable 1437696 [ 343.418391][ T9881] pgfault 5808 [ 343.418391][ T9881] pgmajfault 0 [ 343.418391][ T9881] workingset_refault 0 [ 343.418391][ T9881] workingset_activate 0 [ 343.418391][ T9881] workingset_nodereclaim 0 [ 343.418391][ T9881] pgrefill 0 [ 343.418391][ T9881] pgscan 0 [ 343.418391][ T9881] pgsteal 0 [ 343.418391][ T9881] pgactivate 0 [ 343.513492][ T9881] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9879,uid=0 [ 343.529771][ T9881] Memory cgroup out of memory: Killed process 9879 (syz-executor.3) total-vm:72576kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 343.546387][ T1061] oom_reaper: reaped process 9879 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 343.569218][ T9875] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 343.580019][ T9875] CPU: 1 PID: 9875 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 343.587856][ T9875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.597936][ T9875] Call Trace: [ 343.601263][ T9875] dump_stack+0x1d8/0x2f8 [ 343.605718][ T9875] dump_header+0xd8/0x970 [ 343.610083][ T9875] oom_kill_process+0xcd/0x320 [ 343.614879][ T9875] out_of_memory+0x5e1/0x8a0 [ 343.619491][ T9875] ? retint_kernel+0x10/0x10 [ 343.624152][ T9875] ? unregister_oom_notifier+0x20/0x20 [ 343.629655][ T9875] memory_max_write+0x537/0x6a0 [ 343.634558][ T9875] ? memory_max_show+0xa0/0xa0 [ 343.639356][ T9875] ? trace_lock_acquire+0x154/0x1b0 [ 343.644587][ T9875] ? lock_acquire+0x158/0x250 [ 343.649288][ T9875] ? kernfs_fop_write+0x22e/0x4f0 [ 343.654337][ T9875] ? memory_max_show+0xa0/0xa0 [ 343.659132][ T9875] cgroup_file_write+0x27b/0x6e0 [ 343.664108][ T9875] ? cgroup_seqfile_stop+0xc0/0xc0 [ 343.669253][ T9875] ? cgroup_seqfile_stop+0xc0/0xc0 [ 343.674402][ T9875] kernfs_fop_write+0x3e4/0x4f0 [ 343.679292][ T9875] ? kernfs_fop_read+0x580/0x580 [ 343.684257][ T9875] __vfs_write+0xf9/0x7d0 [ 343.689129][ T9875] ? __kernel_write+0x350/0x350 [ 343.694011][ T9875] ? trace_lock_acquire+0x154/0x1b0 [ 343.699266][ T9875] ? __sb_start_write+0x39c/0x440 [ 343.704321][ T9875] vfs_write+0x275/0x590 [ 343.708617][ T9875] ksys_write+0x16b/0x2a0 [ 343.713059][ T9875] ? __ia32_sys_read+0x90/0x90 [ 343.717847][ T9875] ? prepare_exit_to_usermode+0x1f7/0x580 [ 343.723602][ T9875] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 343.729104][ T9875] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 343.734908][ T9875] ? do_syscall_64+0x1d/0x140 [ 343.739702][ T9875] __x64_sys_write+0x7b/0x90 [ 343.744339][ T9875] do_syscall_64+0xfe/0x140 [ 343.748895][ T9875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 343.754817][ T9875] RIP: 0033:0x459819 [ 343.758728][ T9875] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.778354][ T9875] RSP: 002b:00007fa02af8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 343.786795][ T9875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 343.794789][ T9875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 343.802785][ T9875] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 343.810782][ T9875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa02af8c6d4 [ 343.818780][ T9875] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 343.832109][ T9875] memory: usage 5356kB, limit 0kB, failcnt 55 [ 343.838799][ T9875] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 343.846399][ T9875] Memory cgroup stats for /syz5: [ 343.848267][ T9875] anon 4251648 [ 343.848267][ T9875] file 0 [ 343.848267][ T9875] kernel_stack 65536 [ 343.848267][ T9875] slab 1089536 [ 343.848267][ T9875] sock 0 [ 343.848267][ T9875] shmem 0 [ 343.848267][ T9875] file_mapped 0 [ 343.848267][ T9875] file_dirty 0 [ 343.848267][ T9875] file_writeback 0 [ 343.848267][ T9875] anon_thp 4194304 [ 343.848267][ T9875] inactive_anon 0 [ 343.848267][ T9875] active_anon 4251648 [ 343.848267][ T9875] inactive_file 0 [ 343.848267][ T9875] active_file 0 [ 343.848267][ T9875] unevictable 0 [ 343.848267][ T9875] slab_reclaimable 405504 [ 343.848267][ T9875] slab_unreclaimable 684032 [ 343.848267][ T9875] pgfault 3927 [ 343.848267][ T9875] pgmajfault 0 [ 343.848267][ T9875] workingset_refault 0 [ 343.848267][ T9875] workingset_activate 0 [ 343.848267][ T9875] workingset_nodereclaim 0 [ 343.848267][ T9875] pgrefill 0 [ 343.848267][ T9875] pgscan 0 [ 343.848267][ T9875] pgsteal 0 [ 343.848267][ T9875] pgactivate 0 [ 343.944137][ T9875] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9873,uid=0 [ 343.960716][ T9875] Memory cgroup out of memory: Killed process 9873 (syz-executor.5) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 343.997034][ T1061] oom_reaper: reaped process 9873 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 10:58:17 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:17 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:17 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:17 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 344.092109][ T9858] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 344.102367][ T9858] CPU: 0 PID: 9858 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 344.109930][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.120004][ T9858] Call Trace: [ 344.123328][ T9858] dump_stack+0x1d8/0x2f8 [ 344.127747][ T9858] dump_header+0xd8/0x970 [ 344.132107][ T9858] oom_kill_process+0xcd/0x320 [ 344.136989][ T9858] out_of_memory+0x5e1/0x8a0 10:58:17 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 344.141605][ T9858] ? unregister_oom_notifier+0x20/0x20 [ 344.147099][ T9858] ? __kasan_check_read+0x11/0x20 [ 344.152162][ T9858] try_charge+0x134a/0x17b0 [ 344.156727][ T9858] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 344.162581][ T9858] ? __lock_acquire+0x4750/0x4750 [ 344.167734][ T9858] ? rcu_lock_release+0x15/0x20 [ 344.172614][ T9858] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 344.178187][ T9858] mem_cgroup_try_charge+0x216/0x560 [ 344.183507][ T9858] mem_cgroup_try_charge_delay+0x25/0xa0 [ 344.189173][ T9858] wp_page_copy+0x367/0x18c0 [ 344.193978][ T9858] ? rcu_lock_release+0x30/0x30 [ 344.198857][ T9858] ? __lock_acquire+0x4750/0x4750 [ 344.203934][ T9858] ? __kasan_check_read+0x11/0x20 [ 344.208988][ T9858] ? do_raw_spin_unlock+0x49/0x260 [ 344.214139][ T9858] do_wp_page+0x2c9/0x1ce0 [ 344.218588][ T9858] ? __rwlock_init+0x130/0x130 [ 344.223737][ T9858] ? count_memcg_event_mm+0x300/0x300 [ 344.229172][ T9858] handle_mm_fault+0x2bcf/0x6080 [ 344.234164][ T9858] ? finish_fault+0x230/0x230 [ 344.238972][ T9858] ? vmacache_find+0x566/0x5b0 [ 344.243757][ T9858] ? vmacache_update+0xb7/0x120 [ 344.248642][ T9858] do_user_addr_fault+0x589/0xaf0 [ 344.253713][ T9858] __do_page_fault+0xd3/0x1f0 [ 344.258423][ T9858] do_page_fault+0x99/0xb0 [ 344.262955][ T9858] page_fault+0x39/0x40 [ 344.267222][ T9858] RIP: 0033:0x4308f6 [ 344.271133][ T9858] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 344.290758][ T9858] RSP: 002b:00007ffd252a3710 EFLAGS: 00010206 [ 344.296881][ T9858] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 344.304883][ T9858] RDX: 0000555556787930 RSI: 000055555678f970 RDI: 0000000000000003 [ 344.313051][ T9858] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556786940 [ 344.321049][ T9858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 344.329040][ T9858] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 344.337931][ T9858] memory: usage 2016kB, limit 0kB, failcnt 47 [ 344.344042][ T9858] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 344.351061][ T9858] Memory cgroup stats for /syz3: [ 344.351173][ T9858] anon 0 [ 344.351173][ T9858] file 12288 [ 344.351173][ T9858] kernel_stack 0 [ 344.351173][ T9858] slab 2248704 [ 344.351173][ T9858] sock 0 [ 344.351173][ T9858] shmem 8192 [ 344.351173][ T9858] file_mapped 0 [ 344.351173][ T9858] file_dirty 0 [ 344.351173][ T9858] file_writeback 0 [ 344.351173][ T9858] anon_thp 0 [ 344.351173][ T9858] inactive_anon 0 10:58:18 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 344.351173][ T9858] active_anon 0 [ 344.351173][ T9858] inactive_file 0 [ 344.351173][ T9858] active_file 0 [ 344.351173][ T9858] unevictable 0 [ 344.351173][ T9858] slab_reclaimable 811008 [ 344.351173][ T9858] slab_unreclaimable 1437696 [ 344.351173][ T9858] pgfault 5808 [ 344.351173][ T9858] pgmajfault 0 [ 344.351173][ T9858] workingset_refault 0 [ 344.351173][ T9858] workingset_activate 0 [ 344.351173][ T9858] workingset_nodereclaim 0 [ 344.351173][ T9858] pgrefill 0 [ 344.351173][ T9858] pgscan 0 [ 344.351173][ T9858] pgsteal 0 [ 344.351173][ T9858] pgactivate 0 [ 344.351173][ T9858] pgdeactivate 0 [ 344.447399][ T9858] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9858,uid=0 [ 344.462944][ T9858] Memory cgroup out of memory: Killed process 9858 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 344.477272][ T1061] oom_reaper: reaped process 9858 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 344.488802][ T9854] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 344.498927][ T9854] CPU: 1 PID: 9854 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 344.498941][ T9854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.516570][ T9854] Call Trace: [ 344.516599][ T9854] dump_stack+0x1d8/0x2f8 [ 344.516611][ T9854] dump_header+0xd8/0x970 [ 344.516623][ T9854] oom_kill_process+0xcd/0x320 [ 344.516633][ T9854] out_of_memory+0x5e1/0x8a0 [ 344.516643][ T9854] ? unregister_oom_notifier+0x20/0x20 [ 344.516654][ T9854] ? __kasan_check_read+0x11/0x20 [ 344.516670][ T9854] try_charge+0x134a/0x17b0 [ 344.516697][ T9854] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 344.516715][ T9854] ? __lock_acquire+0x4750/0x4750 [ 344.516731][ T9854] ? rcu_lock_release+0x15/0x20 [ 344.569074][ T9854] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 344.574641][ T9854] mem_cgroup_try_charge+0x216/0x560 [ 344.579966][ T9854] mem_cgroup_try_charge_delay+0x25/0xa0 [ 344.585619][ T9854] handle_mm_fault+0x31f3/0x6080 [ 344.590587][ T9854] ? finish_fault+0x230/0x230 [ 344.595286][ T9854] ? vmacache_find+0x251/0x5b0 [ 344.600685][ T9854] do_user_addr_fault+0x589/0xaf0 [ 344.605731][ T9854] __do_page_fault+0xd3/0x1f0 [ 344.610417][ T9854] do_page_fault+0x99/0xb0 [ 344.610430][ T9854] page_fault+0x39/0x40 [ 344.610440][ T9854] RIP: 0033:0x403442 [ 344.610451][ T9854] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 344.610463][ T9854] RSP: 002b:00007ffd6ee62e50 EFLAGS: 00010246 [ 344.648985][ T9854] RAX: 0000000000000000 RBX: 0000000000053fce RCX: 0000000000413420 [ 344.656978][ T9854] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd6ee63f80 [ 344.665066][ T9854] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556bc3940 [ 344.673056][ T9854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd6ee63f80 [ 344.681045][ T9854] R13: 00007ffd6ee63f70 R14: 0000000000000000 R15: 00007ffd6ee63f80 10:58:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 344.690172][ T9854] memory: usage 932kB, limit 0kB, failcnt 71 [ 344.696247][ T9854] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 344.703110][ T9854] Memory cgroup stats for /syz5: [ 344.703235][ T9854] anon 61440 [ 344.703235][ T9854] file 0 [ 344.703235][ T9854] kernel_stack 0 [ 344.703235][ T9854] slab 1089536 [ 344.703235][ T9854] sock 0 [ 344.703235][ T9854] shmem 0 [ 344.703235][ T9854] file_mapped 0 [ 344.703235][ T9854] file_dirty 0 [ 344.703235][ T9854] file_writeback 0 [ 344.703235][ T9854] anon_thp 0 [ 344.703235][ T9854] inactive_anon 0 [ 344.703235][ T9854] active_anon 61440 [ 344.703235][ T9854] inactive_file 0 [ 344.703235][ T9854] active_file 0 [ 344.703235][ T9854] unevictable 0 [ 344.703235][ T9854] slab_reclaimable 405504 [ 344.703235][ T9854] slab_unreclaimable 684032 [ 344.703235][ T9854] pgfault 3960 [ 344.703235][ T9854] pgmajfault 0 [ 344.703235][ T9854] workingset_refault 0 [ 344.703235][ T9854] workingset_activate 0 [ 344.703235][ T9854] workingset_nodereclaim 0 [ 344.703235][ T9854] pgrefill 0 [ 344.703235][ T9854] pgscan 0 [ 344.703235][ T9854] pgsteal 0 [ 344.703235][ T9854] pgactivate 0 [ 344.703235][ T9854] pgdeactivate 0 [ 344.799293][ T9854] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9854,uid=0 [ 344.815086][ T9854] Memory cgroup out of memory: Killed process 9854 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 344.854541][ T1061] oom_reaper: reaped process 9854 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:58:18 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:18 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:18 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:20 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:20 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:20 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:20 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 347.051849][ T9916] IPVS: ftp: loaded support on port[0] = 21 [ 347.351108][ T9916] chnl_net:caif_netlink_parms(): no params data found [ 347.463743][ T9916] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.471030][ T9916] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.479144][ T9916] device bridge_slave_0 entered promiscuous mode [ 347.537371][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.544606][ T9916] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.552589][ T9916] device bridge_slave_1 entered promiscuous mode [ 347.572966][ T9916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.585669][ T9916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.607673][ T9916] team0: Port device team_slave_0 added [ 347.615295][ T9916] team0: Port device team_slave_1 added [ 347.696954][ T9916] device hsr_slave_0 entered promiscuous mode [ 347.714554][ T9916] device hsr_slave_1 entered promiscuous mode [ 347.754198][ T9916] debugfs: Directory 'hsr0' with parent '/' already present! [ 348.213646][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.220796][ T9916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.228198][ T9916] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.235340][ T9916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.246351][ T2820] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.254679][ T2820] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.475337][ T9916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.677736][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 348.685730][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 348.697432][ T9916] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.706814][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 348.715839][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 348.724577][ T8255] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.731651][ T8255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.995475][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 349.004726][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 349.014721][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.021787][ T8254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 349.029569][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 349.039016][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 349.047895][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 349.056505][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 349.065136][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 349.073714][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 349.082375][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 349.090854][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 349.099355][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 349.107799][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 349.124772][ T9927] IPVS: ftp: loaded support on port[0] = 21 [ 349.325473][ T9916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 349.334564][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 349.811739][ T9916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 349.825035][ T9927] chnl_net:caif_netlink_parms(): no params data found [ 350.068566][ T9927] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.076058][ T9927] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.084047][ T9927] device bridge_slave_0 entered promiscuous mode [ 350.092609][ T9927] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.099924][ T9927] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.108107][ T9927] device bridge_slave_1 entered promiscuous mode [ 350.335396][ T9927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.346904][ T280] device bridge_slave_1 left promiscuous mode [ 350.353179][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.405494][ T280] device bridge_slave_0 left promiscuous mode [ 350.411763][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.452109][ T9935] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 350.463268][ T9935] CPU: 1 PID: 9935 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 350.470839][ T9935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.480889][ T9935] Call Trace: [ 350.484210][ T9935] dump_stack+0x1d8/0x2f8 [ 350.488547][ T9935] dump_header+0xd8/0x970 [ 350.492965][ T9935] oom_kill_process+0xcd/0x320 [ 350.497732][ T9935] out_of_memory+0x5e1/0x8a0 [ 350.502314][ T9935] ? retint_kernel+0x10/0x10 [ 350.506925][ T9935] ? unregister_oom_notifier+0x20/0x20 [ 350.512561][ T9935] memory_max_write+0x537/0x6a0 [ 350.517426][ T9935] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 350.522717][ T9935] ? memory_max_show+0xa0/0xa0 [ 350.527482][ T9935] ? rcu_irq_exit+0xe3/0x260 [ 350.532074][ T9935] ? memory_max_show+0xa0/0xa0 [ 350.536855][ T9935] ? cgroup_file_write+0x1a6/0x6e0 [ 350.541991][ T9935] ? cgroup_file_write+0x267/0x6e0 [ 350.547103][ T9935] ? memory_max_show+0xa0/0xa0 [ 350.552151][ T9935] cgroup_file_write+0x27b/0x6e0 [ 350.557090][ T9935] ? cgroup_seqfile_stop+0xc0/0xc0 [ 350.562286][ T9935] ? cgroup_seqfile_stop+0xc0/0xc0 [ 350.567416][ T9935] kernfs_fop_write+0x3e4/0x4f0 [ 350.572278][ T9935] ? kernfs_fop_read+0x580/0x580 [ 350.577245][ T9935] __vfs_write+0xf9/0x7d0 [ 350.581572][ T9935] ? retint_kernel+0x10/0x10 [ 350.586172][ T9935] ? __kernel_write+0x350/0x350 [ 350.591034][ T9935] ? rcu_irq_exit+0xe3/0x260 [ 350.595650][ T9935] ? __sb_start_write+0x39c/0x440 [ 350.600695][ T9935] vfs_write+0x275/0x590 [ 350.604952][ T9935] ksys_write+0x16b/0x2a0 [ 350.609370][ T9935] ? __ia32_sys_read+0x90/0x90 [ 350.614135][ T9935] ? retint_kernel+0x10/0x10 [ 350.618750][ T9935] __x64_sys_write+0x7b/0x90 [ 350.623339][ T9935] do_syscall_64+0xfe/0x140 [ 350.627849][ T9935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 350.633742][ T9935] RIP: 0033:0x459819 [ 350.637762][ T9935] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 350.657385][ T9935] RSP: 002b:00007fa71f4eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 350.665800][ T9935] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 350.673901][ T9935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 350.682082][ T9935] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 350.690084][ T9935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa71f4eb6d4 [ 350.698117][ T9935] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 350.710062][ T9935] memory: usage 5372kB, limit 0kB, failcnt 450138 [ 350.716667][ T9935] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.723708][ T9935] Memory cgroup stats for /syz2: [ 350.724996][ T9935] anon 4251648 [ 350.724996][ T9935] file 0 [ 350.724996][ T9935] kernel_stack 131072 [ 350.724996][ T9935] slab 544768 [ 350.724996][ T9935] sock 0 [ 350.724996][ T9935] shmem 0 [ 350.724996][ T9935] file_mapped 0 [ 350.724996][ T9935] file_dirty 0 [ 350.724996][ T9935] file_writeback 0 [ 350.724996][ T9935] anon_thp 4194304 [ 350.724996][ T9935] inactive_anon 0 [ 350.724996][ T9935] active_anon 4251648 [ 350.724996][ T9935] inactive_file 0 [ 350.724996][ T9935] active_file 0 [ 350.724996][ T9935] unevictable 0 [ 350.724996][ T9935] slab_reclaimable 135168 [ 350.724996][ T9935] slab_unreclaimable 409600 [ 350.724996][ T9935] pgfault 1287 [ 350.724996][ T9935] pgmajfault 0 [ 350.724996][ T9935] workingset_refault 0 [ 350.724996][ T9935] workingset_activate 0 [ 350.724996][ T9935] workingset_nodereclaim 0 [ 350.724996][ T9935] pgrefill 0 [ 350.724996][ T9935] pgscan 0 [ 350.724996][ T9935] pgsteal 0 [ 350.724996][ T9935] pgactivate 0 [ 350.819668][ T9935] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9934,uid=0 [ 350.835510][ T9935] Memory cgroup out of memory: Killed process 9934 (syz-executor.2) total-vm:72708kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB [ 350.851996][ T280] device bridge_slave_1 left promiscuous mode [ 350.853957][ T1061] oom_reaper: reaped process 9934 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 350.858373][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.918709][ T280] device bridge_slave_0 left promiscuous mode [ 350.925286][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.968151][ T280] device bridge_slave_1 left promiscuous mode [ 350.974654][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.025531][ T280] device bridge_slave_0 left promiscuous mode [ 351.032625][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.069144][ T9916] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 351.079197][ T9916] CPU: 0 PID: 9916 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 351.086785][ T9916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.096860][ T9916] Call Trace: [ 351.100171][ T9916] dump_stack+0x1d8/0x2f8 [ 351.104526][ T9916] dump_header+0xd8/0x970 [ 351.110204][ T9916] oom_kill_process+0xcd/0x320 [ 351.114999][ T9916] out_of_memory+0x5e1/0x8a0 [ 351.119621][ T9916] ? unregister_oom_notifier+0x20/0x20 [ 351.125186][ T9916] ? __kasan_check_read+0x11/0x20 [ 351.130242][ T9916] try_charge+0x134a/0x17b0 [ 351.134785][ T9916] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 351.141925][ T9916] ? __lock_acquire+0x4750/0x4750 [ 351.146974][ T9916] ? rcu_lock_release+0x15/0x20 [ 351.146987][ T9916] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 351.146997][ T9916] mem_cgroup_try_charge+0x216/0x560 [ 351.147011][ T9916] mem_cgroup_try_charge_delay+0x25/0xa0 10:58:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:24 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:24 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 351.147023][ T9916] wp_page_copy+0x367/0x18c0 [ 351.147041][ T9916] ? rcu_lock_release+0x30/0x30 [ 351.147054][ T9916] ? __lock_acquire+0x4750/0x4750 [ 351.147067][ T9916] ? __kasan_check_read+0x11/0x20 [ 351.147077][ T9916] ? do_raw_spin_unlock+0x49/0x260 [ 351.147090][ T9916] do_wp_page+0x2c9/0x1ce0 [ 351.147107][ T9916] ? __rwlock_init+0x130/0x130 [ 351.147118][ T9916] ? count_memcg_event_mm+0x300/0x300 [ 351.147136][ T9916] handle_mm_fault+0x2bcf/0x6080 [ 351.147158][ T9916] ? finish_fault+0x230/0x230 10:58:24 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 351.147176][ T9916] ? vmacache_find+0x251/0x5b0 [ 351.222274][ T9916] do_user_addr_fault+0x589/0xaf0 [ 351.227335][ T9916] __do_page_fault+0xd3/0x1f0 [ 351.232043][ T9916] do_page_fault+0x99/0xb0 [ 351.236479][ T9916] page_fault+0x39/0x40 [ 351.240649][ T9916] RIP: 0033:0x403442 [ 351.244550][ T9916] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 351.264173][ T9916] RSP: 002b:00007ffd10d5ac50 EFLAGS: 00010246 [ 351.270286][ T9916] RAX: 0000000000000000 RBX: 00000000000558db RCX: 0000000000413420 [ 351.278274][ T9916] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd10d5bd80 [ 351.286265][ T9916] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555b63940 [ 351.294264][ T9916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd10d5bd80 [ 351.302253][ T9916] R13: 00007ffd10d5bd70 R14: 0000000000000000 R15: 00007ffd10d5bd80 [ 351.310673][ T9916] memory: usage 952kB, limit 0kB, failcnt 450154 10:58:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 351.317096][ T9916] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.323963][ T9916] Memory cgroup stats for /syz2: [ 351.324161][ T9916] anon 61440 [ 351.324161][ T9916] file 0 [ 351.324161][ T9916] kernel_stack 65536 [ 351.324161][ T9916] slab 544768 [ 351.324161][ T9916] sock 0 [ 351.324161][ T9916] shmem 0 [ 351.324161][ T9916] file_mapped 0 [ 351.324161][ T9916] file_dirty 0 [ 351.324161][ T9916] file_writeback 0 [ 351.324161][ T9916] anon_thp 0 [ 351.324161][ T9916] inactive_anon 0 [ 351.324161][ T9916] active_anon 61440 [ 351.324161][ T9916] inactive_file 0 [ 351.324161][ T9916] active_file 0 [ 351.324161][ T9916] unevictable 0 [ 351.324161][ T9916] slab_reclaimable 135168 [ 351.324161][ T9916] slab_unreclaimable 409600 [ 351.324161][ T9916] pgfault 1287 [ 351.324161][ T9916] pgmajfault 0 [ 351.324161][ T9916] workingset_refault 0 [ 351.324161][ T9916] workingset_activate 0 [ 351.324161][ T9916] workingset_nodereclaim 0 [ 351.324161][ T9916] pgrefill 0 [ 351.324161][ T9916] pgscan 0 [ 351.324161][ T9916] pgsteal 0 [ 351.324161][ T9916] pgactivate 0 [ 351.324161][ T9916] pgdeactivate 0 [ 351.420304][ T9916] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9916,uid=0 [ 351.420386][ T9916] Memory cgroup out of memory: Killed process 9916 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB 10:58:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 357.345114][ T280] device hsr_slave_0 left promiscuous mode [ 357.394864][ T280] device hsr_slave_1 left promiscuous mode [ 357.441302][ T280] team0 (unregistering): Port device team_slave_1 removed [ 357.456300][ T280] team0 (unregistering): Port device team_slave_0 removed [ 357.467142][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.508541][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.585598][ T280] bond0 (unregistering): Released all slaves [ 357.695386][ T280] device hsr_slave_0 left promiscuous mode [ 357.734523][ T280] device hsr_slave_1 left promiscuous mode [ 357.784296][ T280] team0 (unregistering): Port device team_slave_1 removed [ 357.796852][ T280] team0 (unregistering): Port device team_slave_0 removed [ 357.807573][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.848620][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.924753][ T280] bond0 (unregistering): Released all slaves [ 358.055297][ T280] device hsr_slave_0 left promiscuous mode [ 358.094871][ T280] device hsr_slave_1 left promiscuous mode [ 358.177360][ T280] team0 (unregistering): Port device team_slave_1 removed [ 358.192071][ T280] team0 (unregistering): Port device team_slave_0 removed [ 358.206743][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.248276][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.318048][ T280] bond0 (unregistering): Released all slaves [ 358.389186][ T9927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.800871][ T9965] IPVS: ftp: loaded support on port[0] = 21 [ 358.823627][ T9927] team0: Port device team_slave_0 added [ 358.835089][ T9927] team0: Port device team_slave_1 added [ 358.918115][ T9927] device hsr_slave_0 entered promiscuous mode [ 358.954781][ T9927] device hsr_slave_1 entered promiscuous mode [ 359.070824][ T9927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.089412][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 359.098241][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 359.121857][ T9927] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.157059][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 359.165969][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 359.174472][ T9472] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.181559][ T9472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.189832][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 359.198710][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 359.207353][ T9472] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.214468][ T9472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.222022][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 359.233450][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 359.244746][ T9965] chnl_net:caif_netlink_parms(): no params data found [ 359.254155][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 359.266854][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 359.277501][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 359.303053][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 359.366796][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 359.375573][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 359.485860][ T9927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 359.494349][ T9965] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.501455][ T9965] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.509595][ T9965] device bridge_slave_0 entered promiscuous mode [ 359.518587][ T9965] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.525785][ T9965] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.533824][ T9965] device bridge_slave_1 entered promiscuous mode [ 359.567448][ T9927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.578932][ T9965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 359.590422][ T9965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 359.613797][ T9965] team0: Port device team_slave_0 added [ 359.621561][ T9965] team0: Port device team_slave_1 added [ 359.717043][ T9965] device hsr_slave_0 entered promiscuous mode [ 359.784680][ T9965] device hsr_slave_1 entered promiscuous mode [ 359.834292][ T9965] debugfs: Directory 'hsr0' with parent '/' already present! [ 359.961386][ T9965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.983403][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 360.017604][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 360.025802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 360.037939][ T9965] 8021q: adding VLAN 0 to HW filter on device team0 [ 360.061341][ T9974] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 360.072115][ T9974] CPU: 1 PID: 9974 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 360.079677][ T9974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.089758][ T9974] Call Trace: [ 360.093074][ T9974] dump_stack+0x1d8/0x2f8 [ 360.097445][ T9974] dump_header+0xd8/0x970 [ 360.101810][ T9974] oom_kill_process+0xcd/0x320 [ 360.106620][ T9974] out_of_memory+0x5e1/0x8a0 [ 360.111249][ T9974] ? unregister_oom_notifier+0x20/0x20 [ 360.116856][ T9974] memory_max_write+0x537/0x6a0 [ 360.121755][ T9974] ? memory_max_show+0xa0/0xa0 [ 360.126565][ T9974] ? trace_lock_acquire+0x154/0x1b0 [ 360.131796][ T9974] ? lock_acquire+0x158/0x250 [ 360.136500][ T9974] ? kernfs_fop_write+0x22e/0x4f0 [ 360.142063][ T9974] ? memory_max_show+0xa0/0xa0 [ 360.146872][ T9974] cgroup_file_write+0x27b/0x6e0 [ 360.151941][ T9974] ? cgroup_seqfile_stop+0xc0/0xc0 [ 360.157103][ T9974] ? cgroup_seqfile_stop+0xc0/0xc0 [ 360.162262][ T9974] kernfs_fop_write+0x3e4/0x4f0 [ 360.167143][ T9974] ? kernfs_fop_read+0x580/0x580 [ 360.172113][ T9974] __vfs_write+0xf9/0x7d0 [ 360.176471][ T9974] ? __lock_acquire+0x4750/0x4750 [ 360.181526][ T9974] ? __kernel_write+0x350/0x350 [ 360.186411][ T9974] ? trace_lock_acquire+0x154/0x1b0 [ 360.192219][ T9974] ? __sb_start_write+0x39c/0x440 [ 360.198048][ T9974] ? __kasan_check_read+0x11/0x20 [ 360.203105][ T9974] vfs_write+0x275/0x590 [ 360.207385][ T9974] ksys_write+0x16b/0x2a0 [ 360.211743][ T9974] ? __ia32_sys_read+0x90/0x90 [ 360.216531][ T9974] ? prepare_exit_to_usermode+0x1f7/0x580 [ 360.222280][ T9974] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 360.227785][ T9974] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 360.234195][ T9974] ? do_syscall_64+0x1d/0x140 [ 360.238904][ T9974] __x64_sys_write+0x7b/0x90 [ 360.243528][ T9974] do_syscall_64+0xfe/0x140 [ 360.248063][ T9974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 360.253981][ T9974] RIP: 0033:0x459819 [ 360.258543][ T9974] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 360.278479][ T9974] RSP: 002b:00007f468aa65c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 360.286918][ T9974] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 360.295777][ T9974] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 360.303770][ T9974] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 360.312485][ T9974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f468aa666d4 [ 360.320479][ T9974] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 360.346547][ T9974] memory: usage 5704kB, limit 0kB, failcnt 48 [ 360.352787][ T9974] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 360.359896][ T9974] Memory cgroup stats for /syz3: [ 360.360833][ T9974] anon 4218880 [ 360.360833][ T9974] file 12288 [ 360.360833][ T9974] kernel_stack 0 [ 360.360833][ T9974] slab 1441792 [ 360.360833][ T9974] sock 0 [ 360.360833][ T9974] shmem 8192 [ 360.360833][ T9974] file_mapped 0 [ 360.360833][ T9974] file_dirty 0 [ 360.360833][ T9974] file_writeback 0 [ 360.360833][ T9974] anon_thp 4194304 [ 360.360833][ T9974] inactive_anon 0 [ 360.360833][ T9974] active_anon 4218880 [ 360.360833][ T9974] inactive_file 0 [ 360.360833][ T9974] active_file 0 [ 360.360833][ T9974] unevictable 0 [ 360.360833][ T9974] slab_reclaimable 540672 [ 360.360833][ T9974] slab_unreclaimable 901120 [ 360.360833][ T9974] pgfault 5907 [ 360.360833][ T9974] pgmajfault 0 [ 360.360833][ T9974] workingset_refault 0 [ 360.360833][ T9974] workingset_activate 0 [ 360.360833][ T9974] workingset_nodereclaim 0 [ 360.360833][ T9974] pgrefill 0 [ 360.360833][ T9974] pgscan 0 [ 360.360833][ T9974] pgsteal 0 [ 360.360833][ T9974] pgactivate 0 [ 360.456467][ T9974] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9973,uid=0 [ 360.472498][ T9974] Memory cgroup out of memory: Killed process 9973 (syz-executor.3) total-vm:72576kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB [ 360.488735][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 360.490258][ T1061] oom_reaper: reaped process 9973 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 360.497664][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 360.516810][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.523911][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.531836][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 360.540727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 360.549417][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.556571][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.599394][ T9965] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 360.610125][ T9965] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 360.684057][ T9965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 360.769773][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 360.778499][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 360.787446][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 360.796120][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 360.804879][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 360.942465][ T9927] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 360.953011][ T9927] CPU: 0 PID: 9927 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 360.960582][ T9927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.970654][ T9927] Call Trace: [ 360.973980][ T9927] dump_stack+0x1d8/0x2f8 [ 360.978340][ T9927] dump_header+0xd8/0x970 [ 360.982704][ T9927] oom_kill_process+0xcd/0x320 [ 360.987504][ T9927] out_of_memory+0x5e1/0x8a0 [ 360.992126][ T9927] ? unregister_oom_notifier+0x20/0x20 [ 360.997800][ T9927] ? __kasan_check_read+0x11/0x20 [ 361.002887][ T9927] try_charge+0x134a/0x17b0 [ 361.007443][ T9927] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 361.013284][ T9927] ? __lock_acquire+0x4750/0x4750 [ 361.018430][ T9927] ? rcu_lock_release+0x15/0x20 [ 361.023341][ T9927] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 361.029098][ T9927] mem_cgroup_try_charge+0x216/0x560 [ 361.035943][ T9927] mem_cgroup_try_charge_delay+0x25/0xa0 [ 361.041618][ T9927] wp_page_copy+0x367/0x18c0 [ 361.046264][ T9927] ? rcu_lock_release+0x30/0x30 [ 361.051167][ T9927] ? __lock_acquire+0x4750/0x4750 [ 361.056314][ T9927] ? __kasan_check_read+0x11/0x20 [ 361.061454][ T9927] ? do_raw_spin_unlock+0x49/0x260 [ 361.069735][ T9927] do_wp_page+0x2c9/0x1ce0 [ 361.074286][ T9927] ? __rwlock_init+0x130/0x130 [ 361.079082][ T9927] ? count_memcg_event_mm+0x300/0x300 [ 361.084498][ T9927] handle_mm_fault+0x2bcf/0x6080 [ 361.089519][ T9927] ? finish_fault+0x230/0x230 [ 361.094239][ T9927] ? vmacache_find+0x251/0x5b0 [ 361.099049][ T9927] do_user_addr_fault+0x589/0xaf0 [ 361.104115][ T9927] __do_page_fault+0xd3/0x1f0 [ 361.108828][ T9927] do_page_fault+0x99/0xb0 [ 361.113276][ T9927] page_fault+0x39/0x40 [ 361.117545][ T9927] RIP: 0033:0x4308f6 [ 361.121464][ T9927] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 361.142576][ T9927] RSP: 002b:00007ffea3703870 EFLAGS: 00010206 [ 361.148756][ T9927] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 361.156839][ T9927] RDX: 0000555556165930 RSI: 000055555616d970 RDI: 0000000000000003 [ 361.164859][ T9927] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556164940 [ 361.172959][ T9927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 361.180950][ T9927] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 10:58:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 361.190095][ T9927] memory: usage 1316kB, limit 0kB, failcnt 56 [ 361.196269][ T9927] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 361.203140][ T9927] Memory cgroup stats for /syz3: [ 361.203229][ T9927] anon 0 [ 361.203229][ T9927] file 12288 [ 361.203229][ T9927] kernel_stack 0 [ 361.203229][ T9927] slab 1441792 [ 361.203229][ T9927] sock 0 [ 361.203229][ T9927] shmem 8192 [ 361.203229][ T9927] file_mapped 0 [ 361.203229][ T9927] file_dirty 0 [ 361.203229][ T9927] file_writeback 0 [ 361.203229][ T9927] anon_thp 0 [ 361.203229][ T9927] inactive_anon 0 [ 361.203229][ T9927] active_anon 0 [ 361.203229][ T9927] inactive_file 0 [ 361.203229][ T9927] active_file 0 [ 361.203229][ T9927] unevictable 0 [ 361.203229][ T9927] slab_reclaimable 540672 [ 361.203229][ T9927] slab_unreclaimable 901120 [ 361.203229][ T9927] pgfault 5907 [ 361.203229][ T9927] pgmajfault 0 [ 361.203229][ T9927] workingset_refault 0 [ 361.203229][ T9927] workingset_activate 0 [ 361.203229][ T9927] workingset_nodereclaim 0 [ 361.203229][ T9927] pgrefill 0 [ 361.203229][ T9927] pgscan 0 [ 361.203229][ T9927] pgsteal 0 [ 361.203229][ T9927] pgactivate 0 [ 361.203229][ T9927] pgdeactivate 0 [ 361.299255][ T9927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9927,uid=0 [ 361.314735][ T9927] Memory cgroup out of memory: Killed process 9927 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 361.328801][ T9983] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 361.339045][ T9983] CPU: 1 PID: 9983 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 361.339064][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 361.346607][ T9983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.346614][ T9983] Call Trace: [ 361.346643][ T9983] dump_stack+0x1d8/0x2f8 [ 361.346658][ T9983] dump_header+0xd8/0x970 [ 361.346671][ T9983] oom_kill_process+0xcd/0x320 [ 361.346684][ T9983] out_of_memory+0x5e1/0x8a0 [ 361.346699][ T9983] ? unregister_oom_notifier+0x20/0x20 [ 361.346710][ T9983] ? trace_hardirqs_on+0x74/0x80 [ 361.346730][ T9983] memory_max_write+0x537/0x6a0 [ 361.346761][ T9983] ? memory_max_show+0xa0/0xa0 [ 361.354925][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 361.364257][ T9983] ? trace_lock_acquire+0x154/0x1b0 [ 361.364270][ T9983] ? lock_acquire+0x158/0x250 [ 361.364280][ T9983] ? kernfs_fop_write+0x22e/0x4f0 [ 361.364289][ T9983] ? memory_max_show+0xa0/0xa0 [ 361.364301][ T9983] cgroup_file_write+0x27b/0x6e0 [ 361.364316][ T9983] ? cgroup_seqfile_stop+0xc0/0xc0 [ 361.364331][ T9983] ? cgroup_seqfile_stop+0xc0/0xc0 [ 361.364341][ T9983] kernfs_fop_write+0x3e4/0x4f0 [ 361.364352][ T9983] ? kernfs_fop_read+0x580/0x580 [ 361.364371][ T9983] __vfs_write+0xf9/0x7d0 [ 361.401702][ T9983] ? __lock_acquire+0x4750/0x4750 [ 361.413617][ T9983] ? __kernel_write+0x350/0x350 [ 361.422710][ T1061] oom_reaper: reaped process 9927 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 361.423516][ T9983] ? trace_lock_acquire+0x154/0x1b0 [ 361.488676][ T9983] ? __sb_start_write+0x39c/0x440 [ 361.493743][ T9983] ? __kasan_check_read+0x11/0x20 [ 361.498983][ T9983] vfs_write+0x275/0x590 [ 361.503281][ T9983] ksys_write+0x16b/0x2a0 [ 361.507753][ T9983] ? __ia32_sys_read+0x90/0x90 [ 361.512742][ T9983] ? prepare_exit_to_usermode+0x1f7/0x580 [ 361.518618][ T9983] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 361.518633][ T9983] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 361.518641][ T9983] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 361.518650][ T9983] ? do_syscall_64+0x1d/0x140 [ 361.518664][ T9983] __x64_sys_write+0x7b/0x90 [ 361.518677][ T9983] do_syscall_64+0xfe/0x140 [ 361.518691][ T9983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 361.518702][ T9983] RIP: 0033:0x459819 [ 361.518714][ T9983] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 361.518720][ T9983] RSP: 002b:00007fb4f044ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 361.518729][ T9983] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 361.518743][ T9983] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 361.529984][ T9983] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 361.529999][ T9983] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb4f044f6d4 [ 361.619277][ T9983] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 361.627434][ T9983] memory: usage 5312kB, limit 0kB, failcnt 72 [ 361.633543][ T9983] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 361.640476][ T9983] Memory cgroup stats for /syz5: [ 361.640568][ T9983] anon 4329472 [ 361.640568][ T9983] file 0 [ 361.640568][ T9983] kernel_stack 131072 [ 361.640568][ T9983] slab 819200 [ 361.640568][ T9983] sock 0 [ 361.640568][ T9983] shmem 0 [ 361.640568][ T9983] file_mapped 0 [ 361.640568][ T9983] file_dirty 0 [ 361.640568][ T9983] file_writeback 0 [ 361.640568][ T9983] anon_thp 4194304 [ 361.640568][ T9983] inactive_anon 0 [ 361.640568][ T9983] active_anon 4329472 [ 361.640568][ T9983] inactive_file 0 [ 361.640568][ T9983] active_file 0 [ 361.640568][ T9983] unevictable 0 [ 361.640568][ T9983] slab_reclaimable 270336 [ 361.640568][ T9983] slab_unreclaimable 548864 [ 361.640568][ T9983] pgfault 4026 [ 361.640568][ T9983] pgmajfault 0 [ 361.640568][ T9983] workingset_refault 0 [ 361.640568][ T9983] workingset_activate 0 [ 361.640568][ T9983] workingset_nodereclaim 0 [ 361.640568][ T9983] pgrefill 0 [ 361.640568][ T9983] pgscan 0 [ 361.640568][ T9983] pgsteal 0 [ 361.640568][ T9983] pgactivate 0 [ 361.734502][ T9983] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9979,uid=0 [ 361.734638][ T9983] Memory cgroup out of memory: Killed process 9979 (syz-executor.5) total-vm:72840kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 361.767604][ T1061] oom_reaper: reaped process 9979 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 361.988050][ T9965] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 361.998251][ T9965] CPU: 0 PID: 9965 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 362.005816][ T9965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.015890][ T9965] Call Trace: [ 362.019209][ T9965] dump_stack+0x1d8/0x2f8 [ 362.024009][ T9965] dump_header+0xd8/0x970 [ 362.028373][ T9965] oom_kill_process+0xcd/0x320 [ 362.033160][ T9965] out_of_memory+0x5e1/0x8a0 [ 362.037777][ T9965] ? unregister_oom_notifier+0x20/0x20 [ 362.043266][ T9965] ? __kasan_check_read+0x11/0x20 [ 362.048329][ T9965] try_charge+0x134a/0x17b0 [ 362.052883][ T9965] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 362.058738][ T9965] ? __lock_acquire+0x4750/0x4750 [ 362.063793][ T9965] ? rcu_lock_release+0x15/0x20 [ 362.068668][ T9965] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 362.074244][ T9965] mem_cgroup_try_charge+0x216/0x560 [ 362.079561][ T9965] mem_cgroup_try_charge_delay+0x25/0xa0 [ 362.085225][ T9965] handle_mm_fault+0x31f3/0x6080 [ 362.090277][ T9965] ? finish_fault+0x230/0x230 [ 362.094986][ T9965] ? vmacache_find+0x251/0x5b0 [ 362.099869][ T9965] do_user_addr_fault+0x589/0xaf0 [ 362.104927][ T9965] __do_page_fault+0xd3/0x1f0 [ 362.109646][ T9965] do_page_fault+0x99/0xb0 [ 362.114263][ T9965] page_fault+0x39/0x40 [ 362.118439][ T9965] RIP: 0033:0x432201 [ 362.122812][ T9965] Code: 05 d8 33 2e 00 60 10 43 00 c3 0f 1f 80 00 00 00 00 c7 05 56 2d 64 00 00 00 00 00 c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 <53> 48 83 ec 08 48 8b 05 bb 33 2e 00 48 85 c0 0f 85 42 01 00 00 48 [ 362.142610][ T9965] RSP: 002b:00007ffe69253000 EFLAGS: 00010287 [ 362.148698][ T9965] RAX: 0000000000001000 RBX: 0000000000000003 RCX: 0000000000458b84 [ 362.156802][ T9965] RDX: 00007ffe69253010 RSI: 00007ffe69253010 RDI: 0000000000008030 [ 362.164895][ T9965] RBP: 0000000000008000 R08: 0000000000000001 R09: 0000555556ad0940 [ 362.172901][ T9965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe692541f0 [ 362.180892][ T9965] R13: 00007ffe692541e0 R14: 0000000000000000 R15: 00007ffe692541f0 10:58:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:35 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:35 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 362.189524][ T9965] memory: usage 848kB, limit 0kB, failcnt 88 [ 362.195676][ T9965] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 362.202546][ T9965] Memory cgroup stats for /syz5: [ 362.202642][ T9965] anon 65536 [ 362.202642][ T9965] file 0 [ 362.202642][ T9965] kernel_stack 0 [ 362.202642][ T9965] slab 819200 [ 362.202642][ T9965] sock 0 [ 362.202642][ T9965] shmem 0 [ 362.202642][ T9965] file_mapped 0 [ 362.202642][ T9965] file_dirty 0 [ 362.202642][ T9965] file_writeback 0 [ 362.202642][ T9965] anon_thp 0 [ 362.202642][ T9965] inactive_anon 0 [ 362.202642][ T9965] active_anon 65536 [ 362.202642][ T9965] inactive_file 0 [ 362.202642][ T9965] active_file 0 [ 362.202642][ T9965] unevictable 0 [ 362.202642][ T9965] slab_reclaimable 270336 [ 362.202642][ T9965] slab_unreclaimable 548864 [ 362.202642][ T9965] pgfault 4026 [ 362.202642][ T9965] pgmajfault 0 [ 362.202642][ T9965] workingset_refault 0 [ 362.202642][ T9965] workingset_activate 0 [ 362.202642][ T9965] workingset_nodereclaim 0 [ 362.202642][ T9965] pgrefill 0 [ 362.202642][ T9965] pgscan 0 10:58:36 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 362.202642][ T9965] pgsteal 0 [ 362.202642][ T9965] pgactivate 0 [ 362.202642][ T9965] pgdeactivate 0 [ 362.299298][ T9965] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9965,uid=0 [ 362.299382][ T9965] Memory cgroup out of memory: Killed process 9965 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 362.314660][ T1061] oom_reaper: reaped process 9965 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:58:36 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:36 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:36 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:36 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:37 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r0, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 364.344549][T10023] IPVS: ftp: loaded support on port[0] = 21 [ 364.401714][T10023] chnl_net:caif_netlink_parms(): no params data found [ 364.431183][T10023] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.438489][T10023] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.446793][T10023] device bridge_slave_0 entered promiscuous mode [ 364.455955][T10023] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.463058][T10023] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.471614][T10023] device bridge_slave_1 entered promiscuous mode [ 364.488876][T10023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.499957][T10023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.517413][T10023] team0: Port device team_slave_0 added [ 364.524416][T10023] team0: Port device team_slave_1 added [ 364.577493][T10023] device hsr_slave_0 entered promiscuous mode [ 364.635955][T10023] device hsr_slave_1 entered promiscuous mode [ 364.704579][T10023] debugfs: Directory 'hsr0' with parent '/' already present! [ 365.107052][T10026] IPVS: ftp: loaded support on port[0] = 21 [ 365.363460][T10023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 365.614540][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 365.622535][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 365.630519][T10026] chnl_net:caif_netlink_parms(): no params data found [ 365.837412][T10023] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.072783][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 366.081849][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 366.090412][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.097593][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.305879][T10026] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.313021][T10026] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.321169][T10026] device bridge_slave_0 entered promiscuous mode [ 366.335264][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 366.343495][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 366.352441][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 366.361067][ T2820] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.368201][ T2820] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.376189][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 366.385150][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 366.394645][T10026] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.401762][T10026] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.410046][T10026] device bridge_slave_1 entered promiscuous mode [ 366.633137][T10023] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 366.643936][T10023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 366.655584][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 366.664434][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 366.673049][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 366.681773][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 366.690481][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 366.699143][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 366.707833][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 366.716536][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 366.738947][T10026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 366.751624][T10026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.970197][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 366.978546][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 366.988847][T10026] team0: Port device team_slave_0 added [ 367.003208][T10026] team0: Port device team_slave_1 added [ 367.011118][T10023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 367.287696][T10026] device hsr_slave_0 entered promiscuous mode [ 367.334691][T10026] device hsr_slave_1 entered promiscuous mode [ 367.374423][T10026] debugfs: Directory 'hsr0' with parent '/' already present! [ 367.384959][ T280] device bridge_slave_1 left promiscuous mode [ 367.391224][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.435630][ T280] device bridge_slave_0 left promiscuous mode [ 367.441962][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.495846][T10034] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 367.508169][T10034] CPU: 0 PID: 10034 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 367.515922][T10034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 367.525999][T10034] Call Trace: [ 367.529302][T10034] dump_stack+0x1d8/0x2f8 [ 367.533665][T10034] dump_header+0xd8/0x970 [ 367.538051][T10034] oom_kill_process+0xcd/0x320 [ 367.542937][T10034] out_of_memory+0x5e1/0x8a0 [ 367.547542][T10034] ? unregister_oom_notifier+0x20/0x20 [ 367.553024][T10034] ? check_memory_region+0x84/0x2e0 [ 367.558287][T10034] memory_max_write+0x537/0x6a0 [ 367.563173][T10034] ? memory_max_show+0xa0/0xa0 [ 367.567954][T10034] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 367.573260][T10034] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 367.578773][T10034] ? trace_hardirqs_on_caller+0x74/0x80 [ 367.584323][T10034] ? memory_max_show+0xa0/0xa0 [ 367.589096][T10034] cgroup_file_write+0x27b/0x6e0 [ 367.594043][T10034] ? rcu_irq_exit+0xe3/0x260 [ 367.598782][T10034] ? cgroup_seqfile_stop+0xc0/0xc0 [ 367.603997][T10034] ? cgroup_seqfile_stop+0xc0/0xc0 [ 367.609120][T10034] ? kernfs_fop_write+0x349/0x4f0 [ 367.614154][T10034] ? cgroup_file_write+0x4/0x6e0 [ 367.619184][T10034] ? cgroup_seqfile_stop+0xc0/0xc0 [ 367.624395][T10034] kernfs_fop_write+0x3e4/0x4f0 [ 367.629283][T10034] ? kernfs_fop_read+0x580/0x580 [ 367.634243][T10034] __vfs_write+0xf9/0x7d0 [ 367.638595][T10034] ? __kernel_write+0x350/0x350 [ 367.643485][T10034] ? __sb_start_write+0x39c/0x440 [ 367.648550][T10034] vfs_write+0x275/0x590 [ 367.652807][T10034] ksys_write+0x16b/0x2a0 [ 367.657160][T10034] ? __ia32_sys_read+0x90/0x90 [ 367.662126][T10034] ? retint_kernel+0x10/0x10 [ 367.666737][T10034] __x64_sys_write+0x7b/0x90 [ 367.671365][T10034] do_syscall_64+0xfe/0x140 [ 367.675895][T10034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 367.681878][T10034] RIP: 0033:0x459819 [ 367.686029][T10034] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 367.705728][T10034] RSP: 002b:00007feb11376c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 367.714143][T10034] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 367.722143][T10034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 367.730117][T10034] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 367.738088][T10034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb113776d4 [ 367.746087][T10034] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 367.768109][T10034] memory: usage 5352kB, limit 0kB, failcnt 450155 [ 367.774980][T10034] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 367.781915][T10034] Memory cgroup stats for /syz2: [ 367.783380][T10034] anon 4358144 [ 367.783380][T10034] file 0 [ 367.783380][T10034] kernel_stack 65536 [ 367.783380][T10034] slab 684032 [ 367.783380][T10034] sock 0 [ 367.783380][T10034] shmem 0 [ 367.783380][T10034] file_mapped 0 [ 367.783380][T10034] file_dirty 0 [ 367.783380][T10034] file_writeback 0 [ 367.783380][T10034] anon_thp 4194304 [ 367.783380][T10034] inactive_anon 0 [ 367.783380][T10034] active_anon 4358144 [ 367.783380][T10034] inactive_file 0 [ 367.783380][T10034] active_file 0 [ 367.783380][T10034] unevictable 0 [ 367.783380][T10034] slab_reclaimable 135168 [ 367.783380][T10034] slab_unreclaimable 548864 [ 367.783380][T10034] pgfault 1353 [ 367.783380][T10034] pgmajfault 0 [ 367.783380][T10034] workingset_refault 0 [ 367.783380][T10034] workingset_activate 0 [ 367.783380][T10034] workingset_nodereclaim 0 [ 367.783380][T10034] pgrefill 0 [ 367.783380][T10034] pgscan 0 [ 367.783380][T10034] pgsteal 0 [ 367.783380][T10034] pgactivate 0 [ 367.878129][T10034] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10033,uid=0 [ 367.894258][T10034] Memory cgroup out of memory: Killed process 10033 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 367.910666][ T280] device bridge_slave_1 left promiscuous mode [ 367.912338][ T1061] oom_reaper: reaped process 10033 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 367.917066][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.968073][ T280] device bridge_slave_0 left promiscuous mode [ 367.974631][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.033861][ T280] device bridge_slave_1 left promiscuous mode [ 368.040323][ T280] bridge0: port 2(bridge_slave_1) entered disabled state 10:58:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:41 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:41 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r0 = gettid() r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r5 = socket$kcm(0x11, 0x5, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r5, 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r1, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) 10:58:41 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:41 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r0, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 368.104945][ T280] device bridge_slave_0 left promiscuous mode [ 368.111290][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.152036][T10023] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 368.162131][T10023] CPU: 1 PID: 10023 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 368.169883][T10023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 368.179971][T10023] Call Trace: [ 368.183287][T10023] dump_stack+0x1d8/0x2f8 [ 368.187641][T10023] dump_header+0xd8/0x970 [ 368.191994][T10023] oom_kill_process+0xcd/0x320 [ 368.196961][T10023] out_of_memory+0x5e1/0x8a0 [ 368.201573][T10023] ? unregister_oom_notifier+0x20/0x20 [ 368.207149][T10023] ? __kasan_check_read+0x11/0x20 [ 368.212238][T10023] try_charge+0x134a/0x17b0 [ 368.216799][T10023] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 368.222643][T10023] ? __lock_acquire+0x4750/0x4750 [ 368.227699][T10023] ? rcu_lock_release+0x15/0x20 [ 368.232598][T10023] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 368.238167][T10023] mem_cgroup_try_charge+0x216/0x560 [ 368.243485][T10023] mem_cgroup_try_charge_delay+0x25/0xa0 [ 368.249144][T10023] wp_page_copy+0x367/0x18c0 [ 368.253778][T10023] ? rcu_lock_release+0x30/0x30 [ 368.258655][T10023] ? __lock_acquire+0x4750/0x4750 [ 368.263706][T10023] ? __kasan_check_read+0x11/0x20 [ 368.268762][T10023] ? do_raw_spin_unlock+0x49/0x260 [ 368.273921][T10023] do_wp_page+0x2c9/0x1ce0 [ 368.278394][T10023] ? __rwlock_init+0x130/0x130 [ 368.283185][T10023] ? count_memcg_event_mm+0x300/0x300 [ 368.288601][T10023] handle_mm_fault+0x2bcf/0x6080 [ 368.293591][T10023] ? finish_fault+0x230/0x230 [ 368.298302][T10023] ? vmacache_find+0x251/0x5b0 [ 368.303107][T10023] do_user_addr_fault+0x589/0xaf0 [ 368.308194][T10023] __do_page_fault+0xd3/0x1f0 [ 368.312904][T10023] do_page_fault+0x99/0xb0 [ 368.317348][T10023] page_fault+0x39/0x40 [ 368.321529][T10023] RIP: 0033:0x4308f6 [ 368.325446][T10023] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 368.345231][T10023] RSP: 002b:00007ffc59ee5320 EFLAGS: 00010206 [ 368.351315][T10023] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 368.359428][T10023] RDX: 0000555556c9c930 RSI: 0000555556ca4970 RDI: 0000000000000003 [ 368.367426][T10023] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556c9b940 [ 368.375588][T10023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 368.383675][T10023] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 368.392294][T10023] memory: usage 972kB, limit 0kB, failcnt 450163 [ 368.398704][T10023] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 368.405661][T10023] Memory cgroup stats for /syz2: [ 368.405768][T10023] anon 57344 [ 368.405768][T10023] file 0 [ 368.405768][T10023] kernel_stack 65536 [ 368.405768][T10023] slab 684032 [ 368.405768][T10023] sock 0 [ 368.405768][T10023] shmem 0 [ 368.405768][T10023] file_mapped 0 [ 368.405768][T10023] file_dirty 0 [ 368.405768][T10023] file_writeback 0 [ 368.405768][T10023] anon_thp 0 [ 368.405768][T10023] inactive_anon 0 [ 368.405768][T10023] active_anon 57344 [ 368.405768][T10023] inactive_file 0 10:58:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 368.405768][T10023] active_file 0 [ 368.405768][T10023] unevictable 0 [ 368.405768][T10023] slab_reclaimable 135168 [ 368.405768][T10023] slab_unreclaimable 548864 [ 368.405768][T10023] pgfault 1353 [ 368.405768][T10023] pgmajfault 0 [ 368.405768][T10023] workingset_refault 0 [ 368.405768][T10023] workingset_activate 0 [ 368.405768][T10023] workingset_nodereclaim 0 [ 368.405768][T10023] pgrefill 0 [ 368.405768][T10023] pgscan 0 [ 368.405768][T10023] pgsteal 0 [ 368.405768][T10023] pgactivate 0 [ 368.405768][T10023] pgdeactivate 0 [ 368.502389][T10023] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10023,uid=0 [ 368.502472][T10023] Memory cgroup out of memory: Killed process 10023 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 374.165467][ T280] device hsr_slave_0 left promiscuous mode [ 374.204415][ T280] device hsr_slave_1 left promiscuous mode [ 374.250990][ T280] team0 (unregistering): Port device team_slave_1 removed [ 374.264593][ T280] team0 (unregistering): Port device team_slave_0 removed [ 374.275726][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.308346][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.385199][ T280] bond0 (unregistering): Released all slaves [ 374.515336][ T280] device hsr_slave_0 left promiscuous mode [ 374.554388][ T280] device hsr_slave_1 left promiscuous mode [ 374.621156][ T280] team0 (unregistering): Port device team_slave_1 removed [ 374.636026][ T280] team0 (unregistering): Port device team_slave_0 removed [ 374.647264][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.687824][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.768795][ T280] bond0 (unregistering): Released all slaves [ 374.914845][ T280] device hsr_slave_0 left promiscuous mode [ 374.964904][ T280] device hsr_slave_1 left promiscuous mode [ 375.040872][ T280] team0 (unregistering): Port device team_slave_1 removed [ 375.054399][ T280] team0 (unregistering): Port device team_slave_0 removed [ 375.066159][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 375.118705][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 375.188421][ T280] bond0 (unregistering): Released all slaves [ 375.678147][T10054] IPVS: ftp: loaded support on port[0] = 21 [ 375.795878][T10026] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.838994][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 375.847308][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 375.889467][T10026] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.902601][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 375.911632][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 375.920990][ T2820] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.928140][ T2820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.942936][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 375.953799][T10054] chnl_net:caif_netlink_parms(): no params data found [ 375.963523][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 375.972807][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 375.981374][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.988549][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.154282][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 376.163310][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 376.183668][T10026] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 376.194543][T10026] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 376.223634][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 376.232543][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 376.241527][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 376.250417][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 376.259066][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 376.267629][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 376.276214][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 376.284791][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 376.300097][T10054] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.307864][T10054] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.315991][T10054] device bridge_slave_0 entered promiscuous mode [ 376.324395][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 376.332694][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 376.341347][T10054] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.348832][T10054] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.357144][T10054] device bridge_slave_1 entered promiscuous mode [ 376.375090][T10026] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.426519][T10054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.456030][T10054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.515756][T10054] team0: Port device team_slave_0 added [ 376.523948][T10054] team0: Port device team_slave_1 added [ 376.601021][T10062] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 376.611692][T10062] CPU: 1 PID: 10062 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 376.619428][T10062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.629587][T10062] Call Trace: [ 376.632998][T10062] dump_stack+0x1d8/0x2f8 [ 376.637434][T10062] dump_header+0xd8/0x970 [ 376.641786][T10062] oom_kill_process+0xcd/0x320 [ 376.646716][T10062] out_of_memory+0x5e1/0x8a0 [ 376.651337][T10062] ? retint_kernel+0x10/0x10 [ 376.655961][T10062] ? unregister_oom_notifier+0x20/0x20 [ 376.661452][T10062] memory_max_write+0x537/0x6a0 [ 376.666349][T10062] ? memory_max_show+0xa0/0xa0 [ 376.671148][T10062] ? trace_lock_acquire+0x154/0x1b0 [ 376.676377][T10062] ? lock_acquire+0x158/0x250 [ 376.681093][T10062] ? kernfs_fop_write+0x22e/0x4f0 [ 376.686144][T10062] ? memory_max_show+0xa0/0xa0 [ 376.690934][T10062] cgroup_file_write+0x27b/0x6e0 [ 376.695907][T10062] ? cgroup_seqfile_stop+0xc0/0xc0 [ 376.701231][T10062] ? cgroup_seqfile_stop+0xc0/0xc0 [ 376.706368][T10062] kernfs_fop_write+0x3e4/0x4f0 [ 376.711248][T10062] ? kernfs_fop_read+0x580/0x580 [ 376.716213][T10062] __vfs_write+0xf9/0x7d0 [ 376.720565][T10062] ? __kernel_write+0x350/0x350 [ 376.725437][T10062] ? trace_lock_acquire+0x154/0x1b0 [ 376.730778][T10062] ? __sb_start_write+0x39c/0x440 [ 376.735852][T10062] vfs_write+0x275/0x590 [ 376.740148][T10062] ksys_write+0x16b/0x2a0 [ 376.744501][T10062] ? __ia32_sys_read+0x90/0x90 [ 376.749381][T10062] __x64_sys_write+0x7b/0x90 [ 376.754000][T10062] do_syscall_64+0xfe/0x140 [ 376.758524][T10062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 376.764517][T10062] RIP: 0033:0x459819 [ 376.768511][T10062] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 376.788130][T10062] RSP: 002b:00007f3796ca3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 376.796564][T10062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 376.804738][T10062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 376.812732][T10062] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 376.820721][T10062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3796ca46d4 [ 376.828716][T10062] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 376.849367][T10062] memory: usage 5268kB, limit 0kB, failcnt 57 [ 376.855684][T10062] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 376.862663][T10062] Memory cgroup stats for /syz3: [ 376.863714][T10062] anon 4255744 [ 376.863714][T10062] file 12288 [ 376.863714][T10062] kernel_stack 65536 [ 376.863714][T10062] slab 1171456 [ 376.863714][T10062] sock 0 [ 376.863714][T10062] shmem 8192 [ 376.863714][T10062] file_mapped 0 [ 376.863714][T10062] file_dirty 0 [ 376.863714][T10062] file_writeback 0 [ 376.863714][T10062] anon_thp 4194304 [ 376.863714][T10062] inactive_anon 0 [ 376.863714][T10062] active_anon 4255744 [ 376.863714][T10062] inactive_file 0 [ 376.863714][T10062] active_file 0 [ 376.863714][T10062] unevictable 0 [ 376.863714][T10062] slab_reclaimable 405504 [ 376.863714][T10062] slab_unreclaimable 765952 [ 376.863714][T10062] pgfault 5973 [ 376.863714][T10062] pgmajfault 0 [ 376.863714][T10062] workingset_refault 0 [ 376.863714][T10062] workingset_activate 0 [ 376.863714][T10062] workingset_nodereclaim 0 [ 376.863714][T10062] pgrefill 0 [ 376.863714][T10062] pgscan 0 [ 376.863714][T10062] pgsteal 0 [ 376.863714][T10062] pgactivate 0 [ 376.958570][T10062] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10061,uid=0 [ 376.974732][T10062] Memory cgroup out of memory: Killed process 10061 (syz-executor.3) total-vm:72576kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 376.992665][ T1061] oom_reaper: reaped process 10061 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 377.006460][T10054] device hsr_slave_0 entered promiscuous mode [ 377.033103][T10054] device hsr_slave_1 entered promiscuous mode [ 377.252395][T10054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.288004][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 10:58:51 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:51 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r0 = gettid() r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r5 = socket$kcm(0x11, 0x5, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r5, 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r1, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 377.302707][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 377.310926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 377.327618][T10054] 8021q: adding VLAN 0 to HW filter on device team0 [ 377.341969][T10026] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 10:58:51 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r0, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 377.352442][T10026] CPU: 0 PID: 10026 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 377.360130][T10026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.370199][T10026] Call Trace: [ 377.373510][T10026] dump_stack+0x1d8/0x2f8 [ 377.377858][T10026] dump_header+0xd8/0x970 [ 377.382203][T10026] oom_kill_process+0xcd/0x320 [ 377.386990][T10026] out_of_memory+0x5e1/0x8a0 [ 377.391700][T10026] ? unregister_oom_notifier+0x20/0x20 [ 377.397186][T10026] ? __kasan_check_read+0x11/0x20 [ 377.402240][T10026] try_charge+0x134a/0x17b0 [ 377.406792][T10026] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 377.412631][T10026] ? __lock_acquire+0x4750/0x4750 [ 377.417683][T10026] ? rcu_lock_release+0x15/0x20 [ 377.422568][T10026] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 377.428143][T10026] mem_cgroup_try_charge+0x216/0x560 [ 377.433466][T10026] mem_cgroup_try_charge_delay+0x25/0xa0 [ 377.439130][T10026] handle_mm_fault+0x31f3/0x6080 [ 377.444245][T10026] ? finish_fault+0x230/0x230 [ 377.448964][T10026] ? vmacache_find+0x251/0x5b0 [ 377.453765][T10026] do_user_addr_fault+0x589/0xaf0 [ 377.458843][T10026] __do_page_fault+0xd3/0x1f0 [ 377.463545][T10026] do_page_fault+0x99/0xb0 [ 377.468072][T10026] page_fault+0x39/0x40 [ 377.472262][T10026] RIP: 0033:0x4577b1 [ 377.476180][T10026] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 377.495869][T10026] RSP: 002b:00007fff99739f70 EFLAGS: 00010206 10:58:51 executing program 4: shutdown(0xffffffffffffffff, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 377.501962][T10026] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000457790 [ 377.509954][T10026] RDX: 00007fff99739f70 RSI: 0000000000000003 RDI: 0000000000000001 [ 377.517943][T10026] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ce0940 [ 377.526821][T10026] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff9973b150 [ 377.534820][T10026] R13: 00007fff9973b140 R14: 0000000000000000 R15: 00007fff9973b150 [ 377.543010][T10026] memory: usage 884kB, limit 0kB, failcnt 65 [ 377.549267][T10026] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 377.556298][T10026] Memory cgroup stats for /syz3: [ 377.556381][T10026] anon 0 [ 377.556381][T10026] file 12288 [ 377.556381][T10026] kernel_stack 0 [ 377.556381][T10026] slab 1171456 [ 377.556381][T10026] sock 0 [ 377.556381][T10026] shmem 8192 [ 377.556381][T10026] file_mapped 0 [ 377.556381][T10026] file_dirty 0 [ 377.556381][T10026] file_writeback 0 [ 377.556381][T10026] anon_thp 0 [ 377.556381][T10026] inactive_anon 0 [ 377.556381][T10026] active_anon 0 [ 377.556381][T10026] inactive_file 0 [ 377.556381][T10026] active_file 0 [ 377.556381][T10026] unevictable 0 [ 377.556381][T10026] slab_reclaimable 405504 [ 377.556381][T10026] slab_unreclaimable 765952 [ 377.556381][T10026] pgfault 5973 [ 377.556381][T10026] pgmajfault 0 [ 377.556381][T10026] workingset_refault 0 [ 377.556381][T10026] workingset_activate 0 [ 377.556381][T10026] workingset_nodereclaim 0 [ 377.556381][T10026] pgrefill 0 [ 377.556381][T10026] pgscan 0 [ 377.556381][T10026] pgsteal 0 [ 377.556381][T10026] pgactivate 0 [ 377.556381][T10026] pgdeactivate 0 [ 377.652500][T10026] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10026,uid=0 [ 377.668044][T10026] Memory cgroup out of memory: Killed process 10026 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 377.682480][ T1061] oom_reaper: reaped process 10026 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:58:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 377.736479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 377.745340][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 377.753817][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.760995][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.769035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 377.777866][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 377.786391][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.793470][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 10:58:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 378.896925][T10054] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 378.907470][T10054] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 378.919886][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 378.928342][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 378.937227][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 378.946414][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 378.955043][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 378.965313][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 378.974209][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 378.982736][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 378.991492][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 379.000094][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 379.010659][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 379.022869][ T8434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 379.409030][T10054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 379.596259][T10100] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 379.606860][T10100] CPU: 0 PID: 10100 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 379.614824][T10100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.625264][T10100] Call Trace: [ 379.628694][T10100] dump_stack+0x1d8/0x2f8 [ 379.633172][T10100] dump_header+0xd8/0x970 [ 379.637648][T10100] oom_kill_process+0xcd/0x320 [ 379.642518][T10100] out_of_memory+0x5e1/0x8a0 [ 379.647513][T10100] ? unregister_oom_notifier+0x20/0x20 [ 379.653204][T10100] memory_max_write+0x537/0x6a0 [ 379.658130][T10100] ? memory_max_show+0xa0/0xa0 [ 379.662948][T10100] ? trace_lock_acquire+0x154/0x1b0 [ 379.668244][T10100] ? lock_acquire+0x158/0x250 [ 379.673148][T10100] ? kernfs_fop_write+0x22e/0x4f0 [ 379.678840][T10100] ? memory_max_show+0xa0/0xa0 [ 379.683757][T10100] cgroup_file_write+0x27b/0x6e0 [ 379.688760][T10100] ? cgroup_seqfile_stop+0xc0/0xc0 [ 379.694029][T10100] ? cgroup_seqfile_stop+0xc0/0xc0 [ 379.699531][T10100] kernfs_fop_write+0x3e4/0x4f0 [ 379.704435][T10100] ? kernfs_fop_read+0x580/0x580 [ 379.709763][T10100] __vfs_write+0xf9/0x7d0 [ 379.714142][T10100] ? __lock_acquire+0x4750/0x4750 [ 379.719382][T10100] ? __kernel_write+0x350/0x350 [ 379.725163][T10100] ? trace_lock_acquire+0x154/0x1b0 [ 379.731084][T10100] ? __sb_start_write+0x39c/0x440 [ 379.736338][T10100] ? __kasan_check_read+0x11/0x20 [ 379.742581][T10100] vfs_write+0x275/0x590 [ 379.747027][T10100] ksys_write+0x16b/0x2a0 [ 379.751744][T10100] ? __ia32_sys_read+0x90/0x90 [ 379.757230][T10100] ? do_syscall_64+0x90/0x140 [ 379.762138][T10100] __x64_sys_write+0x7b/0x90 [ 379.767776][T10100] do_syscall_64+0xfe/0x140 [ 379.773041][T10100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 379.778990][T10100] RIP: 0033:0x459819 [ 379.782937][T10100] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 379.804365][T10100] RSP: 002b:00007ffae03eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 379.804383][T10100] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 379.804393][T10100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 379.804403][T10100] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 379.804410][T10100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffae03ef6d4 [ 379.804418][T10100] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 379.804673][T10100] memory: usage 5152kB, limit 0kB, failcnt 89 [ 379.816895][T10102] IPVS: ftp: loaded support on port[0] = 21 [ 379.822094][T10100] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 379.848627][T10100] Memory cgroup stats for /syz5: [ 379.849286][T10100] anon 4255744 [ 379.849286][T10100] file 0 [ 379.849286][T10100] kernel_stack 0 [ 379.849286][T10100] slab 819200 [ 379.849286][T10100] sock 0 [ 379.849286][T10100] shmem 0 [ 379.849286][T10100] file_mapped 0 [ 379.849286][T10100] file_dirty 0 [ 379.849286][T10100] file_writeback 0 [ 379.849286][T10100] anon_thp 4194304 [ 379.849286][T10100] inactive_anon 0 [ 379.849286][T10100] active_anon 4255744 [ 379.849286][T10100] inactive_file 0 [ 379.849286][T10100] active_file 0 [ 379.849286][T10100] unevictable 0 [ 379.849286][T10100] slab_reclaimable 270336 [ 379.849286][T10100] slab_unreclaimable 548864 [ 379.849286][T10100] pgfault 4092 [ 379.849286][T10100] pgmajfault 0 [ 379.849286][T10100] workingset_refault 0 [ 379.849286][T10100] workingset_activate 0 [ 379.849286][T10100] workingset_nodereclaim 0 [ 379.849286][T10100] pgrefill 0 [ 379.849286][T10100] pgscan 0 [ 379.849286][T10100] pgsteal 0 [ 379.849286][T10100] pgactivate 0 [ 379.864004][T10100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10099,uid=0 [ 379.878141][T10100] Memory cgroup out of memory: Killed process 10099 (syz-executor.5) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 379.988022][ T1061] oom_reaper: reaped process 10099 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 10:58:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:54 executing program 4: shutdown(0xffffffffffffffff, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:54 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:58:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 380.388199][T10054] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 380.399828][T10054] CPU: 0 PID: 10054 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 380.407579][T10054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.418896][T10054] Call Trace: [ 380.422782][T10054] dump_stack+0x1d8/0x2f8 [ 380.427601][T10054] dump_header+0xd8/0x970 [ 380.432146][T10054] oom_kill_process+0xcd/0x320 [ 380.437038][T10054] out_of_memory+0x5e1/0x8a0 [ 380.442571][T10054] ? unregister_oom_notifier+0x20/0x20 [ 380.448548][T10054] ? __kasan_check_read+0x11/0x20 [ 380.454076][T10054] try_charge+0x134a/0x17b0 [ 380.459240][T10054] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 380.466509][T10054] ? __lock_acquire+0x4750/0x4750 [ 380.471670][T10054] ? rcu_lock_release+0x15/0x20 [ 380.476956][T10054] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 380.482740][T10054] mem_cgroup_try_charge+0x216/0x560 [ 380.488161][T10054] mem_cgroup_try_charge_delay+0x25/0xa0 [ 380.494140][T10054] wp_page_copy+0x367/0x18c0 [ 380.499593][T10054] ? rcu_lock_release+0x30/0x30 [ 380.505292][T10054] ? __lock_acquire+0x4750/0x4750 [ 380.511374][T10054] ? __kasan_check_read+0x11/0x20 [ 380.516611][T10054] ? do_raw_spin_unlock+0x49/0x260 [ 380.522202][T10054] do_wp_page+0x2c9/0x1ce0 [ 380.526883][T10054] ? __rwlock_init+0x130/0x130 [ 380.532443][T10054] ? count_memcg_event_mm+0x300/0x300 [ 380.539325][T10054] handle_mm_fault+0x2bcf/0x6080 [ 380.544321][T10054] ? finish_fault+0x230/0x230 [ 380.550049][T10054] ? vmacache_find+0x566/0x5b0 [ 380.555343][T10054] ? vmacache_update+0xb7/0x120 [ 380.561197][T10054] do_user_addr_fault+0x589/0xaf0 [ 380.566663][T10054] __do_page_fault+0xd3/0x1f0 [ 380.571824][T10054] do_page_fault+0x99/0xb0 [ 380.576513][T10054] page_fault+0x39/0x40 [ 380.581366][T10054] RIP: 0033:0x4308f6 [ 380.585740][T10054] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 380.607346][T10054] RSP: 002b:00007ffca9a332e0 EFLAGS: 00010206 [ 380.614906][T10054] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 380.623862][T10054] RDX: 0000555555675930 RSI: 000055555567d970 RDI: 0000000000000003 [ 380.632349][T10054] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555674940 [ 380.640996][T10054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 380.649727][T10054] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 380.658317][T10054] memory: usage 772kB, limit 0kB, failcnt 101 [ 380.665017][T10054] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 380.672389][T10054] Memory cgroup stats for /syz5: [ 380.672476][T10054] anon 57344 [ 380.672476][T10054] file 0 [ 380.672476][T10054] kernel_stack 0 [ 380.672476][T10054] slab 819200 [ 380.672476][T10054] sock 0 [ 380.672476][T10054] shmem 0 [ 380.672476][T10054] file_mapped 0 [ 380.672476][T10054] file_dirty 0 [ 380.672476][T10054] file_writeback 0 [ 380.672476][T10054] anon_thp 0 [ 380.672476][T10054] inactive_anon 0 [ 380.672476][T10054] active_anon 57344 [ 380.672476][T10054] inactive_file 0 [ 380.672476][T10054] active_file 0 [ 380.672476][T10054] unevictable 0 [ 380.672476][T10054] slab_reclaimable 270336 [ 380.672476][T10054] slab_unreclaimable 548864 [ 380.672476][T10054] pgfault 4092 [ 380.672476][T10054] pgmajfault 0 [ 380.672476][T10054] workingset_refault 0 [ 380.672476][T10054] workingset_activate 0 [ 380.672476][T10054] workingset_nodereclaim 0 [ 380.672476][T10054] pgrefill 0 [ 380.672476][T10054] pgscan 0 [ 380.672476][T10054] pgsteal 0 [ 380.672476][T10054] pgactivate 0 [ 380.672476][T10054] pgdeactivate 0 [ 380.781316][T10054] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10054,uid=0 [ 380.798916][T10054] Memory cgroup out of memory: Killed process 10054 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 380.823317][ T1061] oom_reaper: reaped process 10054 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 380.859848][T10102] chnl_net:caif_netlink_parms(): no params data found 10:58:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) [ 381.374286][T10102] bridge0: port 1(bridge_slave_0) entered blocking state [ 381.382070][T10102] bridge0: port 1(bridge_slave_0) entered disabled state [ 381.390943][T10102] device bridge_slave_0 entered promiscuous mode [ 381.406417][T10102] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.414011][T10102] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.422945][T10102] device bridge_slave_1 entered promiscuous mode [ 381.454599][T10102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.473881][T10102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 381.507381][T10102] team0: Port device team_slave_0 added [ 381.515210][T10102] team0: Port device team_slave_1 added [ 381.578905][T10102] device hsr_slave_0 entered promiscuous mode [ 381.634701][T10102] device hsr_slave_1 entered promiscuous mode [ 381.664694][T10102] debugfs: Directory 'hsr0' with parent '/' already present! [ 381.712268][T10102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 381.727317][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 381.737411][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 381.746786][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 381.758488][T10102] 8021q: adding VLAN 0 to HW filter on device team0 [ 382.165913][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 382.176828][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 382.185911][ T2820] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.193715][ T2820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 382.201977][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 382.211470][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 382.221025][ T2820] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.230856][ T2820] bridge0: port 2(bridge_slave_1) entered forwarding state [ 382.239705][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 382.248966][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 382.261030][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 382.269654][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 382.281990][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 382.531262][T10102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 382.544036][T10102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 382.553188][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 382.766729][T10120] IPVS: ftp: loaded support on port[0] = 21 [ 382.774537][T10102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 383.218753][T10128] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 383.230322][T10128] CPU: 1 PID: 10128 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 383.238260][T10128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.248712][T10128] Call Trace: [ 383.252131][T10128] dump_stack+0x1d8/0x2f8 [ 383.256679][T10128] dump_header+0xd8/0x970 [ 383.261388][T10128] oom_kill_process+0xcd/0x320 [ 383.267407][T10128] out_of_memory+0x5e1/0x8a0 [ 383.272374][T10128] ? unregister_oom_notifier+0x20/0x20 [ 383.278168][T10128] ? memory_max_write+0x4d3/0x6a0 [ 383.283749][T10128] memory_max_write+0x537/0x6a0 [ 383.290145][T10128] ? memory_max_show+0xa0/0xa0 [ 383.295721][T10128] ? trace_lock_acquire+0x154/0x1b0 [ 383.303251][T10128] ? lock_acquire+0x158/0x250 [ 383.309016][T10128] ? kernfs_fop_write+0x22e/0x4f0 [ 383.315550][T10128] ? memory_max_show+0xa0/0xa0 [ 383.320897][T10128] cgroup_file_write+0x27b/0x6e0 [ 383.326647][T10128] ? cgroup_seqfile_stop+0xc0/0xc0 [ 383.332311][T10128] ? cgroup_seqfile_stop+0xc0/0xc0 [ 383.337544][T10128] kernfs_fop_write+0x3e4/0x4f0 [ 383.342835][T10128] ? kernfs_fop_read+0x580/0x580 [ 383.347890][T10128] __vfs_write+0xf9/0x7d0 [ 383.352514][T10128] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 383.358263][T10128] ? __kernel_write+0x350/0x350 [ 383.363243][T10128] ? trace_lock_acquire+0x154/0x1b0 [ 383.369130][T10128] ? __sb_start_write+0x39c/0x440 [ 383.374282][T10128] vfs_write+0x275/0x590 [ 383.379087][T10128] ksys_write+0x16b/0x2a0 [ 383.383472][T10128] ? __ia32_sys_read+0x90/0x90 [ 383.388360][T10128] ? prepare_exit_to_usermode+0x1f7/0x580 [ 383.394800][T10128] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 383.400683][T10128] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 383.406528][T10128] ? do_syscall_64+0x1d/0x140 [ 383.411327][T10128] __x64_sys_write+0x7b/0x90 [ 383.416423][T10128] do_syscall_64+0xfe/0x140 [ 383.421293][T10128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 383.427998][T10128] RIP: 0033:0x459819 [ 383.432251][T10128] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 383.455398][T10128] RSP: 002b:00007faf81605c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 383.464798][T10128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 383.473781][T10128] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 383.482240][T10128] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 383.491304][T10128] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faf816066d4 [ 383.500561][T10128] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 383.509902][T10128] memory: usage 5264kB, limit 0kB, failcnt 450164 [ 383.517024][T10128] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 383.524425][T10128] Memory cgroup stats for /syz2: [ 383.525502][T10128] anon 4329472 [ 383.525502][T10128] file 0 [ 383.525502][T10128] kernel_stack 65536 [ 383.525502][T10128] slab 684032 [ 383.525502][T10128] sock 0 [ 383.525502][T10128] shmem 0 [ 383.525502][T10128] file_mapped 0 [ 383.525502][T10128] file_dirty 0 [ 383.525502][T10128] file_writeback 0 [ 383.525502][T10128] anon_thp 4194304 [ 383.525502][T10128] inactive_anon 0 [ 383.525502][T10128] active_anon 4329472 [ 383.525502][T10128] inactive_file 0 [ 383.525502][T10128] active_file 0 [ 383.525502][T10128] unevictable 0 [ 383.525502][T10128] slab_reclaimable 135168 [ 383.525502][T10128] slab_unreclaimable 548864 [ 383.525502][T10128] pgfault 1419 [ 383.525502][T10128] pgmajfault 0 [ 383.525502][T10128] workingset_refault 0 [ 383.525502][T10128] workingset_activate 0 [ 383.525502][T10128] workingset_nodereclaim 0 [ 383.525502][T10128] pgrefill 0 [ 383.525502][T10128] pgscan 0 [ 383.525502][T10128] pgsteal 0 [ 383.525502][T10128] pgactivate 0 [ 383.633080][T10128] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10127,uid=0 [ 383.650944][T10128] Memory cgroup out of memory: Killed process 10127 (syz-executor.2) total-vm:72576kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB [ 383.669338][ T1061] oom_reaper: reaped process 10127 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 383.720063][T10120] chnl_net:caif_netlink_parms(): no params data found [ 383.998065][T10102] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 384.017440][T10102] CPU: 1 PID: 10102 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 384.026974][T10102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.039328][T10102] Call Trace: [ 384.044271][T10102] dump_stack+0x1d8/0x2f8 [ 384.049256][T10102] dump_header+0xd8/0x970 [ 384.054565][T10102] oom_kill_process+0xcd/0x320 [ 384.059684][T10102] out_of_memory+0x5e1/0x8a0 [ 384.065015][T10102] ? unregister_oom_notifier+0x20/0x20 [ 384.070922][T10102] ? __kasan_check_read+0x11/0x20 [ 384.076082][T10102] try_charge+0x134a/0x17b0 [ 384.081000][T10102] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 384.087831][T10102] ? __lock_acquire+0x4750/0x4750 [ 384.093758][T10102] ? rcu_lock_release+0x15/0x20 [ 384.099531][T10102] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 384.105637][T10102] mem_cgroup_try_charge+0x216/0x560 [ 384.111208][T10102] mem_cgroup_try_charge_delay+0x25/0xa0 [ 384.117922][T10102] wp_page_copy+0x367/0x18c0 [ 384.122763][T10102] ? rcu_lock_release+0x30/0x30 [ 384.128083][T10102] ? __lock_acquire+0x4750/0x4750 [ 384.134202][T10102] ? __kasan_check_read+0x11/0x20 [ 384.139704][T10102] ? do_raw_spin_unlock+0x49/0x260 [ 384.145468][T10102] do_wp_page+0x2c9/0x1ce0 [ 384.150515][T10102] ? __rwlock_init+0x130/0x130 [ 384.155465][T10102] ? count_memcg_event_mm+0x300/0x300 [ 384.161390][T10102] handle_mm_fault+0x2bcf/0x6080 [ 384.167062][T10102] ? finish_fault+0x230/0x230 [ 384.172145][T10102] ? vmacache_find+0x251/0x5b0 [ 384.178366][T10102] do_user_addr_fault+0x589/0xaf0 [ 384.184253][T10102] __do_page_fault+0xd3/0x1f0 [ 384.189434][T10102] do_page_fault+0x99/0xb0 [ 384.194583][T10102] page_fault+0x39/0x40 [ 384.199355][T10102] RIP: 0033:0x403442 [ 384.204343][T10102] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 384.225921][T10102] RSP: 002b:00007ffc3fec9d90 EFLAGS: 00010246 [ 384.232557][T10102] RAX: 0000000000000000 RBX: 000000000005d8cf RCX: 0000000000413420 [ 384.240993][T10102] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc3fecaec0 [ 384.249512][T10102] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555f60940 [ 384.258533][T10102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc3fecaec0 [ 384.267577][T10102] R13: 00007ffc3fecaeb0 R14: 0000000000000000 R15: 00007ffc3fecaec0 [ 384.277203][T10102] memory: usage 888kB, limit 0kB, failcnt 450172 [ 384.284497][T10102] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 384.284503][T10102] Memory cgroup stats for /syz2: [ 384.284598][T10102] anon 53248 [ 384.284598][T10102] file 0 [ 384.284598][T10102] kernel_stack 0 [ 384.284598][T10102] slab 684032 [ 384.284598][T10102] sock 0 [ 384.284598][T10102] shmem 0 [ 384.284598][T10102] file_mapped 0 [ 384.284598][T10102] file_dirty 0 [ 384.284598][T10102] file_writeback 0 [ 384.284598][T10102] anon_thp 0 [ 384.284598][T10102] inactive_anon 0 [ 384.284598][T10102] active_anon 53248 [ 384.284598][T10102] inactive_file 0 [ 384.284598][T10102] active_file 0 [ 384.284598][T10102] unevictable 0 [ 384.284598][T10102] slab_reclaimable 135168 [ 384.284598][T10102] slab_unreclaimable 548864 [ 384.284598][T10102] pgfault 1419 [ 384.284598][T10102] pgmajfault 0 [ 384.284598][T10102] workingset_refault 0 [ 384.284598][T10102] workingset_activate 0 [ 384.284598][T10102] workingset_nodereclaim 0 [ 384.284598][T10102] pgrefill 0 [ 384.284598][T10102] pgscan 0 [ 384.284598][T10102] pgsteal 0 10:58:57 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r0 = gettid() r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r5 = socket$kcm(0x11, 0x5, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r5, 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r1, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) 10:58:57 executing program 4: shutdown(0xffffffffffffffff, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:58:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:57 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:58:58 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 384.284598][T10102] pgactivate 0 [ 384.284598][T10102] pgdeactivate 0 [ 384.284617][T10102] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10102,uid=0 [ 384.284686][T10102] Memory cgroup out of memory: Killed process 10102 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB 10:58:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:58:59 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 386.419754][T10120] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.427690][T10120] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.435844][T10120] device bridge_slave_0 entered promiscuous mode [ 386.453196][T10120] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.461422][T10120] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.470203][T10120] device bridge_slave_1 entered promiscuous mode [ 386.745338][T10120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 386.758054][T10120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 386.780823][T10160] IPVS: ftp: loaded support on port[0] = 21 [ 387.003479][T10120] team0: Port device team_slave_0 added [ 387.013551][T10120] team0: Port device team_slave_1 added [ 387.077182][T10120] device hsr_slave_0 entered promiscuous mode [ 387.114680][T10120] device hsr_slave_1 entered promiscuous mode [ 387.154446][T10120] debugfs: Directory 'hsr0' with parent '/' already present! [ 387.167254][ T280] device bridge_slave_1 left promiscuous mode [ 387.174492][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.225735][ T280] device bridge_slave_0 left promiscuous mode [ 387.234880][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.276273][ T280] device bridge_slave_1 left promiscuous mode [ 387.284022][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.337115][ T280] device bridge_slave_0 left promiscuous mode [ 387.345436][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.396275][ T280] device bridge_slave_1 left promiscuous mode [ 387.403242][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.445228][ T280] device bridge_slave_0 left promiscuous mode [ 387.452370][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.744603][ T280] device hsr_slave_0 left promiscuous mode [ 392.784970][ T280] device hsr_slave_1 left promiscuous mode [ 392.830953][ T280] team0 (unregistering): Port device team_slave_1 removed [ 392.841800][ T280] team0 (unregistering): Port device team_slave_0 removed [ 392.855551][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 392.891320][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.965326][ T280] bond0 (unregistering): Released all slaves [ 393.095245][ T280] device hsr_slave_0 left promiscuous mode [ 393.134394][ T280] device hsr_slave_1 left promiscuous mode [ 393.182598][ T280] team0 (unregistering): Port device team_slave_1 removed [ 393.196092][ T280] team0 (unregistering): Port device team_slave_0 removed [ 393.208579][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.248108][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.314518][ T280] bond0 (unregistering): Released all slaves [ 393.435247][ T280] device hsr_slave_0 left promiscuous mode [ 393.474845][ T280] device hsr_slave_1 left promiscuous mode [ 393.522405][ T280] team0 (unregistering): Port device team_slave_1 removed [ 393.537621][ T280] team0 (unregistering): Port device team_slave_0 removed [ 393.550316][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.589265][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.665057][ T280] bond0 (unregistering): Released all slaves [ 393.818032][T10160] chnl_net:caif_netlink_parms(): no params data found [ 393.876417][T10160] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.883640][T10160] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.891879][T10160] device bridge_slave_0 entered promiscuous mode [ 393.901927][T10120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.908987][T10160] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.916287][T10160] bridge0: port 2(bridge_slave_1) entered disabled state [ 393.924469][T10160] device bridge_slave_1 entered promiscuous mode [ 393.945916][T10160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 393.964641][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 393.972662][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 393.982442][T10160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 394.004867][T10160] team0: Port device team_slave_0 added [ 394.012678][T10160] team0: Port device team_slave_1 added [ 394.031285][T10120] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.077263][T10160] device hsr_slave_0 entered promiscuous mode [ 394.124657][T10160] device hsr_slave_1 entered promiscuous mode [ 394.179022][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 394.187733][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 394.196312][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.204305][ T8256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.212022][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 394.220770][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 394.229615][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.236763][ T8256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.244410][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 394.253016][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 394.261720][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 394.271225][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 394.281889][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 394.290182][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 394.312080][T10120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 394.322560][T10120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 394.336508][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 394.345401][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 394.353982][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 394.362716][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 394.371702][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 394.380296][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 394.402712][T10120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.411331][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 394.585974][T10160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.601464][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 394.612550][T10160] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.636666][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 394.645978][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.653116][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.698894][T10160] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 394.709967][T10160] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 394.728208][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 394.737595][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 394.746328][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.753434][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.762006][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 394.771625][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 394.772281][T10168] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 394.780540][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 394.781240][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 394.803293][T10160] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.810243][T10168] CPU: 1 PID: 10168 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 394.810251][T10168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 394.810263][T10168] Call Trace: [ 394.824800][T10168] dump_stack+0x1d8/0x2f8 [ 394.824816][T10168] dump_header+0xd8/0x970 [ 394.824829][T10168] oom_kill_process+0xcd/0x320 [ 394.824840][T10168] out_of_memory+0x5e1/0x8a0 [ 394.824852][T10168] ? unregister_oom_notifier+0x20/0x20 [ 394.824870][T10168] memory_max_write+0x537/0x6a0 [ 394.824890][T10168] ? memory_max_show+0xa0/0xa0 [ 394.824907][T10168] ? trace_lock_acquire+0x154/0x1b0 [ 394.824923][T10168] ? lock_acquire+0x158/0x250 [ 394.881385][T10168] ? kernfs_fop_write+0x22e/0x4f0 [ 394.886435][T10168] ? memory_max_show+0xa0/0xa0 [ 394.891240][T10168] cgroup_file_write+0x27b/0x6e0 [ 394.896384][T10168] ? cgroup_seqfile_stop+0xc0/0xc0 [ 394.901530][T10168] ? cgroup_seqfile_stop+0xc0/0xc0 [ 394.906664][T10168] kernfs_fop_write+0x3e4/0x4f0 [ 394.911544][T10168] ? kernfs_fop_read+0x580/0x580 [ 394.916509][T10168] __vfs_write+0xf9/0x7d0 [ 394.921070][T10168] ? __lock_acquire+0x4750/0x4750 [ 394.926122][T10168] ? __kernel_write+0x350/0x350 [ 394.930999][T10168] ? trace_lock_acquire+0x154/0x1b0 [ 394.936254][T10168] ? __sb_start_write+0x39c/0x440 [ 394.941304][T10168] ? __fdget_pos+0x226/0x2e0 [ 394.945919][T10168] vfs_write+0x275/0x590 [ 394.950200][T10168] ksys_write+0x16b/0x2a0 [ 394.954557][T10168] ? __ia32_sys_read+0x90/0x90 [ 394.959355][T10168] ? prepare_exit_to_usermode+0x1f7/0x580 [ 394.965130][T10168] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 394.970616][T10168] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 394.976381][T10168] ? do_syscall_64+0x1d/0x140 [ 394.981083][T10168] __x64_sys_write+0x7b/0x90 [ 394.985702][T10168] do_syscall_64+0xfe/0x140 [ 394.990268][T10168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 394.996190][T10168] RIP: 0033:0x459819 [ 395.000225][T10168] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 395.019850][T10168] RSP: 002b:00007fb8e3902c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 395.028280][T10168] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 395.036769][T10168] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 395.044764][T10168] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 395.052845][T10168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb8e39036d4 [ 395.061013][T10168] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 395.069228][T10168] memory: usage 5168kB, limit 0kB, failcnt 66 [ 395.075453][T10168] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 395.082584][T10168] Memory cgroup stats for /syz3: [ 395.083280][T10168] anon 4243456 [ 395.083280][T10168] file 12288 [ 395.083280][T10168] kernel_stack 0 [ 395.083280][T10168] slab 1036288 [ 395.083280][T10168] sock 0 [ 395.083280][T10168] shmem 8192 [ 395.083280][T10168] file_mapped 0 [ 395.083280][T10168] file_dirty 0 [ 395.083280][T10168] file_writeback 0 [ 395.083280][T10168] anon_thp 4194304 [ 395.083280][T10168] inactive_anon 0 [ 395.083280][T10168] active_anon 4243456 [ 395.083280][T10168] inactive_file 0 [ 395.083280][T10168] active_file 0 [ 395.083280][T10168] unevictable 0 [ 395.083280][T10168] slab_reclaimable 405504 [ 395.083280][T10168] slab_unreclaimable 630784 [ 395.083280][T10168] pgfault 6039 [ 395.083280][T10168] pgmajfault 0 [ 395.083280][T10168] workingset_refault 0 [ 395.083280][T10168] workingset_activate 0 [ 395.083280][T10168] workingset_nodereclaim 0 [ 395.083280][T10168] pgrefill 0 [ 395.083280][T10168] pgscan 0 [ 395.083280][T10168] pgsteal 0 [ 395.083280][T10168] pgactivate 0 [ 395.182131][T10168] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10167,uid=0 [ 395.208695][T10168] Memory cgroup out of memory: Killed process 10167 (syz-executor.3) total-vm:72576kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 395.227820][ T1061] oom_reaper: reaped process 10167 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 395.232092][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 395.247014][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 395.448842][T10175] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 395.459356][T10175] CPU: 1 PID: 10175 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 395.467002][T10175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.477079][T10175] Call Trace: [ 395.480387][T10175] dump_stack+0x1d8/0x2f8 [ 395.484745][T10175] dump_header+0xd8/0x970 [ 395.489152][T10175] oom_kill_process+0xcd/0x320 [ 395.493951][T10175] out_of_memory+0x5e1/0x8a0 [ 395.498576][T10175] ? unregister_oom_notifier+0x20/0x20 [ 395.504157][T10175] ? trace_hardirqs_on+0x74/0x80 [ 395.509154][T10175] memory_max_write+0x537/0x6a0 [ 395.514056][T10175] ? memory_max_show+0xa0/0xa0 [ 395.518859][T10175] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 395.524170][T10175] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 395.529666][T10175] ? retint_kernel+0x10/0x10 [ 395.534285][T10175] ? memory_max_show+0xa0/0xa0 [ 395.539095][T10175] cgroup_file_write+0x27b/0x6e0 [ 395.544067][T10175] ? cgroup_seqfile_stop+0xc0/0xc0 [ 395.549214][T10175] ? kernfs_fop_write+0x349/0x4f0 [ 395.554269][T10175] ? cgroup_seqfile_stop+0xc0/0xc0 [ 395.559407][T10175] kernfs_fop_write+0x3e4/0x4f0 [ 395.564302][T10175] ? kernfs_fop_read+0x580/0x580 [ 395.569369][T10175] __vfs_write+0xf9/0x7d0 [ 395.573899][T10175] ? rcu_irq_exit+0xe3/0x260 [ 395.578524][T10175] ? __kernel_write+0x350/0x350 [ 395.583395][T10175] ? trace_lock_acquire+0x154/0x1b0 [ 395.588652][T10175] ? __sb_start_write+0x39c/0x440 [ 395.593703][T10175] vfs_write+0x275/0x590 [ 395.597979][T10175] ksys_write+0x16b/0x2a0 [ 395.602339][T10175] ? __ia32_sys_read+0x90/0x90 [ 395.607126][T10175] ? prepare_exit_to_usermode+0x1f7/0x580 [ 395.612870][T10175] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 395.618365][T10175] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 395.624115][T10175] ? do_syscall_64+0x1d/0x140 [ 395.628907][T10175] __x64_sys_write+0x7b/0x90 [ 395.633516][T10175] do_syscall_64+0xfe/0x140 [ 395.638067][T10175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 395.643984][T10175] RIP: 0033:0x459819 [ 395.647922][T10175] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 395.667554][T10175] RSP: 002b:00007f45a5fa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 395.675990][T10175] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 395.683995][T10175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 395.691991][T10175] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 395.699981][T10175] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45a5fa96d4 [ 395.707981][T10175] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 395.716239][T10175] memory: usage 5092kB, limit 0kB, failcnt 102 [ 395.722569][T10175] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 395.729611][T10175] Memory cgroup stats for /syz5: [ 395.730614][T10175] anon 4374528 [ 395.730614][T10175] file 0 [ 395.730614][T10175] kernel_stack 65536 [ 395.730614][T10175] slab 819200 [ 395.730614][T10175] sock 0 [ 395.730614][T10175] shmem 0 [ 395.730614][T10175] file_mapped 0 [ 395.730614][T10175] file_dirty 0 [ 395.730614][T10175] file_writeback 0 [ 395.730614][T10175] anon_thp 4194304 [ 395.730614][T10175] inactive_anon 0 [ 395.730614][T10175] active_anon 4374528 [ 395.730614][T10175] inactive_file 0 [ 395.730614][T10175] active_file 0 [ 395.730614][T10175] unevictable 0 [ 395.730614][T10175] slab_reclaimable 270336 [ 395.730614][T10175] slab_unreclaimable 548864 [ 395.730614][T10175] pgfault 4158 [ 395.730614][T10175] pgmajfault 0 [ 395.730614][T10175] workingset_refault 0 [ 395.730614][T10175] workingset_activate 0 [ 395.730614][T10175] workingset_nodereclaim 0 [ 395.730614][T10175] pgrefill 0 [ 395.730614][T10175] pgscan 0 [ 395.730614][T10175] pgsteal 0 [ 395.730614][T10175] pgactivate 0 [ 395.825492][T10175] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10174,uid=0 10:59:09 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:09 executing program 4: getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:09 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) 10:59:09 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 395.841858][T10175] Memory cgroup out of memory: Killed process 10174 (syz-executor.5) total-vm:72576kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB [ 395.857247][T10120] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 395.863708][ T1061] oom_reaper: reaped process 10174 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 395.867412][T10120] CPU: 0 PID: 10120 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 395.886752][T10120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.896826][T10120] Call Trace: [ 395.900137][T10120] dump_stack+0x1d8/0x2f8 [ 395.904473][T10120] dump_header+0xd8/0x970 [ 395.908819][T10120] oom_kill_process+0xcd/0x320 [ 395.913692][T10120] out_of_memory+0x5e1/0x8a0 [ 395.918305][T10120] ? unregister_oom_notifier+0x20/0x20 [ 395.923786][T10120] ? __kasan_check_read+0x11/0x20 [ 395.928843][T10120] try_charge+0x134a/0x17b0 [ 395.933385][T10120] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 395.939219][T10120] ? __lock_acquire+0x4750/0x4750 [ 395.944278][T10120] ? rcu_lock_release+0x15/0x20 [ 395.949151][T10120] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 395.954765][T10120] mem_cgroup_try_charge+0x216/0x560 [ 395.960113][T10120] mem_cgroup_try_charge_delay+0x25/0xa0 [ 395.965833][T10120] handle_mm_fault+0x31f3/0x6080 [ 395.970907][T10120] ? finish_fault+0x230/0x230 [ 395.975723][T10120] ? vmacache_find+0x251/0x5b0 [ 395.980626][T10120] do_user_addr_fault+0x589/0xaf0 [ 395.985869][T10120] __do_page_fault+0xd3/0x1f0 [ 395.990577][T10120] do_page_fault+0x99/0xb0 [ 395.995024][T10120] page_fault+0x39/0x40 [ 395.999214][T10120] RIP: 0033:0x4577b1 [ 396.003139][T10120] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 396.022853][T10120] RSP: 002b:00007ffd0dae8f90 EFLAGS: 00010206 [ 396.028938][T10120] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000457790 [ 396.036933][T10120] RDX: 00007ffd0dae8f90 RSI: 0000000000000003 RDI: 0000000000000001 [ 396.044924][T10120] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555b93940 [ 396.052915][T10120] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffd0daea170 [ 396.060914][T10120] R13: 00007ffd0daea160 R14: 0000000000000000 R15: 00007ffd0daea170 [ 396.069611][T10120] memory: usage 772kB, limit 0kB, failcnt 74 [ 396.075674][T10120] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 396.082547][T10120] Memory cgroup stats for /syz3: [ 396.082628][T10120] anon 0 [ 396.082628][T10120] file 12288 [ 396.082628][T10120] kernel_stack 0 [ 396.082628][T10120] slab 1036288 [ 396.082628][T10120] sock 0 [ 396.082628][T10120] shmem 8192 [ 396.082628][T10120] file_mapped 0 [ 396.082628][T10120] file_dirty 0 [ 396.082628][T10120] file_writeback 0 [ 396.082628][T10120] anon_thp 0 [ 396.082628][T10120] inactive_anon 0 [ 396.082628][T10120] active_anon 0 [ 396.082628][T10120] inactive_file 0 [ 396.082628][T10120] active_file 0 [ 396.082628][T10120] unevictable 0 [ 396.082628][T10120] slab_reclaimable 405504 [ 396.082628][T10120] slab_unreclaimable 630784 [ 396.082628][T10120] pgfault 6039 [ 396.082628][T10120] pgmajfault 0 [ 396.082628][T10120] workingset_refault 0 [ 396.082628][T10120] workingset_activate 0 [ 396.082628][T10120] workingset_nodereclaim 0 [ 396.082628][T10120] pgrefill 0 [ 396.082628][T10120] pgscan 0 [ 396.082628][T10120] pgsteal 0 [ 396.082628][T10120] pgactivate 0 [ 396.082628][T10120] pgdeactivate 0 [ 396.179658][T10120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10120,uid=0 [ 396.195236][T10120] Memory cgroup out of memory: Killed process 10120 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 396.216405][ T1061] oom_reaper: reaped process 10120 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 396.452104][T10160] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 396.463670][T10160] CPU: 0 PID: 10160 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 396.471319][T10160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.481389][T10160] Call Trace: [ 396.484696][T10160] dump_stack+0x1d8/0x2f8 [ 396.489038][T10160] dump_header+0xd8/0x970 [ 396.493562][T10160] oom_kill_process+0xcd/0x320 [ 396.498416][T10160] out_of_memory+0x5e1/0x8a0 [ 396.503130][T10160] ? unregister_oom_notifier+0x20/0x20 [ 396.508952][T10160] ? __kasan_check_read+0x11/0x20 [ 396.514332][T10160] try_charge+0x134a/0x17b0 [ 396.519036][T10160] ? nsfs_init+0x5a/0x94 [ 396.523394][T10160] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 396.529219][T10160] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 396.534961][T10160] ? rcu_lock_acquire+0x30/0x30 [ 396.540042][T10160] __memcg_kmem_charge_memcg+0x78/0x180 [ 396.545613][T10160] ? __lock_acquire+0x4750/0x4750 [ 396.550660][T10160] ? memcg_kmem_put_cache+0x50/0x50 [ 396.555897][T10160] kmem_getpages+0x411/0x970 [ 396.560729][T10160] cache_grow_begin+0x7e/0x2c0 [ 396.565525][T10160] ? __cpuset_node_allowed+0x198/0x530 [ 396.571095][T10160] fallback_alloc+0x134/0x1c0 [ 396.575807][T10160] ____cache_alloc_node+0x22a/0x250 [ 396.581212][T10160] kmem_cache_alloc+0x157/0x2e0 [ 396.586355][T10160] ? __alloc_file+0x29/0x350 [ 396.590974][T10160] __alloc_file+0x29/0x350 [ 396.595417][T10160] ? alloc_empty_file+0x4c/0x1b0 [ 396.600559][T10160] alloc_empty_file+0xac/0x1b0 [ 396.605351][T10160] path_openat+0x12b/0x4440 [ 396.609888][T10160] ? trace_lock_acquire+0x1b0/0x1b0 [ 396.615126][T10160] ? do_filp_open+0x430/0x430 [ 396.619829][T10160] ? __kasan_kmalloc+0x178/0x1b0 [ 396.624886][T10160] ? __kasan_kmalloc+0x11c/0x1b0 [ 396.629935][T10160] ? kasan_slab_alloc+0xf/0x20 [ 396.635185][T10160] ? kmem_cache_alloc+0x1e9/0x2e0 [ 396.640232][T10160] ? getname_flags+0xba/0x640 [ 396.644923][T10160] ? getname+0x19/0x20 [ 396.649004][T10160] ? do_sys_open+0x2fc/0x620 [ 396.653620][T10160] ? __x64_sys_open+0x87/0x90 [ 396.658334][T10160] ? do_syscall_64+0xfe/0x140 [ 396.663037][T10160] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 396.669551][T10160] do_filp_open+0x1f7/0x430 [ 396.674089][T10160] ? vfs_tmpfile+0x230/0x230 [ 396.678800][T10160] ? __lock_acquire+0x4750/0x4750 [ 396.683862][T10160] ? do_raw_spin_unlock+0x49/0x260 [ 396.689534][T10160] ? _raw_spin_unlock+0x22/0x30 [ 396.694408][T10160] ? __alloc_fd+0x58f/0x630 [ 396.698944][T10160] ? get_unused_fd_flags+0x97/0xb0 [ 396.704087][T10160] do_sys_open+0x343/0x620 [ 396.708538][T10160] ? file_open_root+0x440/0x440 [ 396.713414][T10160] ? prepare_exit_to_usermode+0x1f7/0x580 [ 396.719161][T10160] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 396.724907][T10160] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 396.730417][T10160] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 396.736248][T10160] ? do_syscall_64+0x1d/0x140 [ 396.741132][T10160] __x64_sys_open+0x87/0x90 [ 396.745665][T10160] do_syscall_64+0xfe/0x140 [ 396.750228][T10160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 396.756240][T10160] RIP: 0033:0x457790 [ 396.760156][T10160] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 396.779780][T10160] RSP: 002b:00007ffcd46de240 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 396.788221][T10160] RAX: ffffffffffffffda RBX: 0000000000060896 RCX: 0000000000457790 [ 396.796648][T10160] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffcd46df420 [ 396.805182][T10160] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555568f9940 [ 396.813286][T10160] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffcd46df420 [ 396.821280][T10160] R13: 00007ffcd46df410 R14: 0000000000000000 R15: 00007ffcd46df420 [ 396.830602][T10160] memory: usage 708kB, limit 0kB, failcnt 114 [ 396.836760][T10160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 396.843612][T10160] Memory cgroup stats for /syz5: [ 396.843734][T10160] anon 114688 [ 396.843734][T10160] file 0 [ 396.843734][T10160] kernel_stack 0 [ 396.843734][T10160] slab 819200 [ 396.843734][T10160] sock 0 [ 396.843734][T10160] shmem 0 [ 396.843734][T10160] file_mapped 0 [ 396.843734][T10160] file_dirty 0 [ 396.843734][T10160] file_writeback 0 [ 396.843734][T10160] anon_thp 0 [ 396.843734][T10160] inactive_anon 0 [ 396.843734][T10160] active_anon 114688 [ 396.843734][T10160] inactive_file 0 [ 396.843734][T10160] active_file 0 [ 396.843734][T10160] unevictable 0 [ 396.843734][T10160] slab_reclaimable 270336 [ 396.843734][T10160] slab_unreclaimable 548864 [ 396.843734][T10160] pgfault 4158 [ 396.843734][T10160] pgmajfault 0 [ 396.843734][T10160] workingset_refault 0 [ 396.843734][T10160] workingset_activate 0 [ 396.843734][T10160] workingset_nodereclaim 0 [ 396.843734][T10160] pgrefill 0 [ 396.843734][T10160] pgscan 0 [ 396.843734][T10160] pgsteal 0 [ 396.843734][T10160] pgactivate 0 [ 396.843734][T10160] pgdeactivate 0 10:59:10 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:10 executing program 4: getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:10 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 396.940550][T10160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10160,uid=0 [ 396.956207][T10160] Memory cgroup out of memory: Killed process 10160 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 396.970742][ T1061] oom_reaper: reaped process 10160 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:59:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:12 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:12 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:59:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:12 executing program 4: getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 398.597515][T10212] IPVS: ftp: loaded support on port[0] = 21 [ 398.884384][T10212] chnl_net:caif_netlink_parms(): no params data found [ 398.982638][T10212] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.989976][T10212] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.998051][T10212] device bridge_slave_0 entered promiscuous mode [ 399.054028][T10212] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.061406][T10212] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.069540][T10212] device bridge_slave_1 entered promiscuous mode [ 399.184804][T10212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.198685][T10212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.244527][T10212] team0: Port device team_slave_0 added [ 399.251915][T10212] team0: Port device team_slave_1 added [ 399.306992][T10212] device hsr_slave_0 entered promiscuous mode [ 399.345205][T10212] device hsr_slave_1 entered promiscuous mode [ 399.434318][T10212] debugfs: Directory 'hsr0' with parent '/' already present! [ 399.474381][T10212] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.481498][T10212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.488940][T10212] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.496129][T10212] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.552950][T10212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.569039][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 399.579266][ T9471] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.594625][ T9471] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.619750][T10212] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.630429][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 399.639365][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 399.648208][ T2620] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.655329][ T2620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.690525][T10212] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 399.701350][T10212] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 399.714882][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 399.723808][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 399.732445][ T2620] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.739595][ T2620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.747793][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 399.756753][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 399.765773][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 399.775349][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 399.784888][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 399.793491][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 399.802057][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 399.810366][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 399.818924][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 399.827341][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 399.839154][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 399.847658][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 399.863312][T10212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.982641][T10234] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 399.994563][T10234] CPU: 0 PID: 10234 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 400.002242][T10234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.012435][T10234] Call Trace: [ 400.015757][T10234] dump_stack+0x1d8/0x2f8 [ 400.020149][T10234] dump_header+0xd8/0x970 [ 400.024517][T10234] oom_kill_process+0xcd/0x320 [ 400.029417][T10234] out_of_memory+0x5e1/0x8a0 [ 400.034552][T10234] ? unregister_oom_notifier+0x20/0x20 [ 400.042952][T10234] memory_max_write+0x537/0x6a0 [ 400.047882][T10234] ? memory_max_show+0xa0/0xa0 [ 400.052809][T10234] ? trace_lock_acquire+0x154/0x1b0 [ 400.058056][T10234] ? lock_acquire+0x158/0x250 [ 400.062853][T10234] ? kernfs_fop_write+0x22e/0x4f0 [ 400.067904][T10234] ? memory_max_show+0xa0/0xa0 [ 400.072704][T10234] cgroup_file_write+0x27b/0x6e0 [ 400.077673][T10234] ? cgroup_seqfile_stop+0xc0/0xc0 [ 400.082832][T10234] ? cgroup_seqfile_stop+0xc0/0xc0 [ 400.087984][T10234] kernfs_fop_write+0x3e4/0x4f0 [ 400.092903][T10234] ? kernfs_fop_read+0x580/0x580 [ 400.097879][T10234] __vfs_write+0xf9/0x7d0 [ 400.102258][T10234] ? __kernel_write+0x350/0x350 [ 400.107165][T10234] ? __sb_start_write+0x39c/0x440 [ 400.112229][T10234] vfs_write+0x275/0x590 [ 400.116529][T10234] ksys_write+0x16b/0x2a0 [ 400.120894][T10234] ? __ia32_sys_read+0x90/0x90 [ 400.125789][T10234] ? retint_kernel+0x10/0x10 [ 400.130415][T10234] __x64_sys_write+0x7b/0x90 [ 400.135029][T10234] do_syscall_64+0xfe/0x140 [ 400.139559][T10234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 400.145488][T10234] RIP: 0033:0x459819 [ 400.149400][T10234] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 400.169383][T10234] RSP: 002b:00007fc3bdf24c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 400.177819][T10234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 400.185836][T10234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 400.193828][T10234] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 400.201872][T10234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc3bdf256d4 [ 400.209894][T10234] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 400.218087][T10234] memory: usage 5216kB, limit 0kB, failcnt 450173 [ 400.224786][T10234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 400.231825][T10234] Memory cgroup stats for /syz2: [ 400.232054][T10234] anon 4255744 [ 400.232054][T10234] file 0 [ 400.232054][T10234] kernel_stack 65536 [ 400.232054][T10234] slab 684032 [ 400.232054][T10234] sock 0 [ 400.232054][T10234] shmem 0 [ 400.232054][T10234] file_mapped 0 [ 400.232054][T10234] file_dirty 0 [ 400.232054][T10234] file_writeback 0 [ 400.232054][T10234] anon_thp 4194304 [ 400.232054][T10234] inactive_anon 0 [ 400.232054][T10234] active_anon 4255744 [ 400.232054][T10234] inactive_file 0 [ 400.232054][T10234] active_file 0 [ 400.232054][T10234] unevictable 0 [ 400.232054][T10234] slab_reclaimable 135168 [ 400.232054][T10234] slab_unreclaimable 548864 [ 400.232054][T10234] pgfault 1485 [ 400.232054][T10234] pgmajfault 0 [ 400.232054][T10234] workingset_refault 0 [ 400.232054][T10234] workingset_activate 0 [ 400.232054][T10234] workingset_nodereclaim 0 [ 400.232054][T10234] pgrefill 0 [ 400.232054][T10234] pgscan 0 [ 400.232054][T10234] pgsteal 0 [ 400.232054][T10234] pgactivate 0 [ 400.326008][T10234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10232,uid=0 [ 400.342272][T10234] Memory cgroup out of memory: Killed process 10232 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 400.358663][ T1061] oom_reaper: reaped process 10232 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:59:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:14 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) 10:59:14 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:14 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:14 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:14 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 400.577532][T10212] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 400.587581][T10212] CPU: 1 PID: 10212 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 400.595214][T10212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.605259][T10212] Call Trace: [ 400.608551][T10212] dump_stack+0x1d8/0x2f8 [ 400.612869][T10212] dump_header+0xd8/0x970 [ 400.617199][T10212] oom_kill_process+0xcd/0x320 [ 400.621957][T10212] out_of_memory+0x5e1/0x8a0 [ 400.626544][T10212] ? unregister_oom_notifier+0x20/0x20 [ 400.631994][T10212] ? __kasan_check_read+0x11/0x20 [ 400.637016][T10212] try_charge+0x134a/0x17b0 [ 400.641532][T10212] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 400.647340][T10212] ? __lock_acquire+0x4750/0x4750 [ 400.652363][T10212] ? rcu_lock_release+0x15/0x20 [ 400.657207][T10212] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 400.662746][T10212] mem_cgroup_try_charge+0x216/0x560 [ 400.668030][T10212] mem_cgroup_try_charge_delay+0x25/0xa0 [ 400.673653][T10212] wp_page_copy+0x367/0x18c0 [ 400.678248][T10212] ? rcu_lock_release+0x30/0x30 [ 400.683213][T10212] ? __lock_acquire+0x4750/0x4750 [ 400.688339][T10212] ? __kasan_check_read+0x11/0x20 [ 400.693606][T10212] ? do_raw_spin_unlock+0x49/0x260 [ 400.698723][T10212] do_wp_page+0x2c9/0x1ce0 [ 400.703154][T10212] ? __rwlock_init+0x130/0x130 [ 400.707935][T10212] ? count_memcg_event_mm+0x300/0x300 [ 400.713315][T10212] handle_mm_fault+0x2bcf/0x6080 [ 400.718262][T10212] ? finish_fault+0x230/0x230 [ 400.722947][T10212] ? vmacache_find+0x251/0x5b0 [ 400.727712][T10212] do_user_addr_fault+0x589/0xaf0 [ 400.732754][T10212] __do_page_fault+0xd3/0x1f0 [ 400.737436][T10212] do_page_fault+0x99/0xb0 [ 400.741862][T10212] page_fault+0x39/0x40 [ 400.746026][T10212] RIP: 0033:0x4308f6 [ 400.749921][T10212] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 400.769534][T10212] RSP: 002b:00007ffcf5d1b130 EFLAGS: 00010206 [ 400.775600][T10212] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 400.783592][T10212] RDX: 000055555697e930 RSI: 0000555556986970 RDI: 0000000000000003 [ 400.791578][T10212] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555697d940 [ 400.799555][T10212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 400.807528][T10212] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 400.816959][T10212] memory: usage 832kB, limit 0kB, failcnt 450181 [ 400.823310][T10212] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 400.823320][T10212] Memory cgroup stats for /syz2: [ 400.823413][T10212] anon 0 [ 400.823413][T10212] file 0 [ 400.823413][T10212] kernel_stack 65536 [ 400.823413][T10212] slab 684032 [ 400.823413][T10212] sock 0 [ 400.823413][T10212] shmem 0 [ 400.823413][T10212] file_mapped 0 [ 400.823413][T10212] file_dirty 0 [ 400.823413][T10212] file_writeback 0 [ 400.823413][T10212] anon_thp 0 [ 400.823413][T10212] inactive_anon 0 [ 400.823413][T10212] active_anon 0 [ 400.823413][T10212] inactive_file 0 [ 400.823413][T10212] active_file 0 [ 400.823413][T10212] unevictable 0 [ 400.823413][T10212] slab_reclaimable 135168 [ 400.823413][T10212] slab_unreclaimable 548864 [ 400.823413][T10212] pgfault 1485 [ 400.823413][T10212] pgmajfault 0 [ 400.823413][T10212] workingset_refault 0 [ 400.823413][T10212] workingset_activate 0 [ 400.823413][T10212] workingset_nodereclaim 0 [ 400.823413][T10212] pgrefill 0 [ 400.823413][T10212] pgscan 0 [ 400.823413][T10212] pgsteal 0 [ 400.823413][T10212] pgactivate 0 [ 400.823413][T10212] pgdeactivate 0 [ 400.835310][T10212] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10212,uid=0 [ 400.941297][T10212] Memory cgroup out of memory: Killed process 10212 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 400.964685][ T1061] oom_reaper: reaped process 10212 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:59:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:15 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x18) 10:59:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x2c}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) setpgid(0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) dup(0xffffffffffffffff) 10:59:16 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x18) 10:59:17 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 403.726839][T10275] IPVS: ftp: loaded support on port[0] = 21 [ 403.999799][T10279] IPVS: ftp: loaded support on port[0] = 21 [ 404.271460][T10275] chnl_net:caif_netlink_parms(): no params data found [ 404.696810][T10275] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.703937][T10275] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.711881][T10275] device bridge_slave_0 entered promiscuous mode [ 404.721633][T10275] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.729010][T10275] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.737036][T10275] device bridge_slave_1 entered promiscuous mode [ 404.760456][T10275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 404.774423][T10275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.016943][T10275] team0: Port device team_slave_0 added [ 405.221406][T10279] chnl_net:caif_netlink_parms(): no params data found [ 405.237316][T10275] team0: Port device team_slave_1 added [ 405.305941][T10275] device hsr_slave_0 entered promiscuous mode [ 405.374695][T10275] device hsr_slave_1 entered promiscuous mode [ 405.414284][T10275] debugfs: Directory 'hsr0' with parent '/' already present! [ 405.438485][T10279] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.445728][T10279] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.453829][T10279] device bridge_slave_0 entered promiscuous mode [ 405.666488][T10279] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.673598][T10279] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.681885][T10279] device bridge_slave_1 entered promiscuous mode [ 405.702596][T10279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.715055][T10279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.736519][T10279] team0: Port device team_slave_0 added [ 405.743876][T10279] team0: Port device team_slave_1 added [ 405.807131][T10279] device hsr_slave_0 entered promiscuous mode [ 405.854545][T10279] device hsr_slave_1 entered promiscuous mode [ 405.894341][T10279] debugfs: Directory 'hsr0' with parent '/' already present! [ 406.137896][ T280] device bridge_slave_1 left promiscuous mode [ 406.144574][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.175549][ T280] device bridge_slave_0 left promiscuous mode [ 406.181773][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.216797][ T280] device bridge_slave_1 left promiscuous mode [ 406.223072][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.285379][ T280] device bridge_slave_0 left promiscuous mode [ 406.291927][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.345968][ T280] device bridge_slave_1 left promiscuous mode [ 406.352277][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.386053][ T280] device bridge_slave_0 left promiscuous mode [ 406.392485][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.834813][ T280] device hsr_slave_0 left promiscuous mode [ 411.884456][ T280] device hsr_slave_1 left promiscuous mode [ 411.936869][ T280] team0 (unregistering): Port device team_slave_1 removed [ 411.950583][ T280] team0 (unregistering): Port device team_slave_0 removed [ 411.972251][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 412.031643][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 412.125942][ T280] bond0 (unregistering): Released all slaves [ 412.255363][ T280] device hsr_slave_0 left promiscuous mode [ 412.294401][ T280] device hsr_slave_1 left promiscuous mode [ 412.346010][ T280] team0 (unregistering): Port device team_slave_1 removed [ 412.359044][ T280] team0 (unregistering): Port device team_slave_0 removed [ 412.370092][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 412.407810][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 412.475094][ T280] bond0 (unregistering): Released all slaves [ 412.585164][ T280] device hsr_slave_0 left promiscuous mode [ 412.654342][ T280] device hsr_slave_1 left promiscuous mode [ 412.701064][ T280] team0 (unregistering): Port device team_slave_1 removed [ 412.715877][ T280] team0 (unregistering): Port device team_slave_0 removed [ 412.729180][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 412.758084][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 412.837655][ T280] bond0 (unregistering): Released all slaves [ 412.962174][T10275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.978065][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 412.989721][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 413.002557][T10275] 8021q: adding VLAN 0 to HW filter on device team0 [ 413.016012][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 413.025244][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 413.035303][ T3720] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.042510][ T3720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 413.051220][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 413.065372][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 413.074295][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 413.082813][ T9471] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.090032][ T9471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 413.101609][T10279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 413.121389][T10279] 8021q: adding VLAN 0 to HW filter on device team0 [ 413.129210][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 413.138218][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 413.147774][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 413.172276][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 413.181372][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 413.190060][ T9471] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.197196][ T9471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 413.204812][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 413.213416][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 413.221916][ T9471] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.229006][ T9471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 413.236854][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 413.264525][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 413.272675][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 413.281927][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 413.290512][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 413.299403][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 413.307817][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 413.316906][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 413.325531][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 413.334001][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 413.346961][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 413.355281][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 413.363367][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 413.372013][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 413.380846][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 413.390446][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 413.401471][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 413.410529][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 413.541896][T10279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 413.552484][T10279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 413.564553][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 413.573096][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 413.581821][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 413.590434][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 413.600074][T10275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 413.625897][T10275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 413.649025][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 413.677770][T10279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 413.925216][T10292] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 413.938918][T10292] CPU: 0 PID: 10292 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 413.946614][T10292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.956704][T10292] Call Trace: [ 413.960034][T10292] dump_stack+0x1d8/0x2f8 [ 413.964420][T10292] dump_header+0xd8/0x970 [ 413.968813][T10292] oom_kill_process+0xcd/0x320 [ 413.973615][T10292] out_of_memory+0x5e1/0x8a0 [ 413.978251][T10292] ? unregister_oom_notifier+0x20/0x20 [ 413.983744][T10292] ? trace_hardirqs_on+0x74/0x80 [ 413.988747][T10292] memory_max_write+0x537/0x6a0 [ 413.993663][T10292] ? memory_max_show+0xa0/0xa0 [ 413.998479][T10292] ? trace_lock_acquire+0x154/0x1b0 [ 414.003805][T10292] ? lock_acquire+0x158/0x250 [ 414.008602][T10292] ? kernfs_fop_write+0x22e/0x4f0 [ 414.013664][T10292] ? memory_max_show+0xa0/0xa0 [ 414.018931][T10292] cgroup_file_write+0x27b/0x6e0 [ 414.023911][T10292] ? cgroup_seqfile_stop+0xc0/0xc0 [ 414.029067][T10292] ? cgroup_seqfile_stop+0xc0/0xc0 [ 414.034737][T10292] kernfs_fop_write+0x3e4/0x4f0 [ 414.039614][T10292] ? kernfs_fop_read+0x580/0x580 [ 414.044675][T10292] __vfs_write+0xf9/0x7d0 [ 414.049053][T10292] ? __kernel_write+0x350/0x350 [ 414.054056][T10292] ? __sb_start_write+0x39c/0x440 [ 414.059126][T10292] vfs_write+0x275/0x590 [ 414.063409][T10292] ksys_write+0x16b/0x2a0 [ 414.067801][T10292] ? __ia32_sys_read+0x90/0x90 [ 414.072611][T10292] ? prepare_exit_to_usermode+0x1f7/0x580 [ 414.078807][T10292] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 414.084409][T10292] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 414.090191][T10292] ? do_syscall_64+0x1d/0x140 [ 414.094930][T10292] __x64_sys_write+0x7b/0x90 [ 414.099563][T10292] do_syscall_64+0xfe/0x140 [ 414.104109][T10292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 414.110045][T10292] RIP: 0033:0x459819 [ 414.113953][T10292] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 414.133985][T10292] RSP: 002b:00007f7f2c298c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 414.142425][T10292] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 414.150524][T10292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 414.158524][T10292] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 414.166623][T10292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f2c2996d4 [ 414.174618][T10292] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 414.182855][T10292] memory: usage 5084kB, limit 0kB, failcnt 115 [ 414.189261][T10292] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 414.196619][T10292] Memory cgroup stats for /syz5: [ 414.196906][T10292] anon 4370432 [ 414.196906][T10292] file 0 [ 414.196906][T10292] kernel_stack 65536 [ 414.196906][T10292] slab 684032 [ 414.196906][T10292] sock 0 [ 414.196906][T10292] shmem 0 [ 414.196906][T10292] file_mapped 0 [ 414.196906][T10292] file_dirty 0 [ 414.196906][T10292] file_writeback 0 [ 414.196906][T10292] anon_thp 4194304 [ 414.196906][T10292] inactive_anon 0 [ 414.196906][T10292] active_anon 4370432 [ 414.196906][T10292] inactive_file 0 [ 414.196906][T10292] active_file 0 [ 414.196906][T10292] unevictable 0 [ 414.196906][T10292] slab_reclaimable 270336 [ 414.196906][T10292] slab_unreclaimable 413696 [ 414.196906][T10292] pgfault 4224 [ 414.196906][T10292] pgmajfault 0 [ 414.196906][T10292] workingset_refault 0 [ 414.196906][T10292] workingset_activate 0 [ 414.196906][T10292] workingset_nodereclaim 0 [ 414.196906][T10292] pgrefill 0 [ 414.196906][T10292] pgscan 0 [ 414.196906][T10292] pgsteal 0 [ 414.196906][T10292] pgactivate 0 [ 414.291648][T10292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10291,uid=0 [ 414.307616][T10292] Memory cgroup out of memory: Killed process 10291 (syz-executor.5) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 414.325127][ T1061] oom_reaper: reaped process 10291 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 414.360653][T10295] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 414.371773][T10295] CPU: 1 PID: 10295 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 414.379424][T10295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 414.389500][T10295] Call Trace: [ 414.392806][T10295] dump_stack+0x1d8/0x2f8 [ 414.397158][T10295] dump_header+0xd8/0x970 [ 414.401520][T10295] oom_kill_process+0xcd/0x320 [ 414.406297][T10295] out_of_memory+0x5e1/0x8a0 [ 414.410920][T10295] ? unregister_oom_notifier+0x20/0x20 [ 414.416434][T10295] memory_max_write+0x537/0x6a0 [ 414.421309][T10295] ? memory_max_show+0xa0/0xa0 [ 414.426113][T10295] ? trace_lock_acquire+0x154/0x1b0 [ 414.431332][T10295] ? lock_acquire+0x158/0x250 [ 414.436026][T10295] ? kernfs_fop_write+0x22e/0x4f0 [ 414.441086][T10295] ? memory_max_show+0xa0/0xa0 [ 414.445872][T10295] cgroup_file_write+0x27b/0x6e0 [ 414.450837][T10295] ? cgroup_seqfile_stop+0xc0/0xc0 [ 414.455983][T10295] ? cgroup_seqfile_stop+0xc0/0xc0 [ 414.461289][T10295] kernfs_fop_write+0x3e4/0x4f0 [ 414.466193][T10295] ? kernfs_fop_read+0x580/0x580 [ 414.471156][T10295] __vfs_write+0xf9/0x7d0 [ 414.475502][T10295] ? retint_kernel+0x10/0x10 [ 414.480112][T10295] ? __kernel_write+0x350/0x350 [ 414.484981][T10295] ? rcu_irq_exit+0xe3/0x260 [ 414.489612][T10295] ? __sb_start_write+0x39c/0x440 [ 414.494656][T10295] vfs_write+0x275/0x590 [ 414.498922][T10295] ksys_write+0x16b/0x2a0 [ 414.503450][T10295] ? __ia32_sys_read+0x90/0x90 [ 414.508315][T10295] ? prepare_exit_to_usermode+0x1f7/0x580 [ 414.514058][T10295] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 414.519801][T10295] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 414.525284][T10295] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 414.531019][T10295] ? do_syscall_64+0x1d/0x140 [ 414.535721][T10295] __x64_sys_write+0x7b/0x90 [ 414.540328][T10295] do_syscall_64+0xfe/0x140 [ 414.544851][T10295] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 414.550759][T10295] RIP: 0033:0x459819 [ 414.554660][T10295] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 414.574287][T10295] RSP: 002b:00007f13573cec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 414.583156][T10295] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 414.591236][T10295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 414.599401][T10295] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 414.607502][T10295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13573cf6d4 [ 414.615494][T10295] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 414.643147][T10295] memory: usage 5116kB, limit 0kB, failcnt 75 [ 414.649542][T10295] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 414.656584][T10295] Memory cgroup stats for /syz3: [ 414.657752][T10295] anon 4251648 [ 414.657752][T10295] file 12288 [ 414.657752][T10295] kernel_stack 65536 [ 414.657752][T10295] slab 1036288 [ 414.657752][T10295] sock 0 [ 414.657752][T10295] shmem 8192 [ 414.657752][T10295] file_mapped 0 [ 414.657752][T10295] file_dirty 0 [ 414.657752][T10295] file_writeback 0 [ 414.657752][T10295] anon_thp 4194304 [ 414.657752][T10295] inactive_anon 0 [ 414.657752][T10295] active_anon 4251648 [ 414.657752][T10295] inactive_file 0 [ 414.657752][T10295] active_file 0 [ 414.657752][T10295] unevictable 0 [ 414.657752][T10295] slab_reclaimable 405504 [ 414.657752][T10295] slab_unreclaimable 630784 [ 414.657752][T10295] pgfault 6105 [ 414.657752][T10295] pgmajfault 0 [ 414.657752][T10295] workingset_refault 0 [ 414.657752][T10295] workingset_activate 0 [ 414.657752][T10295] workingset_nodereclaim 0 [ 414.657752][T10295] pgrefill 0 [ 414.657752][T10295] pgscan 0 [ 414.657752][T10295] pgsteal 0 [ 414.657752][T10295] pgactivate 0 [ 414.752371][T10295] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10294,uid=0 [ 414.767933][T10295] Memory cgroup out of memory: Killed process 10294 (syz-executor.3) total-vm:72576kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB [ 414.797128][ T1061] oom_reaper: reaped process 10294 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 414.993558][T10279] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 415.003719][T10279] CPU: 0 PID: 10279 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 415.011374][T10279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.021453][T10279] Call Trace: [ 415.024784][T10279] dump_stack+0x1d8/0x2f8 [ 415.029163][T10279] dump_header+0xd8/0x970 [ 415.034041][T10279] oom_kill_process+0xcd/0x320 [ 415.038830][T10279] out_of_memory+0x5e1/0x8a0 [ 415.043438][T10279] ? unregister_oom_notifier+0x20/0x20 [ 415.048918][T10279] ? __kasan_check_read+0x11/0x20 [ 415.053964][T10279] try_charge+0x134a/0x17b0 [ 415.058493][T10279] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 415.064318][T10279] ? __lock_acquire+0x4750/0x4750 [ 415.069350][T10279] ? rcu_lock_release+0x15/0x20 [ 415.074208][T10279] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 415.079776][T10279] mem_cgroup_try_charge+0x216/0x560 [ 415.085086][T10279] mem_cgroup_try_charge_delay+0x25/0xa0 [ 415.090821][T10279] wp_page_copy+0x367/0x18c0 [ 415.095517][T10279] ? rcu_lock_release+0x30/0x30 [ 415.100391][T10279] ? __lock_acquire+0x4750/0x4750 [ 415.105422][T10279] ? __kasan_check_read+0x11/0x20 [ 415.110454][T10279] ? do_raw_spin_unlock+0x49/0x260 [ 415.115580][T10279] do_wp_page+0x2c9/0x1ce0 [ 415.120016][T10279] ? __rwlock_init+0x130/0x130 [ 415.124792][T10279] ? count_memcg_event_mm+0x300/0x300 [ 415.130181][T10279] handle_mm_fault+0x2bcf/0x6080 [ 415.135147][T10279] ? finish_fault+0x230/0x230 [ 415.141031][T10279] ? vmacache_find+0x251/0x5b0 [ 415.145814][T10279] do_user_addr_fault+0x589/0xaf0 [ 415.150943][T10279] __do_page_fault+0xd3/0x1f0 [ 415.155627][T10279] do_page_fault+0x99/0xb0 [ 415.160136][T10279] page_fault+0x39/0x40 [ 415.164291][T10279] RIP: 0033:0x403442 [ 415.168193][T10279] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 415.187933][T10279] RSP: 002b:00007ffe158f6b20 EFLAGS: 00010246 [ 415.194021][T10279] RAX: 0000000000000000 RBX: 00000000000654e3 RCX: 0000000000413420 [ 415.202531][T10279] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe158f7c50 [ 415.210526][T10279] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556422940 [ 415.218615][T10279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe158f7c50 [ 415.226606][T10279] R13: 00007ffe158f7c40 R14: 0000000000000000 R15: 00007ffe158f7c50 [ 415.235440][T10279] memory: usage 736kB, limit 0kB, failcnt 87 [ 415.241450][T10279] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 415.248448][T10279] Memory cgroup stats for /syz3: [ 415.248522][T10279] anon 32768 [ 415.248522][T10279] file 12288 [ 415.248522][T10279] kernel_stack 65536 [ 415.248522][T10279] slab 1036288 [ 415.248522][T10279] sock 0 [ 415.248522][T10279] shmem 8192 [ 415.248522][T10279] file_mapped 0 [ 415.248522][T10279] file_dirty 0 [ 415.248522][T10279] file_writeback 0 [ 415.248522][T10279] anon_thp 0 [ 415.248522][T10279] inactive_anon 0 [ 415.248522][T10279] active_anon 32768 [ 415.248522][T10279] inactive_file 0 [ 415.248522][T10279] active_file 0 [ 415.248522][T10279] unevictable 0 [ 415.248522][T10279] slab_reclaimable 405504 [ 415.248522][T10279] slab_unreclaimable 630784 [ 415.248522][T10279] pgfault 6105 [ 415.248522][T10279] pgmajfault 0 [ 415.248522][T10279] workingset_refault 0 [ 415.248522][T10279] workingset_activate 0 [ 415.248522][T10279] workingset_nodereclaim 0 [ 415.248522][T10279] pgrefill 0 [ 415.248522][T10279] pgscan 0 [ 415.248522][T10279] pgsteal 0 [ 415.248522][T10279] pgactivate 0 [ 415.342145][T10279] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10279,uid=0 [ 415.357628][T10279] Memory cgroup out of memory: Killed process 10279 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 415.372808][ T1061] oom_reaper: reaped process 10279 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:59:29 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:29 executing program 0: sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, 0x0, 0x0) modify_ldt$write(0x1, &(0x7f0000000680)={0x20, 0x0, 0x400, 0x0, 0x0, 0x0, 0xa7e9, 0x0, 0x1eb, 0x8}, 0x10) syz_open_dev$video(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4040090) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) syz_open_dev$vcsa(0x0, 0x1ffe1917, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0xffffffffffffff3d}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bcsh0\x00', 0x21}) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000440)) sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80400080}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)=@ipv6_delrule={0x70, 0x21, 0x300, 0x70bd28, 0x25dfdbfb, {0xa, 0x0, 0x94, 0x0, 0x9, 0x0, 0x0, 0x4, 0x2}, [@FRA_SRC={0x14, 0x2, @loopback}, @FRA_DST={0x14, 0x1, @mcast1}, @FRA_SRC={0x14, 0x2, @mcast2}, @FRA_DST={0x14, 0x1, @rand_addr="7b3f15ef9459289f0784230fb76fe636"}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0xc044) getdents(r1, &(0x7f0000000040)=""/46, 0x2e) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000100), 0x1) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x84, 0x0, 0x0, 0x0, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5b8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x6, 0x10}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x6}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0xc}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x84}}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') write$capi20_data(r0, 0x0, 0xfffffffffffffd90) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) 10:59:29 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:29 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x18) 10:59:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:29 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 415.425200][T10275] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 415.435324][T10275] CPU: 0 PID: 10275 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 415.443066][T10275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.453127][T10275] Call Trace: [ 415.456433][T10275] dump_stack+0x1d8/0x2f8 [ 415.460782][T10275] dump_header+0xd8/0x970 [ 415.465138][T10275] oom_kill_process+0xcd/0x320 [ 415.469924][T10275] out_of_memory+0x5e1/0x8a0 [ 415.474542][T10275] ? unregister_oom_notifier+0x20/0x20 [ 415.480111][T10275] ? __kasan_check_read+0x11/0x20 [ 415.485173][T10275] try_charge+0x134a/0x17b0 [ 415.489724][T10275] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 415.495578][T10275] ? __lock_acquire+0x4750/0x4750 [ 415.500642][T10275] ? rcu_lock_release+0x15/0x20 [ 415.505526][T10275] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 415.511116][T10275] mem_cgroup_try_charge+0x216/0x560 [ 415.516427][T10275] mem_cgroup_try_charge_delay+0x25/0xa0 [ 415.522088][T10275] wp_page_copy+0x367/0x18c0 [ 415.526833][T10275] ? rcu_lock_release+0x30/0x30 [ 415.531791][T10275] ? __lock_acquire+0x4750/0x4750 [ 415.536855][T10275] ? __kasan_check_read+0x11/0x20 [ 415.541909][T10275] ? do_raw_spin_unlock+0x49/0x260 [ 415.547048][T10275] do_wp_page+0x2c9/0x1ce0 [ 415.551494][T10275] ? __rwlock_init+0x130/0x130 [ 415.556282][T10275] ? count_memcg_event_mm+0x300/0x300 [ 415.561675][T10275] handle_mm_fault+0x2bcf/0x6080 [ 415.566655][T10275] ? finish_fault+0x230/0x230 [ 415.571364][T10275] ? vmacache_find+0x251/0x5b0 [ 415.576156][T10275] do_user_addr_fault+0x589/0xaf0 [ 415.581207][T10275] __do_page_fault+0xd3/0x1f0 [ 415.585907][T10275] do_page_fault+0x99/0xb0 [ 415.590337][T10275] page_fault+0x39/0x40 [ 415.594501][T10275] RIP: 0033:0x403442 [ 415.598410][T10275] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 415.618107][T10275] RSP: 002b:00007ffc7836ae00 EFLAGS: 00010246 [ 415.624197][T10275] RAX: 0000000000000000 RBX: 00000000000650cb RCX: 0000000000413420 [ 415.632187][T10275] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc7836bf30 [ 415.640177][T10275] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555561fd940 [ 415.648366][T10275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc7836bf30 [ 415.656449][T10275] R13: 00007ffc7836bf20 R14: 0000000000000000 R15: 00007ffc7836bf30 [ 415.664565][T10275] memory: usage 704kB, limit 0kB, failcnt 123 [ 415.670657][T10275] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 415.677585][T10275] Memory cgroup stats for /syz5: [ 415.677666][T10275] anon 53248 [ 415.677666][T10275] file 0 [ 415.677666][T10275] kernel_stack 65536 [ 415.677666][T10275] slab 684032 [ 415.677666][T10275] sock 0 [ 415.677666][T10275] shmem 0 [ 415.677666][T10275] file_mapped 0 [ 415.677666][T10275] file_dirty 0 [ 415.677666][T10275] file_writeback 0 [ 415.677666][T10275] anon_thp 0 [ 415.677666][T10275] inactive_anon 0 [ 415.677666][T10275] active_anon 53248 [ 415.677666][T10275] inactive_file 0 [ 415.677666][T10275] active_file 0 [ 415.677666][T10275] unevictable 0 [ 415.677666][T10275] slab_reclaimable 270336 [ 415.677666][T10275] slab_unreclaimable 413696 [ 415.677666][T10275] pgfault 4224 [ 415.677666][T10275] pgmajfault 0 [ 415.677666][T10275] workingset_refault 0 [ 415.677666][T10275] workingset_activate 0 [ 415.677666][T10275] workingset_nodereclaim 0 [ 415.677666][T10275] pgrefill 0 [ 415.677666][T10275] pgscan 0 [ 415.677666][T10275] pgsteal 0 [ 415.677666][T10275] pgactivate 0 [ 415.677666][T10275] pgdeactivate 0 [ 415.773913][T10275] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10275,uid=0 [ 415.789710][T10275] Memory cgroup out of memory: Killed process 10275 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 415.803996][ T1061] oom_reaper: reaped process 10275 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:59:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000003060d01ff0488fffdffff57ffccad000c000100060d00007d5500010c00020000ff002201f6f000"], 0x2c}}, 0x0) [ 415.903425][T10309] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 10:59:29 executing program 1: bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = epoll_create(0xe) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)) epoll_wait(r2, &(0x7f0000000080)=[{}], 0x1, 0x1ff) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000040)) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, 0x0) 10:59:30 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:30 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:59:30 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:30 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:30 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 10:59:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000240)="11dca5055e0bcfe47bf070") unshare(0x400) fcntl$getflags(r0, 0x401) 10:59:30 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:59:30 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 417.430695][T10342] IPVS: ftp: loaded support on port[0] = 21 [ 417.612334][T10342] chnl_net:caif_netlink_parms(): no params data found [ 417.643814][T10342] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.651045][T10342] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.659337][T10342] device bridge_slave_0 entered promiscuous mode [ 417.667108][T10342] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.674637][T10342] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.682315][T10342] device bridge_slave_1 entered promiscuous mode [ 417.701080][T10342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.712793][T10342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.732538][T10342] team0: Port device team_slave_0 added [ 417.739959][T10342] team0: Port device team_slave_1 added [ 417.786042][T10342] device hsr_slave_0 entered promiscuous mode [ 417.824760][T10342] device hsr_slave_1 entered promiscuous mode [ 417.881732][T10342] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.889031][T10342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 417.896477][T10342] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.903592][T10342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.950522][T10342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.965493][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 417.973586][ T9472] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.982474][ T9472] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.994760][T10342] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.005048][ T9606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 418.013546][ T9606] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.020776][ T9606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 418.031718][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 418.040631][ T8255] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.048274][ T8255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.065039][ T9620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 418.074162][ T9620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 418.092370][T10342] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 418.102891][T10342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 418.115651][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 418.124360][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 418.132758][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 418.142015][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 418.161439][T10342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.297241][T10350] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 418.309106][T10350] CPU: 0 PID: 10350 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 418.316787][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.326874][T10350] Call Trace: [ 418.330227][T10350] dump_stack+0x1d8/0x2f8 [ 418.334618][T10350] dump_header+0xd8/0x970 [ 418.338995][T10350] oom_kill_process+0xcd/0x320 [ 418.343804][T10350] out_of_memory+0x5e1/0x8a0 [ 418.348405][T10350] ? unregister_oom_notifier+0x20/0x20 [ 418.353899][T10350] memory_max_write+0x537/0x6a0 [ 418.358797][T10350] ? memory_max_show+0xa0/0xa0 [ 418.363587][T10350] ? trace_lock_acquire+0x154/0x1b0 [ 418.368819][T10350] ? lock_acquire+0x158/0x250 [ 418.373522][T10350] ? kernfs_fop_write+0x22e/0x4f0 [ 418.378598][T10350] ? memory_max_show+0xa0/0xa0 [ 418.383473][T10350] cgroup_file_write+0x27b/0x6e0 [ 418.388510][T10350] ? cgroup_seqfile_stop+0xc0/0xc0 [ 418.393659][T10350] ? cgroup_seqfile_stop+0xc0/0xc0 [ 418.398906][T10350] kernfs_fop_write+0x3e4/0x4f0 [ 418.403780][T10350] ? kernfs_fop_read+0x580/0x580 [ 418.408730][T10350] __vfs_write+0xf9/0x7d0 [ 418.413065][T10350] ? retint_kernel+0x10/0x10 [ 418.417690][T10350] ? __kernel_write+0x350/0x350 [ 418.422563][T10350] ? rcu_is_watching+0x30/0x70 [ 418.427386][T10350] ? __sb_start_write+0x39c/0x440 [ 418.432447][T10350] ? __kasan_check_read+0x11/0x20 [ 418.437538][T10350] vfs_write+0x275/0x590 [ 418.441811][T10350] ksys_write+0x16b/0x2a0 [ 418.446699][T10350] ? __ia32_sys_read+0x90/0x90 [ 418.451560][T10350] ? retint_kernel+0x10/0x10 [ 418.456182][T10350] __x64_sys_write+0x7b/0x90 [ 418.460807][T10350] do_syscall_64+0xfe/0x140 [ 418.465347][T10350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 418.471270][T10350] RIP: 0033:0x459819 [ 418.475198][T10350] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 418.495259][T10350] RSP: 002b:00007f0c79056c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 418.503734][T10350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 418.511724][T10350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 418.519796][T10350] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 418.528049][T10350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c790576d4 [ 418.536121][T10350] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 418.544363][T10350] memory: usage 5212kB, limit 0kB, failcnt 450182 [ 418.550916][T10350] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 418.558030][T10350] Memory cgroup stats for /syz2: [ 418.558658][T10350] anon 4255744 [ 418.558658][T10350] file 0 [ 418.558658][T10350] kernel_stack 65536 [ 418.558658][T10350] slab 684032 [ 418.558658][T10350] sock 0 [ 418.558658][T10350] shmem 0 [ 418.558658][T10350] file_mapped 0 [ 418.558658][T10350] file_dirty 0 [ 418.558658][T10350] file_writeback 0 [ 418.558658][T10350] anon_thp 4194304 [ 418.558658][T10350] inactive_anon 0 [ 418.558658][T10350] active_anon 4255744 [ 418.558658][T10350] inactive_file 0 [ 418.558658][T10350] active_file 0 [ 418.558658][T10350] unevictable 0 [ 418.558658][T10350] slab_reclaimable 135168 [ 418.558658][T10350] slab_unreclaimable 548864 [ 418.558658][T10350] pgfault 1551 [ 418.558658][T10350] pgmajfault 0 [ 418.558658][T10350] workingset_refault 0 [ 418.558658][T10350] workingset_activate 0 [ 418.558658][T10350] workingset_nodereclaim 0 [ 418.558658][T10350] pgrefill 0 [ 418.558658][T10350] pgscan 0 [ 418.558658][T10350] pgsteal 0 [ 418.558658][T10350] pgactivate 0 [ 418.654128][T10350] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10349,uid=0 [ 418.670077][T10350] Memory cgroup out of memory: Killed process 10349 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 418.690457][ T1061] oom_reaper: reaped process 10349 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 418.743165][T10352] IPVS: ftp: loaded support on port[0] = 21 [ 419.050278][T10342] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 419.060311][T10342] CPU: 0 PID: 10342 Comm: syz-executor.2 Not tainted 5.2.0+ #37 [ 419.067966][T10342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 419.078039][T10342] Call Trace: [ 419.081357][T10342] dump_stack+0x1d8/0x2f8 [ 419.085795][T10342] dump_header+0xd8/0x970 [ 419.090148][T10342] oom_kill_process+0xcd/0x320 [ 419.094929][T10342] out_of_memory+0x5e1/0x8a0 [ 419.099535][T10342] ? unregister_oom_notifier+0x20/0x20 [ 419.105013][T10342] ? __kasan_check_read+0x11/0x20 [ 419.110101][T10342] try_charge+0x134a/0x17b0 [ 419.114644][T10342] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 419.120474][T10342] ? __lock_acquire+0x4750/0x4750 [ 419.125785][T10342] ? rcu_lock_release+0x15/0x20 [ 419.130666][T10342] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 419.136236][T10342] mem_cgroup_try_charge+0x216/0x560 [ 419.142811][T10342] mem_cgroup_try_charge_delay+0x25/0xa0 [ 419.148456][T10342] handle_mm_fault+0x31f3/0x6080 [ 419.153415][T10342] ? finish_fault+0x230/0x230 [ 419.158108][T10342] ? vmacache_find+0x566/0x5b0 [ 419.162979][T10342] ? vmacache_update+0xb7/0x120 [ 419.167944][T10342] do_user_addr_fault+0x589/0xaf0 [ 419.173108][T10342] __do_page_fault+0xd3/0x1f0 [ 419.177892][T10342] do_page_fault+0x99/0xb0 [ 419.182317][T10342] page_fault+0x39/0x40 [ 419.186477][T10342] RIP: 0033:0x403442 [ 419.190375][T10342] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 f9 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 19 43 05 00 48 [ 419.210098][T10342] RSP: 002b:00007fff73e2bf40 EFLAGS: 00010246 [ 419.216180][T10342] RAX: 0000000000000000 RBX: 00000000000661cc RCX: 0000000000413420 [ 419.224694][T10342] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff73e2d070 [ 419.232695][T10342] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555718e940 [ 419.241814][T10342] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff73e2d070 [ 419.249808][T10342] R13: 00007fff73e2d060 R14: 0000000000000000 R15: 00007fff73e2d070 [ 419.259258][T10342] memory: usage 832kB, limit 0kB, failcnt 450190 [ 419.265667][T10342] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 419.272739][T10342] Memory cgroup stats for /syz2: [ 419.272845][T10342] anon 57344 [ 419.272845][T10342] file 0 [ 419.272845][T10342] kernel_stack 65536 [ 419.272845][T10342] slab 684032 [ 419.272845][T10342] sock 0 [ 419.272845][T10342] shmem 0 [ 419.272845][T10342] file_mapped 0 [ 419.272845][T10342] file_dirty 0 [ 419.272845][T10342] file_writeback 0 [ 419.272845][T10342] anon_thp 0 [ 419.272845][T10342] inactive_anon 0 [ 419.272845][T10342] active_anon 57344 [ 419.272845][T10342] inactive_file 0 [ 419.272845][T10342] active_file 0 [ 419.272845][T10342] unevictable 0 [ 419.272845][T10342] slab_reclaimable 135168 [ 419.272845][T10342] slab_unreclaimable 548864 [ 419.272845][T10342] pgfault 1551 [ 419.272845][T10342] pgmajfault 0 [ 419.272845][T10342] workingset_refault 0 [ 419.272845][T10342] workingset_activate 0 [ 419.272845][T10342] workingset_nodereclaim 0 [ 419.272845][T10342] pgrefill 0 [ 419.272845][T10342] pgscan 0 [ 419.272845][T10342] pgsteal 0 [ 419.272845][T10342] pgactivate 0 [ 419.272845][T10342] pgdeactivate 0 [ 419.369410][T10342] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10342,uid=0 [ 419.385020][T10342] Memory cgroup out of memory: Killed process 10342 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB 10:59:32 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:32 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:59:32 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000000)={0x0, 0x0, 0x0, {}, {}, @ramp}) 10:59:32 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) [ 419.399334][ T1061] oom_reaper: reaped process 10342 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 10:59:33 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000240)="11dca5055e0bcfe47bf070") unshare(0x400) fcntl$getflags(r0, 0x408) 10:59:33 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:59:33 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:59:33 executing program 1: ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) [ 419.889878][T10352] chnl_net:caif_netlink_parms(): no params data found 10:59:33 executing program 1: ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) 10:59:33 executing program 1: ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) [ 421.143312][T10352] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.150981][T10352] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.158979][T10352] device bridge_slave_0 entered promiscuous mode [ 421.412699][T10352] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.419995][T10352] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.429881][T10352] device bridge_slave_1 entered promiscuous mode [ 421.450156][T10352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.461711][T10352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.476840][T10388] IPVS: ftp: loaded support on port[0] = 21 [ 421.491638][T10352] team0: Port device team_slave_0 added [ 421.695226][T10352] team0: Port device team_slave_1 added [ 421.757474][T10352] device hsr_slave_0 entered promiscuous mode [ 421.794511][T10352] device hsr_slave_1 entered promiscuous mode [ 421.834283][T10352] debugfs: Directory 'hsr0' with parent '/' already present! [ 422.067024][T10352] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.074201][T10352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 422.081615][T10352] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.089223][T10352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 422.345566][ T2620] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.353455][ T2620] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.587121][T10388] chnl_net:caif_netlink_parms(): no params data found [ 422.621795][T10352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 422.838407][T10388] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.846353][T10388] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.854146][T10388] device bridge_slave_0 entered promiscuous mode [ 422.862699][T10388] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.870255][T10388] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.887469][T10388] device bridge_slave_1 entered promiscuous mode [ 422.909050][T10388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.129466][T10388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 423.145127][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 423.152959][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 423.170599][T10352] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.185773][T10388] team0: Port device team_slave_0 added [ 423.192559][ T280] device bridge_slave_1 left promiscuous mode [ 423.198976][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.245238][ T280] device bridge_slave_0 left promiscuous mode [ 423.251451][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.296721][ T280] device bridge_slave_1 left promiscuous mode [ 423.302989][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.335869][ T280] device bridge_slave_0 left promiscuous mode [ 423.342081][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.385643][ T280] device bridge_slave_1 left promiscuous mode [ 423.391869][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.435090][ T280] device bridge_slave_0 left promiscuous mode [ 423.441315][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.895088][ T280] device hsr_slave_0 left promiscuous mode [ 428.934869][ T280] device hsr_slave_1 left promiscuous mode [ 428.984044][ T280] team0 (unregistering): Port device team_slave_1 removed [ 428.995996][ T280] team0 (unregistering): Port device team_slave_0 removed [ 429.007465][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.048031][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.127785][ T280] bond0 (unregistering): Released all slaves [ 429.264755][ T280] device hsr_slave_0 left promiscuous mode [ 429.304723][ T280] device hsr_slave_1 left promiscuous mode [ 429.351778][ T280] team0 (unregistering): Port device team_slave_1 removed [ 429.366832][ T280] team0 (unregistering): Port device team_slave_0 removed [ 429.378099][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.410668][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.485340][ T280] bond0 (unregistering): Released all slaves [ 429.615197][ T280] device hsr_slave_0 left promiscuous mode [ 429.654863][ T280] device hsr_slave_1 left promiscuous mode [ 429.704231][ T280] team0 (unregistering): Port device team_slave_1 removed [ 429.716874][ T280] team0 (unregistering): Port device team_slave_0 removed [ 429.727627][ T280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.769063][ T280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.834784][ T280] bond0 (unregistering): Released all slaves [ 429.930691][T10388] team0: Port device team_slave_1 added [ 429.951279][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 429.961604][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 429.970375][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.977517][ T8256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 429.992827][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 430.002532][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 430.011122][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.018419][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.037464][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 430.096263][T10388] device hsr_slave_0 entered promiscuous mode [ 430.135059][T10388] device hsr_slave_1 entered promiscuous mode [ 430.174293][T10388] debugfs: Directory 'hsr0' with parent '/' already present! [ 430.184433][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 430.214532][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 430.223303][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 430.232512][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 430.251390][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 430.260409][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 430.276156][T10352] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 430.287063][T10352] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 430.299997][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 430.308806][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 430.317484][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 430.326127][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 430.345502][ T8256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 430.361326][T10352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.372652][T10388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 430.387443][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 430.395434][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 430.409596][T10388] 8021q: adding VLAN 0 to HW filter on device team0 [ 430.420113][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 430.429200][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 430.437860][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.445188][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 430.455649][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 430.507722][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 430.517287][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 430.525836][ T9471] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.532933][ T9471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.625173][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 430.634609][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 430.643483][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 430.652419][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 430.661154][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 430.670052][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 430.697396][T10388] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 430.709814][T10388] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 430.740380][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 430.748707][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 430.757368][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 430.766100][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 430.775954][ T9471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 430.796786][T10388] 8021q: adding VLAN 0 to HW filter on device batadv0 10:59:44 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 10:59:44 executing program 1: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) [ 431.096750][T10403] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 431.111117][T10403] CPU: 0 PID: 10403 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 431.119004][T10403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.129098][T10403] Call Trace: [ 431.132437][T10403] dump_stack+0x1d8/0x2f8 [ 431.136805][T10403] dump_header+0xd8/0x970 [ 431.142556][T10403] oom_kill_process+0xcd/0x320 [ 431.147362][T10403] out_of_memory+0x5e1/0x8a0 [ 431.151997][T10403] ? unregister_oom_notifier+0x20/0x20 [ 431.157507][T10403] memory_max_write+0x537/0x6a0 [ 431.162419][T10403] ? memory_max_show+0xa0/0xa0 [ 431.167244][T10403] ? memory_max_show+0xa0/0xa0 [ 431.172160][T10403] cgroup_file_write+0x27b/0x6e0 [ 431.177240][T10403] ? cgroup_seqfile_stop+0xc0/0xc0 [ 431.182406][T10403] ? cgroup_seqfile_stop+0xc0/0xc0 [ 431.187575][T10403] kernfs_fop_write+0x3e4/0x4f0 [ 431.192478][T10403] ? kernfs_fop_read+0x580/0x580 [ 431.197459][T10403] __vfs_write+0xf9/0x7d0 [ 431.201828][T10403] ? retint_kernel+0x10/0x10 [ 431.206471][T10403] ? __kernel_write+0x350/0x350 [ 431.211356][T10403] ? rcu_irq_exit+0xe3/0x260 [ 431.215996][T10403] ? retint_kernel+0x10/0x10 [ 431.220646][T10403] ? __sb_start_write+0x286/0x440 [ 431.225727][T10403] ? __sb_start_write+0x38a/0x440 [ 431.230788][T10403] ? __sb_start_write+0x39c/0x440 [ 431.235859][T10403] vfs_write+0x275/0x590 [ 431.240154][T10403] ksys_write+0x16b/0x2a0 [ 431.244524][T10403] ? __ia32_sys_read+0x90/0x90 [ 431.249322][T10403] ? prepare_exit_to_usermode+0x1f7/0x580 [ 431.255081][T10403] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 431.260849][T10403] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 431.266346][T10403] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 431.272138][T10403] ? do_syscall_64+0x1d/0x140 [ 431.276861][T10403] __x64_sys_write+0x7b/0x90 [ 431.281577][T10403] do_syscall_64+0xfe/0x140 [ 431.286111][T10403] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 431.292035][T10403] RIP: 0033:0x459819 [ 431.295963][T10403] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 431.315596][T10403] RSP: 002b:00007f6dd2febc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 431.324127][T10403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 431.332132][T10403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 431.340149][T10403] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 431.348497][T10403] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6dd2fec6d4 [ 431.356498][T10403] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 431.364692][T10403] memory: usage 5080kB, limit 0kB, failcnt 88 [ 431.370866][T10403] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 431.377947][T10403] Memory cgroup stats for /syz3: [ 431.378651][T10403] anon 4370432 [ 431.378651][T10403] file 12288 [ 431.378651][T10403] kernel_stack 65536 [ 431.378651][T10403] slab 901120 [ 431.378651][T10403] sock 0 [ 431.378651][T10403] shmem 8192 [ 431.378651][T10403] file_mapped 0 [ 431.378651][T10403] file_dirty 0 [ 431.378651][T10403] file_writeback 0 [ 431.378651][T10403] anon_thp 4194304 [ 431.378651][T10403] inactive_anon 0 [ 431.378651][T10403] active_anon 4370432 [ 431.378651][T10403] inactive_file 0 [ 431.378651][T10403] active_file 0 [ 431.378651][T10403] unevictable 0 [ 431.378651][T10403] slab_reclaimable 405504 [ 431.378651][T10403] slab_unreclaimable 495616 [ 431.378651][T10403] pgfault 6171 [ 431.378651][T10403] pgmajfault 0 [ 431.378651][T10403] workingset_refault 0 [ 431.378651][T10403] workingset_activate 0 [ 431.378651][T10403] workingset_nodereclaim 0 [ 431.378651][T10403] pgrefill 0 [ 431.378651][T10403] pgscan 0 [ 431.378651][T10403] pgsteal 0 [ 431.378651][T10403] pgactivate 0 [ 431.473391][T10403] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10402,uid=0 [ 431.489586][T10403] Memory cgroup out of memory: Killed process 10402 (syz-executor.3) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB [ 431.509313][ T1061] oom_reaper: reaped process 10402 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:59:45 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:45 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:45 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 10:59:45 executing program 1: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:59:45 executing program 0: stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r0 = gettid() openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000001280)={0x0, 0x4000000000000012, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) setitimer(0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) getsockopt$inet6_int(r1, 0x29, 0x0, &(0x7f0000000180), &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 10:59:45 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x2, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 431.683059][T10388] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 431.693140][T10388] CPU: 0 PID: 10388 Comm: syz-executor.3 Not tainted 5.2.0+ #37 [ 431.700816][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.710886][T10388] Call Trace: [ 431.714199][T10388] dump_stack+0x1d8/0x2f8 [ 431.718582][T10388] dump_header+0xd8/0x970 [ 431.723132][T10388] oom_kill_process+0xcd/0x320 [ 431.727917][T10388] out_of_memory+0x5e1/0x8a0 [ 431.732536][T10388] ? unregister_oom_notifier+0x20/0x20 [ 431.738031][T10388] ? __kasan_check_read+0x11/0x20 [ 431.743100][T10388] try_charge+0x134a/0x17b0 [ 431.747664][T10388] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 431.753528][T10388] ? __lock_acquire+0x4750/0x4750 [ 431.758608][T10388] ? rcu_lock_release+0x15/0x20 [ 431.763485][T10388] ? get_mem_cgroup_from_mm+0x15e/0x170 [ 431.769089][T10388] mem_cgroup_try_charge+0x216/0x560 [ 431.774413][T10388] mem_cgroup_try_charge_delay+0x25/0xa0 [ 431.780085][T10388] wp_page_copy+0x367/0x18c0 [ 431.784717][T10388] ? rcu_lock_release+0x30/0x30 [ 431.789592][T10388] ? __lock_acquire+0x4750/0x4750 [ 431.794653][T10388] ? __kasan_check_read+0x11/0x20 [ 431.799908][T10388] ? do_raw_spin_unlock+0x49/0x260 [ 431.805050][T10388] do_wp_page+0x2c9/0x1ce0 [ 431.809498][T10388] ? __rwlock_init+0x130/0x130 [ 431.814289][T10388] ? count_memcg_event_mm+0x300/0x300 [ 431.819703][T10388] handle_mm_fault+0x2bcf/0x6080 [ 431.824727][T10388] ? finish_fault+0x230/0x230 [ 431.829535][T10388] ? vmacache_find+0x251/0x5b0 [ 431.834330][T10388] do_user_addr_fault+0x589/0xaf0 [ 431.839394][T10388] __do_page_fault+0xd3/0x1f0 [ 431.844097][T10388] do_page_fault+0x99/0xb0 [ 431.848553][T10388] page_fault+0x39/0x40 [ 431.852728][T10388] RIP: 0033:0x4308f6 [ 431.856631][T10388] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 6c 46 64 00 85 c0 0f 84 [ 431.876254][T10388] RSP: 002b:00007ffe4e208910 EFLAGS: 00010206 [ 431.882441][T10388] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 431.890436][T10388] RDX: 000055555598c930 RSI: 0000555555994970 RDI: 0000000000000003 [ 431.898436][T10388] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555598b940 [ 431.906430][T10388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 431.914425][T10388] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 431.923159][T10388] memory: usage 696kB, limit 0kB, failcnt 96 [ 431.929491][T10388] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 431.936407][T10388] Memory cgroup stats for /syz3: [ 431.936527][T10388] anon 57344 [ 431.936527][T10388] file 12288 [ 431.936527][T10388] kernel_stack 0 [ 431.936527][T10388] slab 901120 [ 431.936527][T10388] sock 0 [ 431.936527][T10388] shmem 8192 [ 431.936527][T10388] file_mapped 0 [ 431.936527][T10388] file_dirty 0 [ 431.936527][T10388] file_writeback 0 [ 431.936527][T10388] anon_thp 0 [ 431.936527][T10388] inactive_anon 0 [ 431.936527][T10388] active_anon 57344 [ 431.936527][T10388] inactive_file 0 [ 431.936527][T10388] active_file 0 [ 431.936527][T10388] unevictable 0 [ 431.936527][T10388] slab_reclaimable 405504 [ 431.936527][T10388] slab_unreclaimable 495616 [ 431.936527][T10388] pgfault 6171 [ 431.936527][T10388] pgmajfault 0 [ 431.936527][T10388] workingset_refault 0 [ 431.936527][T10388] workingset_activate 0 [ 431.936527][T10388] workingset_nodereclaim 0 [ 431.936527][T10388] pgrefill 0 [ 431.936527][T10388] pgscan 0 [ 431.936527][T10388] pgsteal 0 [ 431.936527][T10388] pgactivate 0 [ 431.936527][T10388] pgdeactivate 0 [ 432.028360][T10424] syz-executor.0 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 432.033090][T10388] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10388,uid=0 [ 432.059313][T10388] Memory cgroup out of memory: Killed process 10388 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 432.073979][ T1061] oom_reaper: reaped process 10388 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 432.085614][T10422] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 432.096118][T10422] CPU: 1 PID: 10422 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 432.103773][T10422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.113946][T10422] Call Trace: [ 432.117279][T10422] dump_stack+0x1d8/0x2f8 [ 432.121641][T10422] dump_header+0xd8/0x970 [ 432.125999][T10422] oom_kill_process+0xcd/0x320 [ 432.130796][T10422] out_of_memory+0x5e1/0x8a0 [ 432.135408][T10422] ? unregister_oom_notifier+0x20/0x20 [ 432.140898][T10422] ? trace_hardirqs_on+0x74/0x80 [ 432.145864][T10422] memory_max_write+0x537/0x6a0 [ 432.150756][T10422] ? memory_max_show+0xa0/0xa0 [ 432.155563][T10422] ? trace_lock_acquire+0x154/0x1b0 [ 432.160773][T10422] ? lock_acquire+0x158/0x250 [ 432.165549][T10422] ? kernfs_fop_write+0x22e/0x4f0 [ 432.170593][T10422] ? memory_max_show+0xa0/0xa0 [ 432.175367][T10422] cgroup_file_write+0x27b/0x6e0 [ 432.180315][T10422] ? cgroup_seqfile_stop+0xc0/0xc0 [ 432.185452][T10422] ? cgroup_seqfile_stop+0xc0/0xc0 [ 432.190750][T10422] kernfs_fop_write+0x3e4/0x4f0 [ 432.195614][T10422] ? kernfs_fop_read+0x580/0x580 [ 432.200563][T10422] __vfs_write+0xf9/0x7d0 [ 432.204909][T10422] ? __lock_acquire+0x4750/0x4750 [ 432.209952][T10422] ? __kernel_write+0x350/0x350 [ 432.214815][T10422] ? trace_lock_acquire+0x154/0x1b0 [ 432.220046][T10422] ? __sb_start_write+0x39c/0x440 [ 432.225079][T10422] vfs_write+0x275/0x590 [ 432.229339][T10422] ksys_write+0x16b/0x2a0 [ 432.233703][T10422] ? __ia32_sys_read+0x90/0x90 [ 432.238475][T10422] ? prepare_exit_to_usermode+0x1f7/0x580 [ 432.244303][T10422] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 432.249859][T10422] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 432.255679][T10422] ? do_syscall_64+0x1d/0x140 [ 432.260374][T10422] __x64_sys_write+0x7b/0x90 [ 432.264977][T10422] do_syscall_64+0xfe/0x140 [ 432.269585][T10422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 432.275573][T10422] RIP: 0033:0x459819 [ 432.279504][T10422] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 432.299125][T10422] RSP: 002b:00007f0122202c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 432.307581][T10422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 432.315659][T10422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 432.323672][T10422] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 432.331666][T10422] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01222036d4 [ 432.339663][T10422] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff [ 432.347953][T10422] memory: usage 5340kB, limit 0kB, failcnt 124 [ 432.354192][T10422] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 432.361088][T10422] Memory cgroup stats for /syz5: [ 432.361192][T10422] anon 4321280 [ 432.361192][T10422] file 0 [ 432.361192][T10422] kernel_stack 65536 [ 432.361192][T10422] slab 684032 [ 432.361192][T10422] sock 0 [ 432.361192][T10422] shmem 0 [ 432.361192][T10422] file_mapped 0 [ 432.361192][T10422] file_dirty 0 [ 432.361192][T10422] file_writeback 0 [ 432.361192][T10422] anon_thp 4194304 [ 432.361192][T10422] inactive_anon 0 [ 432.361192][T10422] active_anon 4321280 [ 432.361192][T10422] inactive_file 0 [ 432.361192][T10422] active_file 0 [ 432.361192][T10422] unevictable 0 [ 432.361192][T10422] slab_reclaimable 270336 [ 432.361192][T10422] slab_unreclaimable 413696 [ 432.361192][T10422] pgfault 4422 [ 432.361192][T10422] pgmajfault 0 [ 432.361192][T10422] workingset_refault 0 [ 432.361192][T10422] workingset_activate 0 [ 432.361192][T10422] workingset_nodereclaim 0 [ 432.361192][T10422] pgrefill 0 [ 432.361192][T10422] pgscan 0 [ 432.361192][T10422] pgsteal 0 [ 432.361192][T10422] pgactivate 0 [ 432.455268][T10422] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10414,uid=0 [ 432.470835][T10422] Memory cgroup out of memory: Killed process 10414 (syz-executor.5) total-vm:72704kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB 10:59:46 executing program 1: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) [ 432.526613][ T1061] oom_reaper: reaped process 10414 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 10:59:46 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0xc4000141041, 0x0) close(r0) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000180)={[], 0x0, 0x7fffffff, 0xc3d}) 10:59:46 executing program 1: syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) 10:59:46 executing program 0: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000003060d01ff0488fffdffff57ffccad000c000100060d00007d5500010c00020000ff002201f6f000"], 0x2c}}, 0x0) exit_group(0x0) [ 432.909637][T10437] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:59:46 executing program 4: shutdown(0xffffffffffffffff, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000040)) r0 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U-', 0x4}, 0x28, 0x2) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) semget$private(0x0, 0x0, 0x20) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x2}, 0xb) unshare(0x600) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='tasks\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) syz_genetlink_get_family_id$fou(0x0) getpgrp(0xffffffffffffffff) 10:59:46 executing program 1: syz_open_dev$evdev(&(0x7f0000001180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) 11:00:45 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000280)=0x2) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x11, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)=ANY=[@ANYBLOB]) sendmsg(r6, 0x0, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r5, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_int(r7, 0x0, 0x0) 11:00:45 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a000007000000000000000000000005001a0000000000000000000000000000000000ff02000000000000000000000000000100000400e391554d1a73964fc118207c654350f4eb0a1ebc8b6ea6365bd3"], 0x38}}, 0x0) [ 538.114097][ C0] rcu: INFO: rcu_sched self-detected stall on CPU [ 538.120805][ C0] rcu: 0-....: (1 GPs behind) idle=f22/1/0x4000000000000002 softirq=26632/26633 fqs=5250 [ 538.131037][ C0] (t=10502 jiffies g=37953 q=676) [ 538.136155][ C0] NMI backtrace for cpu 0 [ 538.140492][ C0] CPU: 0 PID: 10352 Comm: syz-executor.5 Not tainted 5.2.0+ #37 [ 538.148224][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.158292][ C0] Call Trace: [ 538.161587][ C0] [ 538.164470][ C0] dump_stack+0x1d8/0x2f8 [ 538.168811][ C0] nmi_cpu_backtrace+0xb0/0x1a0 [ 538.173677][ C0] ? nmi_trigger_cpumask_backtrace+0x145/0x240 [ 538.179932][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 538.186024][ C0] nmi_trigger_cpumask_backtrace+0x14c/0x240 [ 538.192195][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 538.198114][ C0] rcu_dump_cpu_stacks+0x15a/0x220 [ 538.203249][ C0] rcu_sched_clock_irq+0x7e3/0xfb0 [ 538.208383][ C0] ? trace_hardirqs_off+0x74/0x80 [ 538.213467][ C0] update_process_times+0x114/0x170 [ 538.218768][ C0] tick_sched_timer+0x257/0x410 [ 538.223619][ C0] ? tick_setup_sched_timer+0x2b0/0x2b0 [ 538.229262][ C0] __hrtimer_run_queues+0x471/0x8c0 [ 538.234497][ C0] ? hrtimer_interrupt+0xd80/0xd80 [ 538.239814][ C0] ? ktime_get_update_offsets_now+0x234/0x250 [ 538.246516][ C0] hrtimer_interrupt+0x36c/0xd80 [ 538.251503][ C0] smp_apic_timer_interrupt+0xc2/0x220 [ 538.256996][ C0] apic_timer_interrupt+0xf/0x20 [ 538.261942][ C0] [ 538.264898][ C0] RIP: 0010:lock_is_held_type+0x25c/0x2b0 [ 538.270725][ C0] Code: 80 87 ca 88 48 c1 e8 03 42 80 3c 30 00 74 0c 48 c7 c7 80 87 ca 88 e8 a3 27 55 00 48 83 3d 7b 92 6e 07 00 74 56 4c 89 e7 57 9d <0f> 1f 44 00 00 89 d8 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 [ 538.290344][ C0] RSP: 0018:ffff88808fc4e6d0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 538.298772][ C0] RAX: 1ffffffff11950f0 RBX: 0000000000000001 RCX: 0000000000000001 [ 538.306867][ C0] RDX: 00000000ffffffff RSI: ffffffff88cd6380 RDI: 0000000000000282 [ 538.314854][ C0] RBP: ffff88808fc4e720 R08: dffffc0000000000 R09: ffffed1015d46bd4 [ 538.322844][ C0] R10: ffffed1015d46bd4 R11: 0000000000000000 R12: 0000000000000282 [ 538.330930][ C0] R13: ffff88808d992c8c R14: dffffc0000000000 R15: 1ffff11011b32591 [ 538.338950][ C0] rcu_read_lock_held+0xa7/0x130 [ 538.343908][ C0] list_lru_count_one+0x171/0x2d0 [ 538.348951][ C0] super_cache_count+0x137/0x2a0 [ 538.353910][ C0] do_shrink_slab+0xd5/0x5e0 [ 538.358527][ C0] ? shrink_node+0x17a0/0x17a0 [ 538.363308][ C0] ? __up_read+0x5b0/0x5b0 [ 538.367747][ C0] ? radix_tree_lookup+0x19f/0x1d0 [ 538.372894][ C0] shrink_slab_memcg+0x280/0x520 [ 538.378228][ C0] ? trace_raw_output_mm_vmscan_node_reclaim_begin+0x1a0/0x1a0 [ 538.385811][ C0] ? trace_mm_vmscan_memcg_softlimit_reclaim_begin+0x250/0x250 [ 538.393376][ C0] ? rcu_read_lock_held+0xa7/0x130 [ 538.398598][ C0] shrink_slab+0xbc/0x330 [ 538.402944][ C0] ? rcu_lock_release+0x15/0x20 [ 538.407810][ C0] ? drop_slab_node+0x90/0x90 [ 538.412503][ C0] ? trace_lock_acquire+0x1b0/0x1b0 [ 538.417730][ C0] shrink_node+0x51d/0x17a0 [ 538.422257][ C0] ? snapshot_refaults+0x2c0/0x2c0 [ 538.427394][ C0] shrink_zones+0x2d8/0x940 [ 538.431928][ C0] ? allow_direct_reclaim+0x4c0/0x4c0 [ 538.437337][ C0] ? ktime_get+0xf0/0x120 [ 538.441699][ C0] ? vmpressure_prio+0x31/0x120 [ 538.446572][ C0] do_try_to_free_pages+0x21e/0x930 [ 538.451810][ C0] try_to_free_mem_cgroup_pages+0x3d1/0x6c0 [ 538.457820][ C0] ? trace_mm_vmscan_memcg_softlimit_reclaim_end+0x240/0x240 [ 538.465218][ C0] ? trace_hardirqs_on+0x74/0x80 [ 538.470172][ C0] ? cgroup_file_notify+0x184/0x1a0 [ 538.475402][ C0] try_charge+0x6aa/0x17b0 [ 538.479959][ C0] ? __memcg_kmem_charge_memcg+0x180/0x180 [ 538.485790][ C0] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 538.491529][ C0] ? trace_mm_page_alloc+0x187/0x1d0 [ 538.496845][ C0] __memcg_kmem_charge_memcg+0x78/0x180 [ 538.502408][ C0] ? memcg_kmem_put_cache+0x50/0x50 [ 538.508942][ C0] kmem_getpages+0x411/0x970 [ 538.513566][ C0] cache_grow_begin+0x7e/0x2c0 [ 538.518349][ C0] ? __cpuset_node_allowed+0x198/0x530 [ 538.523827][ C0] fallback_alloc+0x134/0x1c0 [ 538.528529][ C0] ____cache_alloc_node+0x22a/0x250 [ 538.533773][ C0] kmem_cache_alloc+0x157/0x2e0 [ 538.538727][ C0] ? ext4_alloc_inode+0x1f/0x560 [ 538.543708][ C0] ? set_qf_name+0x3c0/0x3c0 [ 538.548326][ C0] ext4_alloc_inode+0x1f/0x560 [ 538.553246][ C0] ? set_qf_name+0x3c0/0x3c0 [ 538.557967][ C0] iget_locked+0x182/0x8a0 [ 538.562491][ C0] __ext4_iget+0x2f0/0x47b0 [ 538.567037][ C0] ? ext4_tmpfile+0x490/0x490 [ 538.571727][ C0] ? ext4_get_projid+0x140/0x140 [ 538.576778][ C0] ? ext4_lookup+0x8ac/0xd30 [ 538.581475][ C0] ? ext4_lookup+0x8ac/0xd30 [ 538.586184][ C0] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 538.591931][ C0] ext4_lookup+0x61f/0xd30 [ 538.596374][ C0] ? ext4_orphan_del+0x780/0x780 [ 538.601419][ C0] ? d_alloc_parallel+0x1489/0x15a0 [ 538.606662][ C0] ? lockdep_init_map+0x2a/0x680 [ 538.611635][ C0] __lookup_slow+0x2d8/0x410 [ 538.616276][ C0] ? lookup_one_len+0x2a0/0x2a0 [ 538.621146][ C0] ? __down_read+0x192/0x3d0 [ 538.625771][ C0] path_mountpoint+0x29f/0x750 [ 538.630559][ C0] ? kmem_cache_alloc+0x1e9/0x2e0 [ 538.635617][ C0] ? getname_flags+0xba/0x640 [ 538.640316][ C0] ? rcu_lock_release+0x30/0x30 [ 538.645279][ C0] filename_mountpoint+0x221/0x670 [ 538.650432][ C0] ? cache_grow_end+0x4a/0x170 [ 538.655325][ C0] ? user_path_mountpoint_at+0x50/0x50 [ 538.660809][ C0] ? __phys_addr_symbol+0x2f/0x70 [ 538.665848][ C0] ? __check_object_size+0x313/0x400 [ 538.671170][ C0] ? getname_flags+0x214/0x640 [ 538.675957][ C0] user_path_mountpoint_at+0x39/0x50 [ 538.681263][ C0] ksys_umount+0x169/0x10a0 [ 538.685799][ C0] ? __kasan_check_read+0x11/0x20 [ 538.690843][ C0] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 538.696944][ C0] ? namespace_unlock+0x4f0/0x4f0 [ 538.702247][ C0] ? prepare_exit_to_usermode+0x1f7/0x580 [ 538.707985][ C0] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 538.713721][ C0] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 538.719192][ C0] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 538.724926][ C0] ? do_syscall_64+0x1d/0x140 [ 538.729625][ C0] __x64_sys_umount+0x5a/0x70 [ 538.734318][ C0] do_syscall_64+0xfe/0x140 [ 538.738840][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 538.745018][ C0] RIP: 0033:0x45c247 [ 538.749010][ C0] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 538.768637][ C0] RSP: 002b:00007fff150232c8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 538.777083][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c247 [ 538.785070][ C0] RDX: 0000000000403470 RSI: 0000000000000002 RDI: 00007fff15023370 [ 538.793073][ C0] RBP: 0000000000000007 R08: 0000000000000000 R09: 000000000000000e [ 538.801073][ C0] R10: 000000000000000a R11: 0000000000000206 R12: 00007fff15024400 [ 538.809067][ C0] R13: 00005555568d1940 R14: 0000000000000000 R15: 00007fff15024400